Certificates ui section and permissions
This commit is contained in:
Jamie Curnow
@ -1,19 +1,23 @@
|
||||
# <%- hostname %>
|
||||
# {{ domain_names | join: ", " }}
|
||||
server {
|
||||
listen 80;
|
||||
<%- typeof ssl !== 'undefined' && ssl ? 'listen 443 ssl;' : '' %>
|
||||
{%- if ssl_enabled == 1 or ssl_enabled == true -%}
|
||||
listen 443 ssl;
|
||||
{%- endif %}
|
||||
server_name {{ domain_names | join: " " }};
|
||||
access_log /data/logs/proxy_host-{{ id }}.log proxy;
|
||||
|
||||
server_name <%- hostname %>;
|
||||
|
||||
access_log /config/logs/<%- hostname %>.log proxy;
|
||||
|
||||
<% if (typeof ssl !== 'undefined' && ssl) { -%>
|
||||
{%- if ssl_enabled == 1 or ssl_enabled == true -%}
|
||||
{%- if ssl_provider == "letsencrypt" %}
|
||||
# Let's Encrypt SSL
|
||||
include conf.d/include/letsencrypt-acme-challenge.conf;
|
||||
include conf.d/include/ssl-ciphers.conf;
|
||||
ssl_certificate /etc/letsencrypt/live/<%- hostname %>/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/<%- hostname %>/privkey.pem;
|
||||
<% } -%>
|
||||
ssl_certificate /etc/letsencrypt/live/proxy_host-{{ id }}/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/proxy_host-{{ id }}/privkey.pem;
|
||||
{%- endif -%}
|
||||
{%- endif %}
|
||||
|
||||
<%- typeof advanced !== 'undefined' && advanced ? advanced : '' %>
|
||||
# TODO: Advanced config options
|
||||
|
||||
return 404;
|
||||
}
|
||||
|
||||
@ -1,11 +1,10 @@
|
||||
# Letsencrypt Verification Temporary Host: <%- hostname %>
|
||||
# Letsencrypt Verification Temporary Host: {{ domain_names | join: ", " }}
|
||||
server {
|
||||
listen 80;
|
||||
server_name <%- hostname %>;
|
||||
|
||||
access_log /config/logs/letsencrypt.log proxy;
|
||||
server_name {{ domain_names | join: " " }};
|
||||
access_log /data/logs/letsencrypt.log proxy;
|
||||
|
||||
location / {
|
||||
root /config/letsencrypt-acme-challenge;
|
||||
root /data/letsencrypt-acme-challenge;
|
||||
}
|
||||
}
|
||||
|
||||
@ -1,33 +1,51 @@
|
||||
# <%- hostname %>
|
||||
# {{ domain_names | join: ", " }}
|
||||
server {
|
||||
listen 80;
|
||||
<%- typeof ssl !== 'undefined' && ssl ? 'listen 443 ssl;' : '' %>
|
||||
{%- if ssl_enabled == 1 or ssl_enabled == true -%}
|
||||
listen 443 ssl;
|
||||
{%- endif %}
|
||||
server_name {{ domain_names | join: " " }};
|
||||
access_log /data/logs/proxy_host-{{ id }}.log proxy;
|
||||
|
||||
server_name <%- hostname %>;
|
||||
set $server {{ forward_ip }};
|
||||
set $port {{ forward_port }};
|
||||
|
||||
access_log /config/logs/<%- hostname %>.log proxy;
|
||||
{% if caching_enabled == 1 or caching_enabled == true -%}
|
||||
# Asset Caching
|
||||
include conf.d/include/assets.conf;
|
||||
{%- endif %}
|
||||
{% if block_exploits == 1 or block_exploits == true -%}
|
||||
# Block Exploits
|
||||
include conf.d/include/block-exploits.conf;
|
||||
{%- endif -%}
|
||||
|
||||
set $server <%- forward_server %>;
|
||||
set $port <%- forward_port %>;
|
||||
|
||||
<%- typeof asset_caching !== 'undefined' && asset_caching ? 'include conf.d/include/assets.conf;' : '' %>
|
||||
<%- typeof block_exploits !== 'undefined' && block_exploits ? 'include conf.d/include/block-exploits.conf;' : '' %>
|
||||
|
||||
<% if (typeof ssl !== 'undefined' && ssl) { -%>
|
||||
{%- if ssl_enabled == 1 or ssl_enabled == true -%}
|
||||
{%- if ssl_provider == "letsencrypt" %}
|
||||
# Let's Encrypt SSL
|
||||
include conf.d/include/letsencrypt-acme-challenge.conf;
|
||||
include conf.d/include/ssl-ciphers.conf;
|
||||
ssl_certificate /etc/letsencrypt/live/<%- hostname %>/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/<%- hostname %>/privkey.pem;
|
||||
<% } -%>
|
||||
ssl_certificate /etc/letsencrypt/live/proxy_host-{{ id }}/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/proxy_host-{{ id }}/privkey.pem;
|
||||
{%- endif -%}
|
||||
{%- endif %}
|
||||
|
||||
<%- typeof advanced !== 'undefined' && advanced ? advanced : '' %>
|
||||
# TODO: Advanced config options
|
||||
|
||||
location / {
|
||||
<% if (typeof access_list_id !== 'undefined' && access_list_id) { -%>
|
||||
{%- if access_list_id > 0 -%}
|
||||
# Access List
|
||||
auth_basic "Authorization required";
|
||||
auth_basic_user_file /config/access/<%- access_list_id %>;
|
||||
<% } -%>
|
||||
<%- typeof force_ssl !== 'undefined' && force_ssl ? 'include conf.d/include/force-ssl.conf;' : '' %>
|
||||
auth_basic_user_file /config/access/{{ access_list_id }};
|
||||
{%- endif %}
|
||||
|
||||
{%- if ssl_enabled == 1 or ssl_enabled == true -%}
|
||||
{%- if ssl_forced == 1 or ssl_forced == true -%}
|
||||
# Force SSL
|
||||
include conf.d/include/force-ssl.conf;
|
||||
{%- endif -%}
|
||||
{%- endif %}
|
||||
|
||||
# Proxy!
|
||||
include conf.d/include/proxy.conf;
|
||||
}
|
||||
}
|
||||
|
||||
@ -1,22 +1,34 @@
|
||||
# <%- hostname %>
|
||||
# {{ domain_names | join: ", " }}
|
||||
server {
|
||||
listen 80;
|
||||
<%- typeof ssl !== 'undefined' && ssl ? 'listen 443 ssl;' : '' %>
|
||||
{%- if ssl_enabled == 1 or ssl_enabled == true -%}
|
||||
listen 443 ssl;
|
||||
{%- endif %}
|
||||
server_name {{ domain_names | join: " " }};
|
||||
access_log /data/logs/proxy_host-{{ id }}.log proxy;
|
||||
|
||||
server_name <%- hostname %>;
|
||||
{%- if caching_enabled == 1 or caching_enabled == true %}
|
||||
# Asset Caching
|
||||
include conf.d/include/assets.conf;
|
||||
{%- endif %}
|
||||
{%- if block_exploits == 1 or block_exploits == true %}
|
||||
# Block Exploits
|
||||
include conf.d/include/block-exploits.conf;
|
||||
{%- endif -%}
|
||||
|
||||
access_log /config/logs/<%- hostname %>.log proxy;
|
||||
|
||||
<%- typeof asset_caching !== 'undefined' && asset_caching ? 'include conf.d/include/assets.conf;' : '' %>
|
||||
<%- typeof block_exploits !== 'undefined' && block_exploits ? 'include conf.d/include/block-exploits.conf;' : '' %>
|
||||
|
||||
<% if (typeof ssl !== 'undefined' && ssl) { -%>
|
||||
{%- if ssl_enabled == 1 or ssl_enabled == true -%}
|
||||
{%- if ssl_provider == "letsencrypt" %}
|
||||
# Let's Encrypt SSL
|
||||
include conf.d/include/letsencrypt-acme-challenge.conf;
|
||||
include conf.d/include/ssl-ciphers.conf;
|
||||
ssl_certificate /etc/letsencrypt/live/<%- hostname %>/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/<%- hostname %>/privkey.pem;
|
||||
<% } -%>
|
||||
ssl_certificate /etc/letsencrypt/live/proxy_host-{{ id }}/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/proxy_host-{{ id }}/privkey.pem;
|
||||
{%- endif -%}
|
||||
{%- endif %}
|
||||
|
||||
<%- typeof advanced !== 'undefined' && advanced ? advanced : '' %>
|
||||
# TODO: Advanced config options
|
||||
|
||||
return 301 $scheme://<%- forward_host %>$request_uri;
|
||||
# TODO: Preserve Path Option
|
||||
|
||||
return 301 $scheme://{{ forward_domain_name }}$request_uri;
|
||||
}
|
||||
|
||||
@ -1,11 +1,14 @@
|
||||
# <%- incoming_port %> - <%- protocols.join(',').toUpperCase() %>
|
||||
<%
|
||||
protocols.forEach(function (protocol) {
|
||||
%>
|
||||
# {{ incoming_port }} TCP: {{ tcp_forwarding }} UDP: {{ udp_forwarding }}
|
||||
|
||||
{% if tcp_forwarding == 1 or tcp_forwarding == true -%}
|
||||
server {
|
||||
listen <%- incoming_port %> <%- protocol === 'tcp' ? '' : protocol %>;
|
||||
proxy_pass <%- forward_server %>:<%- forward_port %>;
|
||||
listen {{ incoming_port }};
|
||||
proxy_pass {{ forward_ip }}:{{ forwarding_port }};
|
||||
}
|
||||
<%
|
||||
});
|
||||
%>
|
||||
{% endif %}
|
||||
{% if udp_forwarding == 1 or udp_forwarding == true %}
|
||||
server {
|
||||
listen {{ incoming_port }} udp;
|
||||
proxy_pass {{ forward_ip }}:{{ forwarding_port }};
|
||||
}
|
||||
{% endif %}
|
||||
|
||||
Reference in New Issue
Block a user