kunsi/bundlewrap
1
0
Fork 0
Code Issues 1 Pull requests 1 Releases Activity

bundles/nginx: rename 'proxy' metadata to 'locations', support more generic options, move extras files to metadata
All checks were successful
bundlewrap/pipeline/head This commit looks good
Details

Browse source
This commit is contained in:
Franzi 2021-07-04 19:27:12 +02:00
parent a3a228fc2d
commit b5ab21549d
Signed by: kunsi
GPG key ID: 12E3D2136B818350
25 changed files with 164 additions and 144 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
bundles/c3voc-addons/files/site_template
View file

@ -32,8 +32,8 @@ server {
alias /var/www/dehydrated;
}
% if proxy:
% for location, options in proxy.items():
% if locations:
% for location, options in locations.items():
location ${location} {
proxy_pass ${options['target']};
proxy_http_version ${options.get('http_version', '1.1')};

2
bundles/gitea/metadata.py
View file

@ -58,7 +58,7 @@ def nginx(metadata):
'nginx': {
'vhosts': {
metadata.get('gitea/domain'): {
'proxy': {
'locations': {
'/': {
'target': 'http://127.0.0.1:22000',
},

2
bundles/miniflux/metadata.py
View file

@ -47,7 +47,7 @@ def nginx(metadata):
'vhosts': {
'miniflux': {
'domain': metadata.get('miniflux/domain'),
'proxy': {
'locations': {
'/': {
'target': 'http://127.0.0.1:22040',
},

49
bundles/nginx/files/site_template
View file

@ -62,8 +62,6 @@ server {
% if max_body_size:
client_max_body_size ${max_body_size};
% elif proxy or php:
client_max_body_size 5M;
% endif
% if not do_not_set_content_security_headers:
@ -86,40 +84,61 @@ server {
}
% endif
% if proxy:
% for location, options in proxy.items():
% if locations:
% for location, options in sorted(locations.items()):
location ${location} {
% if 'target' in options:
proxy_pass ${options['target']};
proxy_http_version ${options.get('http_version', '1.1')};
proxy_set_header Host ${domain};
% if options.get('websockets', False):
% if options.get('websockets', False):
proxy_set_header Connection "upgrade";
proxy_set_header Upgrade $http_upgrade;
% endif
% endif
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
% if ssl:
% if ssl:
proxy_set_header X-Forwarded-Proto HTTPS;
% endif
% endif
proxy_set_header X-Forwarded-Host ${domain};
% for option, value in options.get('proxy_set_header', {}).items():
% for option, value in options.get('proxy_set_header', {}).items():
proxy_set_header ${option} ${value};
% endfor
% if location != '/':
% endfor
% if location != '/':
proxy_set_header X-Script-Name ${location};
% endif
% endif
proxy_buffering off;
client_max_body_size ${options.get('max_body_size', '5M')};
% elif 'redirect' in options:
return ${options.get('mode', 302)} ${options['redirect']};
% elif 'return' in options:
return ${options.get('mode', 200)} '${options['return']}';
% elif 'root' in options:
root ${options['root']};
% elif 'alias' in options:
alias ${options['alias']};
% endif
% if 'auth' in options:
auth_basic "${options['auth'].get('realm', vhost)}";
auth_basic_user_file ${options['auth']['file']};
% endif
% for opt in sorted(options.get('additional_config', set())):
${opt};
% endfor
}
% endfor
% endif
% endfor
% endif
% if php:
location ~ \.php$ {
include fastcgi.conf;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/run/php/php${php_version}-fpm.sock;
}
% endif
% if not max_body_size:
client_max_body_size 5M;
% endif
% endif
% if extras:
<%include file="extras/${node.name}/${vhost}" />
% endif

2
bundles/pleroma/metadata.py
View file

@ -45,7 +45,7 @@ def nginx(metadata):
'vhosts': {
'pleroma': {
'domain': metadata.get('pleroma/url'),
'proxy': {
'locations': {
'/': {
'target': 'http://127.0.0.1:21000',
'websockets': True,

3
data/nginx/files/extras/home.paperless/paperless
View file

@ -1,3 +0,0 @@
location /static/ {
alias /opt/paperless/static/;
}

1
data/nginx/files/extras/htz-cloud.pleroma/pleroma-www-redir
View file

@ -1 +0,0 @@
return 308 https://cybert-media.net$request_uri;

11
data/nginx/files/extras/htz.ex42-1048908/chat.franzi.business
View file

@ -1,11 +0,0 @@
location /.well-known/matrix/client {
return 200 '{"m.homeserver": {"base_url": "https://matrix.franzi.business"},"m.identity_server": {"base_url": "https://matrix.org"},"im.vector.riot.jitsi": {"preferredDomain": "meet.ffmuc.net"}}';
default_type application/json;
add_header Access-Control-Allow-Origin *;
}
location /.well-known/matrix/server {
return 200 '{"m.server": "matrix.franzi.business:443"}';
default_type application/json;
add_header Access-Control-Allow-Origin *;
}

3
data/nginx/files/extras/htz.ex42-1048908/daskritzelt-redirect
View file

@ -1,3 +0,0 @@
location / {
return 302 https://twitter.com/daskritzelt/status/1259167444373028864;
}

14
data/nginx/files/extras/htz.ex42-1048908/dav.kunsmann.eu
View file

@ -1,14 +0,0 @@
location / {
proxy_pass http://[::1]:22050;
proxy_set_header X-Script-Name /;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Remote-User $remote_user;
auth_basic "Radicale";
auth_basic_user_file /etc/radicale/htpasswd;
}
location /.web/ {
proxy_pass http://[::1]:22050;
proxy_set_header X-Script-Name /;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}

14
data/nginx/files/extras/htz.ex42-1048908/dimension.franzi.business
View file

@ -1,13 +1 @@
add_header Content-Security-Policy "frame-ancestors 'self' chat.franzi.business chat.sophies-kitchen.eu";
location /.well-known/matrix/client {
return 200 '{"m.homeserver": {"base_url": "https://matrix.franzi.business"},"m.identity_server": {"base_url": "https://matrix.org"},"im.vector.riot.jitsi": {"preferredDomain": "meet.ffmuc.net"}}';
default_type application/json;
add_header Access-Control-Allow-Origin *;
}
location /.well-known/matrix/server {
return 200 '{"m.server": "matrix.franzi.business:443"}';
default_type application/json;
add_header Access-Control-Allow-Origin *;
}
add_header Content-Security-Policy "frame-ancestors 'self' chat.franzi.business";

11
data/nginx/files/extras/htz.ex42-1048908/franzi.business
View file

@ -1,11 +0,0 @@
location /.well-known/matrix/client {
return 200 '{"m.homeserver": {"base_url": "https://matrix.franzi.business"},"m.identity_server": {"base_url": "https://matrix.org"},"im.vector.riot.jitsi": {"preferredDomain": "meet.ffmuc.net"}}';
default_type application/json;
add_header Access-Control-Allow-Origin *;
}
location /.well-known/matrix/server {
return 200 '{"m.server": "matrix.franzi.business:443"}';
default_type application/json;
add_header Access-Control-Allow-Origin *;
}

9
data/nginx/files/extras/htz.ex42-1048908/kunsmann.eu
View file

@ -1,9 +0,0 @@
location / {
return 301 https://franzi.business$request_uri;
}
location /.well-known/openpgpkey/ {
alias /var/www/kunsmann.eu/.well-known/openpgpkey/;
default_type application/octet-stream;
add_header Access-Control-Allow-Origin * always;
}

32
data/nginx/files/extras/htz.ex42-1048908/matrix.franzi.business
View file

@ -1,32 +0,0 @@
location /.well-known/matrix/client {
return 200 '{"m.homeserver": {"base_url": "https://matrix.franzi.business"},"m.identity_server": {"base_url": "https://matrix.org"},"im.vector.riot.jitsi": {"preferredDomain": "meet.ffmuc.net"}}';
default_type application/json;
add_header Access-Control-Allow-Origin *;
}
location /.well-known/matrix/server {
return 200 '{"m.server": "matrix.franzi.business:443"}';
default_type application/json;
add_header Access-Control-Allow-Origin *;
}
location /_matrix {
proxy_pass http://[::1]:20080;
proxy_set_header Host "franzi.business";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /_matrix/media {
proxy_pass http://localhost:20090;
client_max_body_size 500M;
proxy_read_timeout 600s;
proxy_set_header Host "franzi.business";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
}

7
data/nginx/files/extras/rx300/travelynx
View file

@ -1,7 +0,0 @@
location /static {
root /opt/travelynx/public;
}
location /service-worker.js {
root /opt/travelynx/public;
}

1
nodes.py
View file

@ -1,3 +1,4 @@
from json import dumps as json_dumps
from os.path import join
from pathlib import Path

2
nodes/gce/bind01.py
View file

@ -28,7 +28,7 @@ nodes['gce.bind01'] = {
'nginx': {
'vhosts': {
'ns-1.kunbox.net': {
'proxy': {
'locations': {
'/': {
'target': 'http://127.0.0.1:8000/',
},

2
nodes/home/paperless-sophie.py
View file

@ -51,7 +51,7 @@ nodes['home.paperless-sophie'] = {
'paperless': {
'domain': 'paperless-sophie.home.kunbox.net',
'ssl': '_.home.kunbox.net',
'proxy': {
'locations': {
'/': {
'target': 'http://127.0.0.1:22070',
'websockets': True,

6
nodes/home/paperless.py
View file

@ -40,7 +40,7 @@ nodes['home.paperless'] = {
'paperless': {
'domain': 'paperless.home.kunbox.net',
'ssl': '_.home.kunbox.net',
'proxy': {
'locations': {
'/': {
'target': 'http://127.0.0.1:22070',
'websockets': True,
@ -48,8 +48,10 @@ nodes['home.paperless'] = {
'X-Forwarded-Host': '$server_name',
},
},
'/static/': {
'alias': '/opt/paperless/static/',
},
},
'extras': True,
'max_body_size': '100M',
},
},

2
nodes/htz-cloud/influxdb.py
View file

@ -42,7 +42,7 @@ nodes['htz-cloud.influxdb'] = {
'vhosts': {
'influxdb': {
'domain': 'influxdb.kunsmann.eu',
'proxy': {
'locations': {
'/': {
'target': 'http://localhost:8086',
'websockets': True,

2
nodes/htz-cloud/miniserver.py
View file

@ -160,7 +160,7 @@ nodes['htz-cloud.miniserver'] = {
# 'extras': True,
# 'do_not_set_content_security_headers': True,
# 'max_body_size': '50M',
# 'proxy': {
# 'locations': {
# '/': {
# 'target': 'http://127.0.0.1:8184',
# },

6
nodes/htz-cloud/pleroma.py
View file

@ -44,7 +44,11 @@ nodes['htz-cloud.pleroma'] = {
},
'pleroma-www-redir': {
'domain': 'www.cybert-media.net',
'extras': True,
'locations': {
'/': {
'redirect': 'https://cybert-media.net$request_uri',
},
},
},
},
},

112
nodes/htz/ex42-1048908.py
View file

@ -261,18 +261,35 @@ nodes['htz.ex42-1048908'] = {
'vhosts': {
# TODO maybe some of this can be moved to a bundle?
'dav.kunsmann.eu': {
'extras': True,
'locations': {
'/': {
'target': 'http://[::1]:22050',
'auth': {
'file': '/etc/radicale/htpasswd',
},
'proxy_set_header': {
'X-Remote-User': '$remote_user',
},
},
'/.web/': {
'target': 'http://[::1]:22050',
}
},
},
'daskritzelt-redirect': {
'domain': 'die-brontosaurier-waren-es.org',
'ssl': False, # TODO enable ssl once domain transfer is done
'extras': True,
'ssl': None,
'locations': {
'/': {
'redirect': 'https://twitter.com/daskritzelt/status/1259167444373028864',
},
},
},
'dimension.franzi.business': {
'extras': True,
'do_not_set_content_security_headers': True,
'max_body_size': '50M',
'proxy': {
'locations': {
'/': {
'target': 'http://127.0.0.1:8184',
},
@ -280,10 +297,37 @@ nodes['htz.ex42-1048908'] = {
},
'franzi.business': {
'webroot': '/var/www/franzi.business/_site/',
'extras': True,
'locations': {
'/.well-known/matrix/client': {
'return': json_dumps({
'm.homeserver': {
'base_url': 'https://matrix.franzi.business',
},
'm.identity_server': {
'base_url': 'https://matrix.org',
},
'im.vector.riot.jitsi': {
'preferredDomain': 'meet.ffmuc.net',
},
}, sort_keys=True),
'additional_config': {
'default_type application/json',
'add_header Access-Control-Allow-Origin *',
},
},
'/.well-known/matrix/server': {
'return': json_dumps({
'm.server': 'https://matrix.franzi.business',
}, sort_keys=True),
'additional_config': {
'default_type application/json',
'add_header Access-Control-Allow-Origin *',
},
},
},
},
'jenkins.kunsmann.eu': {
'proxy': {
'locations': {
'/': {
'target': 'http://localhost:22010/',
},
@ -293,10 +337,58 @@ nodes['htz.ex42-1048908'] = {
},
'kunbox.net': {},
'kunsmann.eu': {
'extras': True,
'locations': {
'/': {
'redirect': 'https://franzi.business$request_uri',
},
'/.well-known/openpgpkey': {
'alias': '/var/www/kunsmann.eu/.well-known/openpgpkey/',
'additional_config': {
'default_type application/octet-stream',
'add_header Access-Control-Allow-Origin *',
},
},
},
},
'matrix.franzi.business': {
'extras': True,
'locations': {
'/_matrix': {
'target': 'http://[::1]:20080',
},
'/_matrix/media': {
'target': 'http://localhost:20090',
'client_max_body_size': '500M',
},
'/_synapse': {
'target': 'http://[::1]:20080',
},
'/.well-known/matrix/client': {
'return': json_dumps({
'm.homeserver': {
'base_url': 'https://matrix.franzi.business',
},
'm.identity_server': {
'base_url': 'https://matrix.org',
},
'im.vector.riot.jitsi': {
'preferredDomain': 'meet.ffmuc.net',
},
}, sort_keys=True),
'additional_config': {
'default_type application/json',
'add_header Access-Control-Allow-Origin *',
},
},
'/.well-known/matrix/server': {
'return': json_dumps({
'm.server': 'https://matrix.franzi.business',
}, sort_keys=True),
'additional_config': {
'default_type application/json',
'add_header Access-Control-Allow-Origin *',
},
},
},
},
'mta-sts': {
'domain': 'mta-sts.mx0.kunbox.net',
@ -322,14 +414,14 @@ nodes['htz.ex42-1048908'] = {
'website_check_string': 'login',
},
'rspamd.mx0.kunbox.net': {
'proxy': {
'locations': {
'/': {
'target': 'http://localhost:11334/',
},
},
},
# 'travelynx.franzi.business': {
# 'proxy': {
# 'locations': {
# '/': {
# 'target': 'http://127.0.0.1:22020',
# },

2
nodes/ovh/icinga2.py
View file

@ -79,7 +79,7 @@ nodes['ovh.icinga2'] = {
},
'icinga_statusmonitor': {
'domain': 'statusmonitor.icinga.kunsmann.eu',
'proxy': {
'locations': {
'/': {
'target': 'http://127.0.0.1:5000/',
}

9
nodes/rx300.py
View file

@ -66,12 +66,17 @@ nodes['rx300'] = {
'travelynx': {
'domain': 'travelynx.franzi.business',
'ssl': '_.franzi.business',
'proxy': {
'locations': {
'/': {
'target': 'http://127.0.0.1:22020',
},
'/static': {
'root': '/opt/travelynx/public',
},
'/service-worker.js': {
'root': '/opt/travelynx/public',
},
},
'extras': True,
},
},
},