thib8956/nginx-proxy
1
0
Fork 0
mirror of https://github.com/thib8956/nginx-proxy synced 2025-02-24 01:38:15 +00:00
Code Issues Releases Wiki Activity

chore: Combine identical HTTP and HTTPS servers

Browse Source
This commit is contained in:
Richard Hansen 2022-04-19 15:37:53 -04:00
parent 491642b1e9
commit 744bd82c54
1 changed files with 16 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

72
nginx.tmpl
View File

@ -239,25 +239,19 @@ server {
{{ end }} {{ end }}
{{ $access_log }} {{ $access_log }}
return 503; return 503;
}
{{ if (and (exists "/etc/nginx/certs/default.crt") (exists "/etc/nginx/certs/default.key")) }} {{ if (and (exists "/etc/nginx/certs/default.crt") (exists "/etc/nginx/certs/default.key")) }}
server {
server_name _; # This is just an invalid value which will never trigger on a real hostname.
server_tokens off;
listen {{ $external_https_port }} ssl http2; listen {{ $external_https_port }} ssl http2;
{{ if $enable_ipv6 }} {{ if $enable_ipv6 }}
listen [::]:{{ $external_https_port }} ssl http2; listen [::]:{{ $external_https_port }} ssl http2;
{{ end }} {{ end }}
{{ $access_log }}
return 503;
ssl_session_cache shared:SSL:50m; ssl_session_cache shared:SSL:50m;
ssl_session_tickets off; ssl_session_tickets off;
ssl_certificate /etc/nginx/certs/default.crt; ssl_certificate /etc/nginx/certs/default.crt;
ssl_certificate_key /etc/nginx/certs/default.key; ssl_certificate_key /etc/nginx/certs/default.key;
}
{{ end }} {{ end }}
}
{{ range $host, $containers := groupByMulti $ "Env.VIRTUAL_HOST" "," }} {{ range $host, $containers := groupByMulti $ "Env.VIRTUAL_HOST" "," }}
@ -317,9 +311,7 @@ server {
{{ $is_https := (and (ne $https_method "nohttps") (ne $cert "") (exists (printf "/etc/nginx/certs/%s.crt" $cert)) (exists (printf "/etc/nginx/certs/%s.key" $cert))) }} {{ $is_https := (and (ne $https_method "nohttps") (ne $cert "") (exists (printf "/etc/nginx/certs/%s.crt" $cert)) (exists (printf "/etc/nginx/certs/%s.key" $cert))) }}
{{ if $is_https }} {{ if and $is_https (eq $https_method "redirect") }}
{{ if eq $https_method "redirect" }}
server { server {
server_name {{ $host }}; server_name {{ $host }};
{{ if $server_tokens }} {{ if $server_tokens }}
@ -356,11 +348,18 @@ server {
{{ if $server_tokens }} {{ if $server_tokens }}
server_tokens {{ $server_tokens }}; server_tokens {{ $server_tokens }};
{{ end }} {{ end }}
{{ $access_log }}
{{- if or (not $is_https) (eq $https_method "noredirect") }}
listen {{ $external_http_port }} {{ $default_server }};
{{ if $enable_ipv6 }}
listen [::]:{{ $external_http_port }} {{ $default_server }};
{{ end }}
{{- end }}
{{- if $is_https }}
listen {{ $external_https_port }} ssl http2 {{ $default_server }}; listen {{ $external_https_port }} ssl http2 {{ $default_server }};
{{ if $enable_ipv6 }} {{ if $enable_ipv6 }}
listen [::]:{{ $external_https_port }} ssl http2 {{ $default_server }}; listen [::]:{{ $external_https_port }} ssl http2 {{ $default_server }};
{{ end }} {{ end }}
{{ $access_log }}
{{ template "ssl_policy" (dict "ssl_policy" $ssl_policy) }} {{ template "ssl_policy" (dict "ssl_policy" $ssl_policy) }}
@ -382,51 +381,13 @@ server {
{{ end }} {{ end }}
{{ if (not (or (eq $https_method "noredirect") (eq $hsts "off"))) }} {{ if (not (or (eq $https_method "noredirect") (eq $hsts "off"))) }}
add_header Strict-Transport-Security "{{ trim $hsts }}" always; set $sts_header "";
if ($https) {
set $sts_header "{{ trim $hsts }}";
}
add_header Strict-Transport-Security $sts_header always;
{{ end }} {{ end }}
{{- end }}
{{ if (exists (printf "/etc/nginx/vhost.d/%s" $host)) }}
include {{ printf "/etc/nginx/vhost.d/%s" $host }};
{{ else if (exists "/etc/nginx/vhost.d/default") }}
include /etc/nginx/vhost.d/default;
{{ end }}
{{ range $path, $containers := $paths }}
{{/* Get the VIRTUAL_PROTO defined by containers w/ the same vhost-vpath, falling back to "http" */}}
{{ $proto := trim (or (first (groupByKeys $containers "Env.VIRTUAL_PROTO")) "http") }}
{{/* Get the NETWORK_ACCESS defined by containers w/ the same vhost, falling back to "external" */}}
{{ $network_tag := or (first (groupByKeys $containers "Env.NETWORK_ACCESS")) "external" }}
{{ $upstream := $upstream_name }}
{{ $dest := "" }}
{{ if gt $nPaths 0 }}
{{ $sum := sha1 $path }}
{{ $upstream = printf "%s-%s" $upstream $sum }}
{{ $dest = (or (first (groupByKeys $containers "Env.VIRTUAL_DEST")) "") }}
{{ end }}
{{ template "location" (dict "Path" $path "Proto" $proto "Upstream" $upstream "Host" $host "VhostRoot" $vhost_root "Dest" $dest "NetworkTag" $network_tag) }}
{{ end }}
{{ if (not (contains $paths "/")) }}
location / {
return {{ $default_root_response }};
}
{{ end }}
}
{{ end }}
{{ if or (not $is_https) (eq $https_method "noredirect") }}
server {
server_name {{ $host }};
{{ if $server_tokens }}
server_tokens {{ $server_tokens }};
{{ end }}
listen {{ $external_http_port }} {{ $default_server }};
{{ if $enable_ipv6 }}
listen [::]:{{ $external_http_port }} {{ $default_server }};
{{ end }}
{{ $access_log }}
{{ if (exists (printf "/etc/nginx/vhost.d/%s" $host)) }} {{ if (exists (printf "/etc/nginx/vhost.d/%s" $host)) }}
include {{ printf "/etc/nginx/vhost.d/%s" $host }}; include {{ printf "/etc/nginx/vhost.d/%s" $host }};
@ -475,4 +436,3 @@ server {
{{ end }} {{ end }}
{{ end }} {{ end }}
{{ end }}