paulbsd/paulbsd-salt
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

updated nginx state
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse Source
This commit is contained in:
Paul 2024-07-07 22:56:18 +02:00
parent 2465bbdf23
commit b21f0b87f7
7 changed files with 96 additions and 96 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
states/nginx/templates/nginx.conf.j2
View File

@ -32,7 +32,7 @@ http {
charset utf-8;
types_hash_bucket_size 256;
types_hash_max_size 2048;
types_hash_max_size 2048;
real_ip_header proxy_protocol;
set_real_ip_from 127.0.0.1;

2
states/nginx/templates/ssl_params.j2
View File

@ -12,7 +12,7 @@ ssl_certificate_key /etc/acme/keys/paulbsd.com.key;
ssl_ciphers EECDH+AESGCM:EECDH+CHACHA20;
ssl_dhparam /etc/acme/dh/dh.pem;
ssl_ecdh_curve secp384r1;
ssl_prefer_server_ciphers on;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1.3 TLSv1.2;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;

24
states/nginx/templates/types/dokuwiki.j2
View File

@ -1,20 +1,20 @@
## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }}
server {
include http;
server_name {{ vhost_name }};
return 301 https://$server_name$request_uri;
include http;
server_name {{ vhost_name }};
return 301 https://$server_name$request_uri;
}
server {
include https;
server_name {{ vhost_name }};
root {{ root_dir }};
include https;
server_name {{ vhost_name }};
root {{ root_dir }};
index index.php index.html;
index index.php index.html;
{%- for key,value in headers.items() %}
add_header {{ key }} "{{ value }}";
add_header {{ key }} "{{ value }}";
{%- endfor %}
location ~ /(conf|bin|inc)/ {
@ -26,10 +26,10 @@ server {
}
location ~ \.php?$ {
include fastcgi_params;
fastcgi_pass unix:{{ php_socket_file }};
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
include fastcgi_params;
fastcgi_pass unix:{{ php_socket_file }};
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
}
location ~* .(png|ico|gif|jpg|jpeg|css|js|svg)$ {

76
states/nginx/templates/types/nextcloud.j2
View File

@ -1,61 +1,61 @@
## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }}
server {
include http;
server_name {{ vhost_name }};
return 301 https://$server_name$request_uri;
include http;
server_name {{ vhost_name }};
return 301 https://$server_name$request_uri;
}
server {
include https;
server_name {{ vhost_name }};
root {{ root_dir }};
include https;
server_name {{ vhost_name }};
root {{ root_dir }};
index index.php;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
client_max_body_size 4G;
fastcgi_buffers 64 4K;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
index index.php;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
client_max_body_size 4G;
fastcgi_buffers 64 4K;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
{%- for key,value in headers.items() %}
add_header {{ key }} "{{ value }}";
add_header {{ key }} "{{ value }}";
{% endfor -%}
rewrite ^/caldav(.*)$ https://$server_name/remote.php/dav$1 redirect;
rewrite ^/carddav(.*)$ https://$server_name/remote.php/dav$1 redirect;
rewrite ^/webdav(.*)$ https://$server_name/remote.php/webdav$1 redirect;
rewrite ^/caldav(.*)$ https://$server_name/remote.php/dav$1 redirect;
rewrite ^/carddav(.*)$ https://$server_name/remote.php/dav$1 redirect;
rewrite ^/webdav(.*)$ https://$server_name/remote.php/webdav$1 redirect;
location / {
rewrite ^/caldav(.*)$ https://$server_name/remote.php/dav$1 redirect;
rewrite ^/carddav(.*)$ https://$server_name/remote.php/dav$1 redirect;
rewrite ^/webdav(.*)$ https://$server_name/remote.php/webdav$1 redirect;
rewrite ^/.well-known/caldav(.*)$ https://$server_name/remote.php/dav$1 redirect;
rewrite ^/.well-known/carddav(.*)$ https://$server_name/remote.php/dav$1 redirect;
rewrite ^/.well-known/webdav(.*)$ https://$server_name/remote.php/webdav$1 redirect;
rewrite ^/.well-known/host-meta https://$server_name/public.php?service=host-meta last;
rewrite ^/.well-known/host-meta.json https://$server_name/public.php?service=host-meta-json last;
rewrite ^/.well-known/webfinger https://$server_name/index.php$uri last;
rewrite ^/.well-known/nodeinfo https://$server_name/index.php$uri last;
rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;
try_files $uri $uri/ index.php;
rewrite ^/caldav(.*)$ https://$server_name/remote.php/dav$1 redirect;
rewrite ^/carddav(.*)$ https://$server_name/remote.php/dav$1 redirect;
rewrite ^/webdav(.*)$ https://$server_name/remote.php/webdav$1 redirect;
rewrite ^/.well-known/caldav(.*)$ https://$server_name/remote.php/dav$1 redirect;
rewrite ^/.well-known/carddav(.*)$ https://$server_name/remote.php/dav$1 redirect;
rewrite ^/.well-known/webdav(.*)$ https://$server_name/remote.php/webdav$1 redirect;
rewrite ^/.well-known/host-meta https://$server_name/public.php?service=host-meta last;
rewrite ^/.well-known/host-meta.json https://$server_name/public.php?service=host-meta-json last;
rewrite ^/.well-known/webfinger https://$server_name/index.php$uri last;
rewrite ^/.well-known/nodeinfo https://$server_name/index.php$uri last;
rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;
try_files $uri $uri/ index.php;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
allow all;
log_not_found off;
access_log off;
}
location ~ ^/(data|config|\.ht|db_structure\.xml|README) {
deny all;
deny all;
}
location ~ ^(.+?\.php)(/.*)?$ {
include fastcgi_params;
fastcgi_pass unix:{{ php_socket_file }};
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
try_files $1 =404;
include fastcgi_params;
fastcgi_pass unix:{{ php_socket_file }};
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
try_files $1 =404;
}
location ~* .(png|ico|gif|jpg|jpeg|css|mjs|js|svg)$ {

26
states/nginx/templates/types/rainloop.j2
View File

@ -1,24 +1,24 @@
## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }}
server {
include http;
server_name {{ vhost_name }};
return 301 https://$server_name$request_uri;
include http;
server_name {{ vhost_name }};
return 301 https://$server_name$request_uri;
}
server {
include https;
server_name {{ vhost_name }};
root {{ root_dir }};
include https;
server_name {{ vhost_name }};
root {{ root_dir }};
index index.php index.html;
index index.php index.html;
{%- for key,value in headers.items() %}
add_header {{ key }} "{{ value }}";
add_header {{ key }} "{{ value }}";
{%- endfor %}
location ~ /(conf|bin|inc)/ {
deny all;
deny all;
}
location ~ /data/ {
@ -26,10 +26,10 @@ server {
}
location ~ \.php?$ {
include fastcgi_params;
fastcgi_pass unix:{{ php_socket_file }};
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
include fastcgi_params;
fastcgi_pass unix:{{ php_socket_file }};
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
}
location ~* .(png|ico|gif|jpg|jpeg|css|js|svg)$ {

38
states/nginx/templates/types/simple.j2
View File

@ -1,16 +1,16 @@
## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }}
server {
include http;
server_name {{ vhost_name }}{% for i in sub %} {{ "%s.%s"|format(i,vhost_name) }} {% endfor %};
return 301 https://$server_name$request_uri;
include http;
server_name {{ vhost_name }}{% for i in sub %} {{ "%s.%s"|format(i,vhost_name) }} {% endfor %};
return 301 https://$server_name$request_uri;
}
server {
include https;
server_name {{ vhost_name }}{% for i in sub %} {{ "%s.%s"|format(i,vhost_name) }} {% endfor %};
include https;
server_name {{ vhost_name }}{% for i in sub %} {{ "%s.%s"|format(i,vhost_name) }} {% endfor %};
{%- if not proxy %}
root "{{ root_dir }}";
root "{{ root_dir }}";
{%- endif %}
set $auth "Restricted Area";
@ -24,40 +24,40 @@ server {
set $auth "off";
}
{%- if auth %}
auth_basic $auth;
auth_basic_user_file {{ config_dir }}/auth/htpasswd;
auth_basic $auth;
auth_basic_user_file {{ config_dir }}/auth/htpasswd;
{%- endif %}
{%- for key,value in headers.items() %}
add_header {{ key }} "{{ value }}";
add_header {{ key }} "{{ value }}";
{%- endfor %}
location / {
{%- if proxy %}
proxy_pass {{ proxy_pass }};
proxy_pass {{ proxy_pass }};
{%- if not cache %}
proxy_no_cache 1;
proxy_cache_bypass 1;
proxy_no_cache 1;
proxy_cache_bypass 1;
{%- endif %}
{%- endif %}
{%- if autoindex %}
autoindex on;
autoindex_localtime on;
autoindex on;
autoindex_localtime on;
autoindex_exact_size on;
{%- else %}
index index.html;
{% endif %}
{% if webdav %}
index index.html;
{%- endif %}
{%- if webdav %}
dav_methods PUT DELETE MKCOL COPY MOVE;
dav_ext_methods PROPFIND OPTIONS;
dav_access user:rw group:r all:r;
create_full_put_path on;
{% endif %}
{%- endif %}
}
{%- for dir in dirs %}
location {{ dir.name }} {
alias {{ dir.alias }};
alias {{ dir.alias }};
location ~* .(png|ico|gif|jpg|jpeg|css|js|svg)$ {
expires 2d;

24
states/nginx/templates/types/zabbix.j2
View File

@ -1,20 +1,20 @@
## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }}
server {
include http;
server_name {{ vhost_name }};
return 301 https://$server_name$request_uri;
include http;
server_name {{ vhost_name }};
return 301 https://$server_name$request_uri;
}
server {
include https;
server_name {{ vhost_name }};
root {{ root_dir }};
include https;
server_name {{ vhost_name }};
root {{ root_dir }};
index index.php index.html;
index index.php index.html;
{%- for key,value in headers.items() %}
add_header {{ key }} "{{ value }}";
add_header {{ key }} "{{ value }}";
{%- endfor %}
location ~ setup.php$ {
@ -22,10 +22,10 @@ server {
}
location ~ \.php?$ {
include fastcgi_params;
fastcgi_pass unix:{{ php_socket_file }};
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
include fastcgi_params;
fastcgi_pass unix:{{ php_socket_file }};
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
}
location ~* .(png|ico|gif|jpg|jpeg|css|js|svg)$ {