Files @ b55cb83f8342
Branch filter:

Location: majic-ansible-roles/roles/wsgi_website/templates/nginx_site.j2

b55cb83f8342 2.4 KiB text/plain Show Annotation Show as Raw Download as Raw
branko
Noticket: Added workaround to development process for outdated Molecule version:

- Unfortunately, the Molecule version used for running tests does not
generate valid Ruby 3.x code. For now just work around the way Hash
is unpacked in function calls to optional arguments (until the test
stack gets a revamp).
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
server {
    # HTTP (plaintext) configuration.
    listen 80;
    server_name {{ fqdn }};

    # Redirect plaintext connections to HTTPS
    return 301 https://$host$request_uri;
}

server {
    # Base settings.
    root {{ home }}/htdocs/;
    server_name {{ fqdn }};

    # HTTPS (TLS) configuration.
    listen 443 ssl;
    listen [::]:443 ssl;
    ssl_certificate_key /etc/ssl/private/{{ fqdn }}_https.key;
    ssl_certificate /etc/ssl/certs/{{ fqdn }}_https.pem;

    # Set-up HSTS header for preventing downgrades for users that visited the
    # site via HTTPS at least once.
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";

    {% for config in additional_nginx_config -%}
    # {{ config.comment }}
    {{ config.value }}
    {% endfor -%}

    {% if rewrites -%}
    # Site rewrites.
    {% for rewrite in rewrites -%}
    rewrite {{ rewrite }};
    {% endfor -%}
    {% endif %}

    {% if static_locations -%}
    # Static locations
    {% for location in static_locations -%}
    location {{ location }} {
        try_files $uri $uri/ =404;
    }
    {% endfor -%}
    {% endif %}

    # Pass remaining requests to the WSGI server.
    location / {
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_redirect off;

    {% for header, value in http_header_overrides | dictsort -%}
    proxy_set_header {{ header }} "{{ value }}";
    {% endfor -%}

        proxy_pass http://unix:/run/wsgi/{{ fqdn }}.sock;
    }

    {% if environment_indicator -%}
    # Show environment indicator on HTML pages.
    sub_filter_types text/html;
    sub_filter_once on;
    sub_filter "</body>" "
    <details open='true' style='position: fixed; left: 0; width: 100%; line-height: 1.5em; font-weight: bold; color: {{ environment_indicator.text_colour }};'>
        <summary style='background-color: {{ environment_indicator.background_colour }}; list-style-type: none; position: fixed; bottom: 5px; z-index: 999999;'>&#128896;&#128898;</summary>
        <div style='background-color: {{ environment_indicator.background_colour }}; width: 100%; text-align: center; position: fixed; bottom: 5px; z-index: 999998;'>{{ environment_indicator.text }}</div>
    </details>
";
    {% endif -%}

    access_log /var/log/nginx/{{ fqdn }}-access.log;
    error_log /var/log/nginx/{{ fqdn }}-error.log;
}
This site is powered by Kallithea 0.7.0, which is © 2010–2024 by various authors & licensed under GPLv3.