Files @ 770551dc8c6f
Branch filter:

Location: majic-ansible-roles/roles/wsgi_website/templates/nginx_site.j2

770551dc8c6f 2.3 KiB text/plain Show Annotation Show as Raw Download as Raw
branko
MAR-148: Improve the SSH connectivity tests in backup_server role to be more reliable:

- Introduce a session-level fixture for setting permissions for client
SSH private keys (fixes errors related to SSH requesting tighter
permissions).
- Add assertions for the tests that verify the backup clients cannot
connect to the regular SSH server in case the SSH private keys do
not have correct permissions (just in case).
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
{% if enforce_https -%}
server {
    # HTTP (plaintext) configuration.
    listen 80;
    server_name {{ fqdn }};

    # Redirect plaintext connections to HTTPS
    return 301 https://$host$request_uri;
}

{% endif -%}
server {
    # Base settings.
    root {{ home }}/htdocs/;
    server_name {{ fqdn }};
{% if not enforce_https %}

    # HTTP (plaintext) configuration.
    listen 80;

{% endif %}
    # HTTPS (TLS) configuration.
    listen 443 ssl;
    listen [::]:443 ssl;
    ssl_certificate_key /etc/ssl/private/{{ fqdn }}_https.key;
    ssl_certificate /etc/ssl/certs/{{ fqdn }}_https.pem;

{% if enforce_https -%}
    # Set-up HSTS header for preventing downgrades for users that visited the
    # site via HTTPS at least once.
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
{% endif -%}

    {% for config in additional_nginx_config -%}
    # {{ config.comment }}
    {{ config.value }}
    {% endfor -%}

    {% if rewrites -%}
    # Site rewrites.
    {% for rewrite in rewrites -%}
    rewrite {{ rewrite }};
    {% endfor -%}
    {% endif %}

    {% if static_locations -%}
    # Static locations
    {% for location in static_locations -%}
    location {{ location }} {
        try_files $uri $uri/ =404;
    }
    {% endfor -%}
    {% endif %}

    # Pass remaining requests to the WSGI server.
    location / {
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_redirect off;

    {% for header, value in proxy_headers.iteritems() -%}
    proxy_set_header {{ header }} {{ value }};
    {% endfor -%}

        proxy_pass http://unix:/run/wsgi/{{ fqdn }}.sock;
    }

    {% if environment_indicator -%}
    # Show environment indicator on HTML pages.
    sub_filter_types text/html;
    sub_filter_once on;
    sub_filter "</body>" "<div id='website-environment' style='background-color: {{ environment_indicator.background_colour }}; width: 100%; text-align: center; position: fixed; bottom: 5px; color: {{ environment_indicator.text_colour }}; font-weight: bold; z-index: 999999;'>{{ environment_indicator.text }}</div></body>";
    {% endif -%}

    access_log /var/log/nginx/{{ fqdn }}-access.log;
    error_log /var/log/nginx/{{ fqdn }}-error.log;
}
This site is powered by Kallithea 0.7.0, which is © 2010–2024 by various authors & licensed under GPLv3.