blob: f4f2c184828c0b07dce39203b3208ec9808150ba (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
|
### Autogenerated by https.py ###
# Default server configuration
#
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
return 301 https://$server_name$request_uri;
}
{% for server in server_block_list %}
server {
# SSL configuration
#
{% if server.address == '*' %}
listen {{ server.port }} ssl;
listen [::]:{{ server.port }} ssl;
{% else %}
listen {{ server.address }}:{{ server.port }} ssl;
{% endif %}
{% for name in server.name %}
server_name {{ name }};
{% endfor %}
{% if server.certbot %}
ssl_certificate /etc/letsencrypt/live/{{ server.certbot_dir }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ server.certbot_dir }}/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
{% elif server.vyos_cert %}
include {{ server.vyos_cert.conf }};
{% else %}
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
include snippets/snakeoil.conf;
{% endif %}
# proxy settings for HTTP API, if enabled; 503, if not
location ~ /(retrieve|configure|config-file|image|generate|show) {
{% if server.api %}
proxy_pass http://localhost:{{ server.api.port }};
proxy_read_timeout 600;
proxy_buffering off;
{% else %}
return 503;
{% endif %}
}
error_page 501 502 503 =200 @50*_json;
{% if api_somewhere %}
location @50*_json {
default_type application/json;
return 200 '{"error": "service https api unavailable at this proxy address: set service https api-restrict virtual-host"}';
}
{% else %}
location @50*_json {
default_type application/json;
return 200 '{"error": "Start service in configuration mode: set service https api"}';
}
{% endif %}
}
{% endfor %}
|