74 lines
2.0 KiB
Django/Jinja
74 lines
2.0 KiB
Django/Jinja
{% for server in ingress_servers %}
|
|
server {
|
|
{% if loop.index == 1 %}
|
|
listen {{ ingress_listen_args }} default_server;
|
|
{% else %}
|
|
listen {{ ingress_listen_args }};
|
|
{% endif %}
|
|
server_name {{ server.name }};
|
|
|
|
{% if ingress_directives is defined %}
|
|
{% for directive in ingress_directives %}
|
|
{{ directive }};
|
|
{% endfor %}
|
|
{% endif %}
|
|
|
|
{% if ingress_listen_tls %}
|
|
# TLS configuration
|
|
ssl_certificate /etc/letsencrypt/live/{{ ingress_servers[0].name }}/fullchain.pem;
|
|
ssl_certificate_key /etc/letsencrypt/live/{{ ingress_servers[0].name }}/privkey.pem;
|
|
ssl_trusted_certificate /etc/letsencrypt/live/{{ ingress_servers[0].name }}/chain.pem;
|
|
ssl_dhparam /etc/letsencrypt/dhparams/dhparam.pem;
|
|
ssl_stapling on;
|
|
ssl_stapling_verify on;
|
|
ssl_protocols {{ ingress_tls_protocols }};
|
|
ssl_ciphers {{ ingress_tls_ciphers }};
|
|
ssl_prefer_server_ciphers {{ ingress_tls_prefer_server_ciphers }};
|
|
{% endif %}
|
|
|
|
{% if server.directives is defined %}
|
|
# Extra directives
|
|
{% for directive in server.directives %}
|
|
{{ directive }};
|
|
{% endfor %}
|
|
{% endif %}
|
|
|
|
{% if server.locations is defined %}
|
|
# Extra manually-defined locations
|
|
{% for location in server.locations %}
|
|
location {{ location.location }} {
|
|
{{ location.contents }}
|
|
}
|
|
{% endfor %}
|
|
{% endif %}
|
|
|
|
{% if server.proxy_pass is defined %}
|
|
# Singular proxy_pass
|
|
location / {
|
|
proxy_buffer_size 128k;
|
|
proxy_buffers 4 256k;
|
|
proxy_busy_buffers_size 256k;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_pass {{ server.proxy_pass }};
|
|
}
|
|
{% elif server.proxies is defined %}
|
|
# Proxy locations
|
|
{% for proxy in server.proxies %}
|
|
location {{ proxy.location }} {
|
|
proxy_buffer_size 128k;
|
|
proxy_buffers 4 256k;
|
|
proxy_busy_buffers_size 256k;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_pass {{ proxy.pass }};
|
|
}
|
|
{% endfor %}
|
|
{% endif %}
|
|
|
|
resolver {{ ingress_resolver }};
|
|
}
|
|
{% endfor %}
|