2024-06-21 14:48:12 +00:00
|
|
|
upstream ${service_name} {
|
|
|
|
least_conn;
|
|
|
|
server ${upstream_host};
|
|
|
|
}
|
|
|
|
%{for upstream in extra_upstreams~}
|
|
|
|
upstream ${upstream.name} {
|
|
|
|
least_conn;
|
|
|
|
%{for server in upstream.servers~}
|
|
|
|
server ${server};
|
|
|
|
%{endfor~}
|
|
|
|
}
|
|
|
|
%{endfor~}
|
|
|
|
|
|
|
|
%{if !allow_non_ssl~}
|
|
|
|
server {
|
|
|
|
# Redirect non-ssl to ssl
|
|
|
|
listen ${http_port};
|
|
|
|
listen [::]:${http_port};
|
|
|
|
server_name ${hostname};
|
|
|
|
return 301 https://$host$request_uri;
|
|
|
|
}
|
|
|
|
%{endif~}
|
|
|
|
|
|
|
|
server {
|
|
|
|
%{if allow_non_ssl~}
|
|
|
|
# Non-SSL Traffic is allowed
|
2024-06-21 16:01:44 +00:00
|
|
|
listen ${http_port~};
|
2024-06-21 14:48:12 +00:00
|
|
|
listen [::]:${http_port};
|
|
|
|
%{endif~}
|
2024-06-21 16:01:44 +00:00
|
|
|
%{if allow_ssl~}
|
2024-06-21 14:48:12 +00:00
|
|
|
# SSL Traffic is allowed
|
|
|
|
listen ${https_port} ssl;
|
|
|
|
listen [::]:${https_port} ssl;
|
2024-06-21 16:01:44 +00:00
|
|
|
%{endif~}
|
2024-06-21 14:48:12 +00:00
|
|
|
server_name ${hostname};
|
|
|
|
access_log /var/log/nginx/${hostname}.access.log;
|
|
|
|
error_log /var/log/nginx/${hostname}.error.log;
|
|
|
|
|
|
|
|
%{if enable_ssl~}
|
|
|
|
ssl_certificate /etc/nginx/conf.d/${hostname}.crt;
|
|
|
|
ssl_certificate_key /etc/nginx/conf.d/${hostname}.key;
|
|
|
|
# ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
|
|
|
# ssl_ciphers HIGH:!aNULL:!MD5;
|
|
|
|
%{endif~}
|
|
|
|
|
|
|
|
client_max_body_size 0;
|
|
|
|
|
|
|
|
location / {
|
|
|
|
%{if host_override != null~}
|
|
|
|
proxy_set_header Host ${host_override};
|
|
|
|
%{else~}
|
|
|
|
proxy_set_header Host $host;
|
|
|
|
%{endif~}
|
|
|
|
|
|
|
|
# Server to send the request on to
|
|
|
|
proxy_pass http://${service_name};
|
|
|
|
|
|
|
|
# Standard headers setting origin data
|
|
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
|
|
|
|
%{if basic_auth != null~}
|
|
|
|
# Http Basic Auth
|
|
|
|
auth_basic "closed site";
|
|
|
|
auth_basic_user_file sites-enabled/${auth_file};
|
|
|
|
%{endif~}
|
|
|
|
|
|
|
|
# WebSocket support
|
|
|
|
proxy_http_version 1.1;
|
|
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
|
|
proxy_set_header Connection "Upgrade";
|
|
|
|
proxy_cache_bypass $http_upgrade;
|
|
|
|
proxy_buffering off;
|
|
|
|
proxy_set_header Origin "";
|
|
|
|
|
|
|
|
# Proxy timeouts
|
|
|
|
proxy_read_timeout ${timeout_seconds};
|
|
|
|
proxy_connect_timeout ${timeout_seconds};
|
|
|
|
proxy_send_timeout ${timeout_seconds};
|
|
|
|
}
|
|
|
|
|
|
|
|
${extra_locations}
|
|
|
|
}
|
|
|
|
|