forked from apostrophecms/mechanic
-
Notifications
You must be signed in to change notification settings - Fork 0
/
template.conf
120 lines (100 loc) · 4.26 KB
/
template.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
{# Let folks know this wasn't a manual configuration #}
# This configuration file was generated with mechanic.
{% macro server(site, settings, options) %}
include "{{ settings.overrides }}/{{ site.shortname }}/top";
server {
gzip on;
gzip_types text/css text/javascript image/svg+xml
application/vnd.ms-fontobject application/x-font-ttf
application/x-javascript application/javascript;
listen {{ settings.bind }}:{{ options.port }}{% if options.https %} ssl{% endif %}{% if site.default and not site.canonical %} default_server{% endif %};
server_name {{ site.host }}{% if site.aliases and (not site.canonical) %} {{ site.aliases | join(" ") }}{% endif %};
{% if options.https %}
ssl_protocols TLSv1.1 TLSv1.2;
ssl_certificate {{ settings.conf }}/../certs/{{ site.shortname }}.cer;
ssl_certificate_key {{ settings.conf }}/../certs/{{ site.shortname }}.key;
{% endif %}
client_max_body_size 32M;
access_log {{ settings.logs }}/{{ site.shortname }}.access.log;
error_log {{ settings.logs }}/{{ site.shortname }}.error.log;
{% if site.https and site['redirect-to-https'] and not options.https %}
location / {
rewrite ^(.*)$ https://{{ site.host }}$1;
}
{% else %}
include "{{ settings.overrides }}/{{ site.shortname }}/server";
{# We need a named location block in order to use try_files. #}
{% if site.backends.length %}
location @proxy-{{ site.shortname }}-{{ options.port }} {
{% if site['https-upstream'] %}
proxy_pass https://upstream-{{ site.shortname }};
proxy_ssl_session_reuse on;
proxy_ssl_protocols TLSv1.1 TLSv1.2;
{% else %}
proxy_pass http://upstream-{{ site.shortname }};
{% endif %}
{% if site['websocket'] %}
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
{% endif %}
proxy_next_upstream error timeout invalid_header http_500 http_502
http_503 http_504;
proxy_redirect off;
proxy_buffering off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
include "{{ settings.overrides }}/{{ site.shortname }}/proxy";
}
{% endif %}
location / {
{%- if site.static %}root {{ site.static }};{% endif %}
{% if site.autoindex %}
autoindex on;
{% if site.backends.length %}
try_files $uri $uri/ @proxy-{{ site.shortname }}-{{ options.port }};
{% endif %}
{% else %}
{% if site.backends.length %}
try_files $uri @proxy-{{ site.shortname }}-{{ options.port }};
{% endif %}
{% endif %}
expires 7d;
include "{{ settings.overrides }}/{{ site.shortname }}/location";
}
{% endif %}
}
{% if site.default or (site.canonical and site.aliases) %}
server {
listen {{ settings.bind }}:{{ options.port }}{% if site.default and site.canonical %} default_server{% endif %}{% if options.https %} ssl{% endif %};
server_name _{{ site.shortname }}_{{ options.port }}{% if site.aliases %} {{ site.aliases | join(' ') }}{% endif %};
# canonicalize
{% if options.https %}
ssl_protocols TLSv1.1 TLSv1.2;
ssl_certificate {{ settings.conf }}/../certs/{{ site.shortname }}.cer;
ssl_certificate_key {{ settings.conf }}/../certs/{{ site.shortname }}.key;
{% endif %}
location / {
rewrite ^(.*)$ {% if options.https or (site.https and site['redirect-to-https']) %}https:{% else %}http:{% endif %}//{{ site.host }}$1;
}
}
{% endif %}
{% endmacro %}
{% macro renderSite(site, settings) %}
{% if site.backends.length %}
upstream upstream-{{ site.shortname }} {
{% for backend in site.backends -%}
server {{ backend }};
{%- endfor %}
}
{% endif %}
{{ server(site, settings, { port: 80 }) }}
{% if (site.https) %}
{{ server(site, settings, { port: 443, https: true }) }}
{% endif %}
{% endmacro %}
{% for site in sites %}
{{ renderSite(site, settings) }}
{% endfor %}