bastion/nginx-proxy-manager
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Nginx templates

Browse Source
This commit is contained in:
Jamie Curnow
2018-08-17 09:25:59 +10:00
parent 05d974267b
commit 724e89d308
15 changed files with 129 additions and 275 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/backend/templates/_assets.conf Normal file
View File

@ -0,0 +1,4 @@
{% if caching_enabled == 1 or caching_enabled == true -%}
# Asset Caching
include conf.d/include/assets.conf;
{%- endif %}

12
src/backend/templates/_certificates.conf Normal file
View File

@ -0,0 +1,12 @@
{%- if certificate and certificate_id > 0 -%}
{%- if certificate.provider == "letsencrypt" %}
# Let's Encrypt SSL
include conf.d/include/letsencrypt-acme-challenge.conf;
include conf.d/include/ssl-ciphers.conf;
ssl_certificate /etc/letsencrypt/live/npm-{{ certificate.id }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/npm-{{ certificate.id }}/privkey.pem;
{%- endif -%}
# TODO: Custom SSL paths
{%- endif %}

4
src/backend/templates/_exploits.conf Normal file
View File

@ -0,0 +1,4 @@
{% if block_exploits == 1 or block_exploits == true -%}
# Block Exploits
include conf.d/include/block-exploits.conf;
{%- endif -%}

6
src/backend/templates/_forced_ssl.conf Normal file
View File

@ -0,0 +1,6 @@
{%- if certificate and certificate_id > 0 -%}
{%- if ssl_forced == 1 or ssl_forced == true -%}
# Force SSL
include conf.d/include/force-ssl.conf;
{%- endif -%}
{%- endif %}

3
src/backend/templates/_header_comment.conf Normal file
View File

@ -0,0 +1,3 @@
# ------------------------------------------------------------
# {{ domain_names | join: ", " }}
# ------------------------------------------------------------

5
src/backend/templates/_listen.conf Normal file
View File

@ -0,0 +1,5 @@
listen 80;
{%- if certificate -%}
listen 443 ssl;
{%- endif %}
server_name {{ domain_names | join: " " }};

23
src/backend/templates/dead_host.conf
View File

@ -1,21 +1,10 @@
# {{ domain_names | join: ", " }}
server {
listen 80;
{%- if ssl_enabled == 1 or ssl_enabled == true -%}
listen 443 ssl;
{%- endif %}
server_name {{ domain_names | join: " " }};
access_log /data/logs/proxy_host-{{ id }}.log proxy;
{% include "_header_comment.conf" %}
{%- if ssl_enabled == 1 or ssl_enabled == true -%}
{%- if ssl_provider == "letsencrypt" %}
# Let's Encrypt SSL
include conf.d/include/letsencrypt-acme-challenge.conf;
include conf.d/include/ssl-ciphers.conf;
ssl_certificate /etc/letsencrypt/live/proxy_host-{{ id }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/proxy_host-{{ id }}/privkey.pem;
{%- endif -%}
{%- endif %}
server {
{% include "_listen.conf" %}
{% include "_certificates.conf" %}
access_log /data/logs/dead_host-{{ id }}.log proxy;
# TODO: Advanced config options

10
src/backend/templates/letsencrypt.conf
View File

@ -1,10 +0,0 @@
# Letsencrypt Verification Temporary Host: {{ domain_names | join: ", " }}
server {
listen 80;
server_name {{ domain_names | join: " " }};
access_log /data/logs/letsencrypt.log proxy;
location / {
root /data/letsencrypt-acme-challenge;
}
}

39
src/backend/templates/proxy_host.conf
View File

@ -1,33 +1,15 @@
# {{ domain_names | join: ", " }}
server {
listen 80;
{%- if ssl_enabled == 1 or ssl_enabled == true -%}
listen 443 ssl;
{%- endif %}
server_name {{ domain_names | join: " " }};
access_log /data/logs/proxy_host-{{ id }}.log proxy;
{% include "_header_comment.conf" %}
server {
set $server {{ forward_ip }};
set $port {{ forward_port }};
{% if caching_enabled == 1 or caching_enabled == true -%}
# Asset Caching
include conf.d/include/assets.conf;
{%- endif %}
{% if block_exploits == 1 or block_exploits == true -%}
# Block Exploits
include conf.d/include/block-exploits.conf;
{%- endif -%}
{% include "_listen.conf" %}
{% include "_certificates.conf" %}
{% include "_assets.conf" %}
{% include "_exploits.conf" %}
{%- if ssl_enabled == 1 or ssl_enabled == true -%}
{%- if ssl_provider == "letsencrypt" %}
# Let's Encrypt SSL
include conf.d/include/letsencrypt-acme-challenge.conf;
include conf.d/include/ssl-ciphers.conf;
ssl_certificate /etc/letsencrypt/live/proxy_host-{{ id }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/proxy_host-{{ id }}/privkey.pem;
{%- endif -%}
{%- endif %}
access_log /data/logs/proxy_host-{{ id }}.log proxy;
# TODO: Advanced config options
@ -38,12 +20,7 @@ server {
auth_basic_user_file /config/access/{{ access_list_id }};
{%- endif %}
{%- if ssl_enabled == 1 or ssl_enabled == true -%}
{%- if ssl_forced == 1 or ssl_forced == true -%}
# Force SSL
include conf.d/include/force-ssl.conf;
{%- endif -%}
{%- endif %}
{% include "_forced_ssl.conf" %}
# Proxy!
include conf.d/include/proxy.conf;

38
src/backend/templates/redirection_host.conf
View File

@ -1,34 +1,20 @@
# {{ domain_names | join: ", " }}
{% include "_header_comment.conf" %}
server {
listen 80;
{%- if ssl_enabled == 1 or ssl_enabled == true -%}
listen 443 ssl;
{%- endif %}
server_name {{ domain_names | join: " " }};
access_log /data/logs/proxy_host-{{ id }}.log proxy;
{% include "_listen.conf" %}
{% include "_certificates.conf" %}
{% include "_assets.conf" %}
{% include "_exploits.conf" %}
{%- if caching_enabled == 1 or caching_enabled == true %}
# Asset Caching
include conf.d/include/assets.conf;
{%- endif %}
{%- if block_exploits == 1 or block_exploits == true %}
# Block Exploits
include conf.d/include/block-exploits.conf;
{%- endif -%}
{%- if ssl_enabled == 1 or ssl_enabled == true -%}
{%- if ssl_provider == "letsencrypt" %}
# Let's Encrypt SSL
include conf.d/include/letsencrypt-acme-challenge.conf;
include conf.d/include/ssl-ciphers.conf;
ssl_certificate /etc/letsencrypt/live/proxy_host-{{ id }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/proxy_host-{{ id }}/privkey.pem;
{%- endif -%}
{%- endif %}
access_log /data/logs/redirection_host-{{ id }}.log proxy;
# TODO: Advanced config options
# TODO: Preserve Path Option
return 301 $scheme://{{ forward_domain_name }}$request_uri;
location / {
{% include "_forced_ssl.conf" %}
return 301 $scheme://{{ forward_domain_name }}$request_uri;
}
}

10
src/backend/templates/stream.conf
View File

@ -1,14 +1,16 @@
# ------------------------------------------------------------
# {{ incoming_port }} TCP: {{ tcp_forwarding }} UDP: {{ udp_forwarding }}
# ------------------------------------------------------------
{% if tcp_forwarding == 1 or tcp_forwarding == true -%}
server {
listen {{ incoming_port }};
proxy_pass {{ forward_ip }}:{{ forwarding_port }};
listen {{ incoming_port }};
proxy_pass {{ forward_ip }}:{{ forwarding_port }};
}
{% endif %}
{% if udp_forwarding == 1 or udp_forwarding == true %}
server {
listen {{ incoming_port }} udp;
proxy_pass {{ forward_ip }}:{{ forwarding_port }};
listen {{ incoming_port }} udp;
proxy_pass {{ forward_ip }}:{{ forwarding_port }};
}
{% endif %}