bundles/nginx: rename 'proxy' metadata to 'locations', support more generic options, move extras files to metadata
bundlewrap/pipeline/head This commit looks good
Details
bundlewrap/pipeline/head This commit looks good
Details
This commit is contained in:
parent
a3a228fc2d
commit
b5ab21549d
GPG Key ID:
12E3D2136B818350
|
|
@ -32,8 +32,8 @@ server {
|
|||
alias /var/www/dehydrated;
|
||||
}
|
||||
|
||||
% if proxy:
|
||||
% for location, options in proxy.items():
|
||||
% if locations:
|
||||
% for location, options in locations.items():
|
||||
location ${location} {
|
||||
proxy_pass ${options['target']};
|
||||
proxy_http_version ${options.get('http_version', '1.1')};
|
||||
|
|
|
|||
|
|
@ -58,7 +58,7 @@ def nginx(metadata):
|
|||
'nginx': {
|
||||
'vhosts': {
|
||||
metadata.get('gitea/domain'): {
|
||||
'proxy': {
|
||||
'locations': {
|
||||
'/': {
|
||||
'target': 'http://127.0.0.1:22000',
|
||||
},
|
||||
|
|
|
|||
|
|
@ -47,7 +47,7 @@ def nginx(metadata):
|
|||
'vhosts': {
|
||||
'miniflux': {
|
||||
'domain': metadata.get('miniflux/domain'),
|
||||
'proxy': {
|
||||
'locations': {
|
||||
'/': {
|
||||
'target': 'http://127.0.0.1:22040',
|
||||
},
|
||||
|
|
|
|||
|
|
@ -62,8 +62,6 @@ server {
|
|||
|
||||
% if max_body_size:
|
||||
client_max_body_size ${max_body_size};
|
||||
% elif proxy or php:
|
||||
client_max_body_size 5M;
|
||||
% endif
|
||||
|
||||
% if not do_not_set_content_security_headers:
|
||||
|
|
@ -86,40 +84,61 @@ server {
|
|||
}
|
||||
% endif
|
||||
|
||||
% if proxy:
|
||||
% for location, options in proxy.items():
|
||||
% if locations:
|
||||
% for location, options in sorted(locations.items()):
|
||||
location ${location} {
|
||||
% if 'target' in options:
|
||||
proxy_pass ${options['target']};
|
||||
proxy_http_version ${options.get('http_version', '1.1')};
|
||||
proxy_set_header Host ${domain};
|
||||
% if options.get('websockets', False):
|
||||
% if options.get('websockets', False):
|
||||
proxy_set_header Connection "upgrade";
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
% endif
|
||||
% endif
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
% if ssl:
|
||||
% if ssl:
|
||||
proxy_set_header X-Forwarded-Proto HTTPS;
|
||||
% endif
|
||||
% endif
|
||||
proxy_set_header X-Forwarded-Host ${domain};
|
||||
% for option, value in options.get('proxy_set_header', {}).items():
|
||||
% for option, value in options.get('proxy_set_header', {}).items():
|
||||
proxy_set_header ${option} ${value};
|
||||
% endfor
|
||||
% if location != '/':
|
||||
% endfor
|
||||
% if location != '/':
|
||||
proxy_set_header X-Script-Name ${location};
|
||||
% endif
|
||||
% endif
|
||||
proxy_buffering off;
|
||||
client_max_body_size ${options.get('max_body_size', '5M')};
|
||||
% elif 'redirect' in options:
|
||||
return ${options.get('mode', 302)} ${options['redirect']};
|
||||
% elif 'return' in options:
|
||||
return ${options.get('mode', 200)} '${options['return']}';
|
||||
% elif 'root' in options:
|
||||
root ${options['root']};
|
||||
% elif 'alias' in options:
|
||||
alias ${options['alias']};
|
||||
% endif
|
||||
% if 'auth' in options:
|
||||
auth_basic "${options['auth'].get('realm', vhost)}";
|
||||
auth_basic_user_file ${options['auth']['file']};
|
||||
% endif
|
||||
% for opt in sorted(options.get('additional_config', set())):
|
||||
${opt};
|
||||
% endfor
|
||||
}
|
||||
% endfor
|
||||
% endif
|
||||
|
||||
% endfor
|
||||
% endif
|
||||
% if php:
|
||||
location ~ \.php$ {
|
||||
include fastcgi.conf;
|
||||
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||
fastcgi_pass unix:/run/php/php${php_version}-fpm.sock;
|
||||
}
|
||||
% endif
|
||||
% if not max_body_size:
|
||||
client_max_body_size 5M;
|
||||
% endif
|
||||
|
||||
% endif
|
||||
% if extras:
|
||||
<%include file="extras/${node.name}/${vhost}" />
|
||||
% endif
|
||||
|
|
|
|||
|
|
@ -45,7 +45,7 @@ def nginx(metadata):
|
|||
'vhosts': {
|
||||
'pleroma': {
|
||||
'domain': metadata.get('pleroma/url'),
|
||||
'proxy': {
|
||||
'locations': {
|
||||
'/': {
|
||||
'target': 'http://127.0.0.1:21000',
|
||||
'websockets': True,
|
||||
|
|
|
|||
|
|
@ -1,3 +0,0 @@
|
|||
location /static/ {
|
||||
alias /opt/paperless/static/;
|
||||
}
|
||||
|
|
@ -1 +0,0 @@
|
|||
return 308 https://cybert-media.net$request_uri;
|
||||
|
|
@ -1,11 +0,0 @@
|
|||
location /.well-known/matrix/client {
|
||||
return 200 '{"m.homeserver": {"base_url": "https://matrix.franzi.business"},"m.identity_server": {"base_url": "https://matrix.org"},"im.vector.riot.jitsi": {"preferredDomain": "meet.ffmuc.net"}}';
|
||||
default_type application/json;
|
||||
add_header Access-Control-Allow-Origin *;
|
||||
}
|
||||
|
||||
location /.well-known/matrix/server {
|
||||
return 200 '{"m.server": "matrix.franzi.business:443"}';
|
||||
default_type application/json;
|
||||
add_header Access-Control-Allow-Origin *;
|
||||
}
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
location / {
|
||||
return 302 https://twitter.com/daskritzelt/status/1259167444373028864;
|
||||
}
|
||||
|
|
@ -1,14 +0,0 @@
|
|||
location / {
|
||||
proxy_pass http://[::1]:22050;
|
||||
proxy_set_header X-Script-Name /;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Remote-User $remote_user;
|
||||
auth_basic "Radicale";
|
||||
auth_basic_user_file /etc/radicale/htpasswd;
|
||||
}
|
||||
|
||||
location /.web/ {
|
||||
proxy_pass http://[::1]:22050;
|
||||
proxy_set_header X-Script-Name /;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
}
|
||||
|
|
@ -1,13 +1 @@
|
|||
add_header Content-Security-Policy "frame-ancestors 'self' chat.franzi.business chat.sophies-kitchen.eu";
|
||||
|
||||
location /.well-known/matrix/client {
|
||||
return 200 '{"m.homeserver": {"base_url": "https://matrix.franzi.business"},"m.identity_server": {"base_url": "https://matrix.org"},"im.vector.riot.jitsi": {"preferredDomain": "meet.ffmuc.net"}}';
|
||||
default_type application/json;
|
||||
add_header Access-Control-Allow-Origin *;
|
||||
}
|
||||
|
||||
location /.well-known/matrix/server {
|
||||
return 200 '{"m.server": "matrix.franzi.business:443"}';
|
||||
default_type application/json;
|
||||
add_header Access-Control-Allow-Origin *;
|
||||
}
|
||||
add_header Content-Security-Policy "frame-ancestors 'self' chat.franzi.business";
|
||||
|
|
|
|||
|
|
@ -1,11 +0,0 @@
|
|||
location /.well-known/matrix/client {
|
||||
return 200 '{"m.homeserver": {"base_url": "https://matrix.franzi.business"},"m.identity_server": {"base_url": "https://matrix.org"},"im.vector.riot.jitsi": {"preferredDomain": "meet.ffmuc.net"}}';
|
||||
default_type application/json;
|
||||
add_header Access-Control-Allow-Origin *;
|
||||
}
|
||||
|
||||
location /.well-known/matrix/server {
|
||||
return 200 '{"m.server": "matrix.franzi.business:443"}';
|
||||
default_type application/json;
|
||||
add_header Access-Control-Allow-Origin *;
|
||||
}
|
||||
|
|
@ -1,9 +0,0 @@
|
|||
location / {
|
||||
return 301 https://franzi.business$request_uri;
|
||||
}
|
||||
|
||||
location /.well-known/openpgpkey/ {
|
||||
alias /var/www/kunsmann.eu/.well-known/openpgpkey/;
|
||||
default_type application/octet-stream;
|
||||
add_header Access-Control-Allow-Origin * always;
|
||||
}
|
||||
|
|
@ -1,32 +0,0 @@
|
|||
location /.well-known/matrix/client {
|
||||
return 200 '{"m.homeserver": {"base_url": "https://matrix.franzi.business"},"m.identity_server": {"base_url": "https://matrix.org"},"im.vector.riot.jitsi": {"preferredDomain": "meet.ffmuc.net"}}';
|
||||
default_type application/json;
|
||||
add_header Access-Control-Allow-Origin *;
|
||||
}
|
||||
|
||||
location /.well-known/matrix/server {
|
||||
return 200 '{"m.server": "matrix.franzi.business:443"}';
|
||||
default_type application/json;
|
||||
add_header Access-Control-Allow-Origin *;
|
||||
}
|
||||
|
||||
location /_matrix {
|
||||
proxy_pass http://[::1]:20080;
|
||||
|
||||
proxy_set_header Host "franzi.business";
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
}
|
||||
|
||||
location /_matrix/media {
|
||||
proxy_pass http://localhost:20090;
|
||||
|
||||
client_max_body_size 500M;
|
||||
|
||||
proxy_read_timeout 600s;
|
||||
proxy_set_header Host "franzi.business";
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
}
|
||||
|
|
@ -1,7 +0,0 @@
|
|||
location /static {
|
||||
root /opt/travelynx/public;
|
||||
}
|
||||
|
||||
location /service-worker.js {
|
||||
root /opt/travelynx/public;
|
||||
}
|
||||
1
nodes.py
1
nodes.py
|
|
@ -1,3 +1,4 @@
|
|||
from json import dumps as json_dumps
|
||||
from os.path import join
|
||||
from pathlib import Path
|
||||
|
||||
|
|
|
|||
|
|
@ -28,7 +28,7 @@ nodes['gce.bind01'] = {
|
|||
'nginx': {
|
||||
'vhosts': {
|
||||
'ns-1.kunbox.net': {
|
||||
'proxy': {
|
||||
'locations': {
|
||||
'/': {
|
||||
'target': 'http://127.0.0.1:8000/',
|
||||
},
|
||||
|
|
|
|||
|
|
@ -51,7 +51,7 @@ nodes['home.paperless-sophie'] = {
|
|||
'paperless': {
|
||||
'domain': 'paperless-sophie.home.kunbox.net',
|
||||
'ssl': '_.home.kunbox.net',
|
||||
'proxy': {
|
||||
'locations': {
|
||||
'/': {
|
||||
'target': 'http://127.0.0.1:22070',
|
||||
'websockets': True,
|
||||
|
|
|
|||
|
|
@ -40,7 +40,7 @@ nodes['home.paperless'] = {
|
|||
'paperless': {
|
||||
'domain': 'paperless.home.kunbox.net',
|
||||
'ssl': '_.home.kunbox.net',
|
||||
'proxy': {
|
||||
'locations': {
|
||||
'/': {
|
||||
'target': 'http://127.0.0.1:22070',
|
||||
'websockets': True,
|
||||
|
|
@ -48,8 +48,10 @@ nodes['home.paperless'] = {
|
|||
'X-Forwarded-Host': '$server_name',
|
||||
},
|
||||
},
|
||||
'/static/': {
|
||||
'alias': '/opt/paperless/static/',
|
||||
},
|
||||
},
|
||||
'extras': True,
|
||||
'max_body_size': '100M',
|
||||
},
|
||||
},
|
||||
|
|
|
|||
|
|
@ -42,7 +42,7 @@ nodes['htz-cloud.influxdb'] = {
|
|||
'vhosts': {
|
||||
'influxdb': {
|
||||
'domain': 'influxdb.kunsmann.eu',
|
||||
'proxy': {
|
||||
'locations': {
|
||||
'/': {
|
||||
'target': 'http://localhost:8086',
|
||||
'websockets': True,
|
||||
|
|
|
|||
|
|
@ -160,7 +160,7 @@ nodes['htz-cloud.miniserver'] = {
|
|||
# 'extras': True,
|
||||
# 'do_not_set_content_security_headers': True,
|
||||
# 'max_body_size': '50M',
|
||||
# 'proxy': {
|
||||
# 'locations': {
|
||||
# '/': {
|
||||
# 'target': 'http://127.0.0.1:8184',
|
||||
# },
|
||||
|
|
|
|||
|
|
@ -44,7 +44,11 @@ nodes['htz-cloud.pleroma'] = {
|
|||
},
|
||||
'pleroma-www-redir': {
|
||||
'domain': 'www.cybert-media.net',
|
||||
'extras': True,
|
||||
'locations': {
|
||||
'/': {
|
||||
'redirect': 'https://cybert-media.net$request_uri',
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
|
|
|
|||
|
|
@ -261,18 +261,35 @@ nodes['htz.ex42-1048908'] = {
|
|||
'vhosts': {
|
||||
# TODO maybe some of this can be moved to a bundle?
|
||||
'dav.kunsmann.eu': {
|
||||
'extras': True,
|
||||
'locations': {
|
||||
'/': {
|
||||
'target': 'http://[::1]:22050',
|
||||
'auth': {
|
||||
'file': '/etc/radicale/htpasswd',
|
||||
},
|
||||
'proxy_set_header': {
|
||||
'X-Remote-User': '$remote_user',
|
||||
},
|
||||
},
|
||||
'/.web/': {
|
||||
'target': 'http://[::1]:22050',
|
||||
}
|
||||
},
|
||||
},
|
||||
'daskritzelt-redirect': {
|
||||
'domain': 'die-brontosaurier-waren-es.org',
|
||||
'ssl': False, # TODO enable ssl once domain transfer is done
|
||||
'extras': True,
|
||||
'ssl': None,
|
||||
'locations': {
|
||||
'/': {
|
||||
'redirect': 'https://twitter.com/daskritzelt/status/1259167444373028864',
|
||||
},
|
||||
},
|
||||
},
|
||||
'dimension.franzi.business': {
|
||||
'extras': True,
|
||||
'do_not_set_content_security_headers': True,
|
||||
'max_body_size': '50M',
|
||||
'proxy': {
|
||||
'locations': {
|
||||
'/': {
|
||||
'target': 'http://127.0.0.1:8184',
|
||||
},
|
||||
|
|
@ -280,10 +297,37 @@ nodes['htz.ex42-1048908'] = {
|
|||
},
|
||||
'franzi.business': {
|
||||
'webroot': '/var/www/franzi.business/_site/',
|
||||
'extras': True,
|
||||
'locations': {
|
||||
'/.well-known/matrix/client': {
|
||||
'return': json_dumps({
|
||||
'm.homeserver': {
|
||||
'base_url': 'https://matrix.franzi.business',
|
||||
},
|
||||
'm.identity_server': {
|
||||
'base_url': 'https://matrix.org',
|
||||
},
|
||||
'im.vector.riot.jitsi': {
|
||||
'preferredDomain': 'meet.ffmuc.net',
|
||||
},
|
||||
}, sort_keys=True),
|
||||
'additional_config': {
|
||||
'default_type application/json',
|
||||
'add_header Access-Control-Allow-Origin *',
|
||||
},
|
||||
},
|
||||
'/.well-known/matrix/server': {
|
||||
'return': json_dumps({
|
||||
'm.server': 'https://matrix.franzi.business',
|
||||
}, sort_keys=True),
|
||||
'additional_config': {
|
||||
'default_type application/json',
|
||||
'add_header Access-Control-Allow-Origin *',
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
'jenkins.kunsmann.eu': {
|
||||
'proxy': {
|
||||
'locations': {
|
||||
'/': {
|
||||
'target': 'http://localhost:22010/',
|
||||
},
|
||||
|
|
@ -293,10 +337,58 @@ nodes['htz.ex42-1048908'] = {
|
|||
},
|
||||
'kunbox.net': {},
|
||||
'kunsmann.eu': {
|
||||
'extras': True,
|
||||
'locations': {
|
||||
'/': {
|
||||
'redirect': 'https://franzi.business$request_uri',
|
||||
},
|
||||
'/.well-known/openpgpkey': {
|
||||
'alias': '/var/www/kunsmann.eu/.well-known/openpgpkey/',
|
||||
'additional_config': {
|
||||
'default_type application/octet-stream',
|
||||
'add_header Access-Control-Allow-Origin *',
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
'matrix.franzi.business': {
|
||||
'extras': True,
|
||||
'locations': {
|
||||
'/_matrix': {
|
||||
'target': 'http://[::1]:20080',
|
||||
},
|
||||
'/_matrix/media': {
|
||||
'target': 'http://localhost:20090',
|
||||
'client_max_body_size': '500M',
|
||||
},
|
||||
'/_synapse': {
|
||||
'target': 'http://[::1]:20080',
|
||||
},
|
||||
'/.well-known/matrix/client': {
|
||||
'return': json_dumps({
|
||||
'm.homeserver': {
|
||||
'base_url': 'https://matrix.franzi.business',
|
||||
},
|
||||
'm.identity_server': {
|
||||
'base_url': 'https://matrix.org',
|
||||
},
|
||||
'im.vector.riot.jitsi': {
|
||||
'preferredDomain': 'meet.ffmuc.net',
|
||||
},
|
||||
}, sort_keys=True),
|
||||
'additional_config': {
|
||||
'default_type application/json',
|
||||
'add_header Access-Control-Allow-Origin *',
|
||||
},
|
||||
},
|
||||
'/.well-known/matrix/server': {
|
||||
'return': json_dumps({
|
||||
'm.server': 'https://matrix.franzi.business',
|
||||
}, sort_keys=True),
|
||||
'additional_config': {
|
||||
'default_type application/json',
|
||||
'add_header Access-Control-Allow-Origin *',
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
'mta-sts': {
|
||||
'domain': 'mta-sts.mx0.kunbox.net',
|
||||
|
|
@ -322,14 +414,14 @@ nodes['htz.ex42-1048908'] = {
|
|||
'website_check_string': 'login',
|
||||
},
|
||||
'rspamd.mx0.kunbox.net': {
|
||||
'proxy': {
|
||||
'locations': {
|
||||
'/': {
|
||||
'target': 'http://localhost:11334/',
|
||||
},
|
||||
},
|
||||
},
|
||||
# 'travelynx.franzi.business': {
|
||||
# 'proxy': {
|
||||
# 'locations': {
|
||||
# '/': {
|
||||
# 'target': 'http://127.0.0.1:22020',
|
||||
# },
|
||||
|
|
|
|||
|
|
@ -79,7 +79,7 @@ nodes['ovh.icinga2'] = {
|
|||
},
|
||||
'icinga_statusmonitor': {
|
||||
'domain': 'statusmonitor.icinga.kunsmann.eu',
|
||||
'proxy': {
|
||||
'locations': {
|
||||
'/': {
|
||||
'target': 'http://127.0.0.1:5000/',
|
||||
}
|
||||
|
|
|
|||
|
|
@ -66,12 +66,17 @@ nodes['rx300'] = {
|
|||
'travelynx': {
|
||||
'domain': 'travelynx.franzi.business',
|
||||
'ssl': '_.franzi.business',
|
||||
'proxy': {
|
||||
'locations': {
|
||||
'/': {
|
||||
'target': 'http://127.0.0.1:22020',
|
||||
},
|
||||
'/static': {
|
||||
'root': '/opt/travelynx/public',
|
||||
},
|
||||
'/service-worker.js': {
|
||||
'root': '/opt/travelynx/public',
|
||||
},
|
||||
},
|
||||
'extras': True,
|
||||
},
|
||||
},
|
||||
},
|
||||
|
|
|
|||
Loading…
Reference in New Issue