Certificates ui section and permissions
This commit is contained in:
Jamie Curnow
@ -1,33 +1,51 @@
|
||||
# <%- hostname %>
|
||||
# {{ domain_names | join: ", " }}
|
||||
server {
|
||||
listen 80;
|
||||
<%- typeof ssl !== 'undefined' && ssl ? 'listen 443 ssl;' : '' %>
|
||||
{%- if ssl_enabled == 1 or ssl_enabled == true -%}
|
||||
listen 443 ssl;
|
||||
{%- endif %}
|
||||
server_name {{ domain_names | join: " " }};
|
||||
access_log /data/logs/proxy_host-{{ id }}.log proxy;
|
||||
|
||||
server_name <%- hostname %>;
|
||||
set $server {{ forward_ip }};
|
||||
set $port {{ forward_port }};
|
||||
|
||||
access_log /config/logs/<%- hostname %>.log proxy;
|
||||
{% if caching_enabled == 1 or caching_enabled == true -%}
|
||||
# Asset Caching
|
||||
include conf.d/include/assets.conf;
|
||||
{%- endif %}
|
||||
{% if block_exploits == 1 or block_exploits == true -%}
|
||||
# Block Exploits
|
||||
include conf.d/include/block-exploits.conf;
|
||||
{%- endif -%}
|
||||
|
||||
set $server <%- forward_server %>;
|
||||
set $port <%- forward_port %>;
|
||||
|
||||
<%- typeof asset_caching !== 'undefined' && asset_caching ? 'include conf.d/include/assets.conf;' : '' %>
|
||||
<%- typeof block_exploits !== 'undefined' && block_exploits ? 'include conf.d/include/block-exploits.conf;' : '' %>
|
||||
|
||||
<% if (typeof ssl !== 'undefined' && ssl) { -%>
|
||||
{%- if ssl_enabled == 1 or ssl_enabled == true -%}
|
||||
{%- if ssl_provider == "letsencrypt" %}
|
||||
# Let's Encrypt SSL
|
||||
include conf.d/include/letsencrypt-acme-challenge.conf;
|
||||
include conf.d/include/ssl-ciphers.conf;
|
||||
ssl_certificate /etc/letsencrypt/live/<%- hostname %>/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/<%- hostname %>/privkey.pem;
|
||||
<% } -%>
|
||||
ssl_certificate /etc/letsencrypt/live/proxy_host-{{ id }}/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/proxy_host-{{ id }}/privkey.pem;
|
||||
{%- endif -%}
|
||||
{%- endif %}
|
||||
|
||||
<%- typeof advanced !== 'undefined' && advanced ? advanced : '' %>
|
||||
# TODO: Advanced config options
|
||||
|
||||
location / {
|
||||
<% if (typeof access_list_id !== 'undefined' && access_list_id) { -%>
|
||||
{%- if access_list_id > 0 -%}
|
||||
# Access List
|
||||
auth_basic "Authorization required";
|
||||
auth_basic_user_file /config/access/<%- access_list_id %>;
|
||||
<% } -%>
|
||||
<%- typeof force_ssl !== 'undefined' && force_ssl ? 'include conf.d/include/force-ssl.conf;' : '' %>
|
||||
auth_basic_user_file /config/access/{{ access_list_id }};
|
||||
{%- endif %}
|
||||
|
||||
{%- if ssl_enabled == 1 or ssl_enabled == true -%}
|
||||
{%- if ssl_forced == 1 or ssl_forced == true -%}
|
||||
# Force SSL
|
||||
include conf.d/include/force-ssl.conf;
|
||||
{%- endif -%}
|
||||
{%- endif %}
|
||||
|
||||
# Proxy!
|
||||
include conf.d/include/proxy.conf;
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user