majic-ansible-roles Files · roles/wsgi_website/templates/nginx

Files @ 92011aae7258

Branch filter:

Location: majic-ansible-roles/roles/wsgi_website/templates/nginx_site.j2 - annotation

92011aae7258 2.3 KiB text/plain Show Source Show as Raw Download as Raw

branko

MAR-128: Upgraded tests for php_website role:

- Switch to new Molecule configuration.
- Updated set-up playbook to use become: yes.
- Moved some preparatory steps outside of the main playbook (eases
idempotence tests).
- Updated tests to reference the yml inventory file.
- Updated tests to use new fixture (host instead of individual ones).
- Switched to extracting hostname instead of hard-coding it in a
couple of tests.
- Fixed some linting issues.
- Updated hostname to include Debian version.

dfb91e411e40
dfb91e411e40
dfb91e411e40
dfb91e411e40
dfb91e411e40
dfb91e411e40
dfb91e411e40
dfb91e411e40
dfb91e411e40
dfb91e411e40
dfb91e411e40
981584549895
d26fe0368a4b
981584549895
981584549895
dfb91e411e40
981584549895
d26fe0368a4b
d26fe0368a4b
d26fe0368a4b
dfb91e411e40
d26fe0368a4b
d26fe0368a4b
d26fe0368a4b
18cd76ec050d
18cd76ec050d
d26fe0368a4b
b68d19ad38a3
3352797ee517
3352797ee517
3352797ee517
3352797ee517
3352797ee517
1b05bae8e440
1b05bae8e440
1b05bae8e440
1b05bae8e440
1b05bae8e440
bd13e65e0e94
981584549895
981584549895
981584549895
bd13e65e0e94
bd13e65e0e94
981584549895
bd13e65e0e94
981584549895
981584549895
981584549895
981584549895
981584549895
bd13e65e0e94
bd13e65e0e94
981584549895
981584549895
981584549895
819d02d81946
981584549895
981584549895
981584549895
981584549895
67dd87d59abb
67dd87d59abb
67dd87d59abb
67dd87d59abb
981584549895
981584549895
981584549895
4ca98a158269
4ca98a158269
4ca98a158269
4ca98a158269
4f7054d023b6
4ca98a158269
4ca98a158269
981584549895
981584549895
981584549895

{% if enforce_https -%}
server {
    # HTTP (plaintext) configuration.
    listen 80;
    server_name {{ fqdn }};

    # Redirect plaintext connections to HTTPS
    return 301 https://$host$request_uri;
}

{% endif -%}
server {
    # Base settings.
    root {{ home }}/htdocs/;
    server_name {{ fqdn }};
{% if not enforce_https %}

    # HTTP (plaintext) configuration.
    listen 80;

{% endif %}
    # HTTPS (TLS) configuration.
    listen 443 ssl;
    listen [::]:443 ssl;
    ssl_certificate_key /etc/ssl/private/{{ fqdn }}_https.key;
    ssl_certificate /etc/ssl/certs/{{ fqdn }}_https.pem;

{% if enforce_https -%}
    # Set-up HSTS header for preventing downgrades for users that visited the
    # site via HTTPS at least once.
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
{% endif -%}

    {% for config in additional_nginx_config -%}
    # {{ config.comment }}
    {{ config.value }}
    {% endfor -%}

    {% if rewrites -%}
    # Site rewrites.
    {% for rewrite in rewrites -%}
    rewrite {{ rewrite }};
    {% endfor -%}
    {% endif %}

    {% if static_locations -%}
    # Static locations
    {% for location in static_locations -%}
    location {{ location }} {
        try_files $uri $uri/ =404;
    }
    {% endfor -%}
    {% endif %}

    # Pass remaining requests to the WSGI server.
    location / {
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_redirect off;

    {% for header, value in proxy_headers.iteritems() -%}
    proxy_set_header {{ header }} {{ value }};
    {% endfor -%}

        proxy_pass http://unix:/run/wsgi/{{ fqdn }}.sock;
    }

    {% if environment_indicator -%}
    # Show environment indicator on HTML pages.
    sub_filter_types text/html;
    sub_filter_once on;
    sub_filter "</body>" "<div id='website-environment' style='background-color: {{ environment_indicator.background_colour }}; width: 100%; text-align: center; position: fixed; bottom: 5px; color: {{ environment_indicator.text_colour }}; font-weight: bold; z-index: 999999;'>{{ environment_indicator.text }}</div></body>";
    {% endif -%}

    access_log /var/log/nginx/{{ fqdn }}-access.log;
    error_log /var/log/nginx/{{ fqdn }}-error.log;
}