Files @ 8944b8348567
Branch filter:

Location: majic-ansible-roles/roles/wsgi_website/templates/nginx_site.j2

8944b8348567 2.4 KiB text/plain Show Annotation Show as Raw Download as Raw
branko
MAR-226: Harmonise the HTTP header override parameter between the PHP and WSGI website roles:

- Use the new naming/syntax introduced in the php_website role since
it implies less dependence on the backend application (more generic
name for it), and is a little bit saner in terms of not having to
provide quotes as part of the value.
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
server {
    # HTTP (plaintext) configuration.
    listen 80;
    server_name {{ fqdn }};

    # Redirect plaintext connections to HTTPS
    return 301 https://$host$request_uri;
}

server {
    # Base settings.
    root {{ home }}/htdocs/;
    server_name {{ fqdn }};

    # HTTPS (TLS) configuration.
    listen 443 ssl;
    listen [::]:443 ssl;
    ssl_certificate_key /etc/ssl/private/{{ fqdn }}_https.key;
    ssl_certificate /etc/ssl/certs/{{ fqdn }}_https.pem;

    # Set-up HSTS header for preventing downgrades for users that visited the
    # site via HTTPS at least once.
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";

    {% for config in additional_nginx_config -%}
    # {{ config.comment }}
    {{ config.value }}
    {% endfor -%}

    {% if rewrites -%}
    # Site rewrites.
    {% for rewrite in rewrites -%}
    rewrite {{ rewrite }};
    {% endfor -%}
    {% endif %}

    {% if static_locations -%}
    # Static locations
    {% for location in static_locations -%}
    location {{ location }} {
        try_files $uri $uri/ =404;
    }
    {% endfor -%}
    {% endif %}

    # Pass remaining requests to the WSGI server.
    location / {
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_redirect off;

    {% for header, value in http_header_overrides | dictsort -%}
    proxy_set_header {{ header }} "{{ value }}";
    {% endfor -%}

        proxy_pass http://unix:/run/wsgi/{{ fqdn }}.sock;
    }

    {% if environment_indicator -%}
    # Show environment indicator on HTML pages.
    sub_filter_types text/html;
    sub_filter_once on;
    sub_filter "</body>" "
    <details open='true' style='position: fixed; left: 0; width: 100%; line-height: 1.5em; font-weight: bold; color: {{ environment_indicator.text_colour }};'>
        <summary style='background-color: {{ environment_indicator.background_colour }}; list-style-type: none; position: fixed; bottom: 5px; z-index: 999999;'>&#128896;&#128898;</summary>
        <div style='background-color: {{ environment_indicator.background_colour }}; width: 100%; text-align: center; position: fixed; bottom: 5px; z-index: 999998;'>{{ environment_indicator.text }}</div>
    </details>
";
    {% endif -%}

    access_log /var/log/nginx/{{ fqdn }}-access.log;
    error_log /var/log/nginx/{{ fqdn }}-error.log;
}
This site is powered by Kallithea 0.7.0, which is © 2010–2024 by various authors & licensed under GPLv3.