From b21f0b87f7dfe4098330f700f1ce1740455a2c0e Mon Sep 17 00:00:00 2001 From: Paul Date: Sun, 7 Jul 2024 22:56:18 +0200 Subject: [PATCH] updated nginx state --- states/nginx/templates/nginx.conf.j2 | 2 +- states/nginx/templates/ssl_params.j2 | 2 +- states/nginx/templates/types/dokuwiki.j2 | 24 +++---- states/nginx/templates/types/nextcloud.j2 | 76 +++++++++++------------ states/nginx/templates/types/rainloop.j2 | 26 ++++---- states/nginx/templates/types/simple.j2 | 38 ++++++------ states/nginx/templates/types/zabbix.j2 | 24 +++---- 7 files changed, 96 insertions(+), 96 deletions(-) diff --git a/states/nginx/templates/nginx.conf.j2 b/states/nginx/templates/nginx.conf.j2 index 9e12aae..2cf06a5 100644 --- a/states/nginx/templates/nginx.conf.j2 +++ b/states/nginx/templates/nginx.conf.j2 @@ -32,7 +32,7 @@ http { charset utf-8; types_hash_bucket_size 256; - types_hash_max_size 2048; + types_hash_max_size 2048; real_ip_header proxy_protocol; set_real_ip_from 127.0.0.1; diff --git a/states/nginx/templates/ssl_params.j2 b/states/nginx/templates/ssl_params.j2 index 17809e3..91fbaa1 100644 --- a/states/nginx/templates/ssl_params.j2 +++ b/states/nginx/templates/ssl_params.j2 @@ -12,7 +12,7 @@ ssl_certificate_key /etc/acme/keys/paulbsd.com.key; ssl_ciphers EECDH+AESGCM:EECDH+CHACHA20; ssl_dhparam /etc/acme/dh/dh.pem; ssl_ecdh_curve secp384r1; -ssl_prefer_server_ciphers on; +ssl_prefer_server_ciphers on; ssl_protocols TLSv1.3 TLSv1.2; ssl_session_cache shared:SSL:10m; ssl_session_tickets off; diff --git a/states/nginx/templates/types/dokuwiki.j2 b/states/nginx/templates/types/dokuwiki.j2 index 88dad10..76fd26b 100644 --- a/states/nginx/templates/types/dokuwiki.j2 +++ b/states/nginx/templates/types/dokuwiki.j2 @@ -1,20 +1,20 @@ ## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }} server { - include http; - server_name {{ vhost_name }}; - return 301 https://$server_name$request_uri; + include http; + server_name {{ vhost_name }}; + return 301 https://$server_name$request_uri; } server { - include https; - server_name {{ vhost_name }}; - root {{ root_dir }}; + include https; + server_name {{ vhost_name }}; + root {{ root_dir }}; - index index.php index.html; + index index.php index.html; {%- for key,value in headers.items() %} - add_header {{ key }} "{{ value }}"; + add_header {{ key }} "{{ value }}"; {%- endfor %} location ~ /(conf|bin|inc)/ { @@ -26,10 +26,10 @@ server { } location ~ \.php?$ { - include fastcgi_params; - fastcgi_pass unix:{{ php_socket_file }}; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name; + include fastcgi_params; + fastcgi_pass unix:{{ php_socket_file }}; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name; } location ~* .(png|ico|gif|jpg|jpeg|css|js|svg)$ { diff --git a/states/nginx/templates/types/nextcloud.j2 b/states/nginx/templates/types/nextcloud.j2 index d909213..7a47ad1 100644 --- a/states/nginx/templates/types/nextcloud.j2 +++ b/states/nginx/templates/types/nextcloud.j2 @@ -1,61 +1,61 @@ ## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }} server { - include http; - server_name {{ vhost_name }}; - return 301 https://$server_name$request_uri; + include http; + server_name {{ vhost_name }}; + return 301 https://$server_name$request_uri; } server { - include https; - server_name {{ vhost_name }}; - root {{ root_dir }}; + include https; + server_name {{ vhost_name }}; + root {{ root_dir }}; - index index.php; - error_page 403 /core/templates/403.php; - error_page 404 /core/templates/404.php; - client_max_body_size 4G; - fastcgi_buffers 64 4K; - add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; + index index.php; + error_page 403 /core/templates/403.php; + error_page 404 /core/templates/404.php; + client_max_body_size 4G; + fastcgi_buffers 64 4K; + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; {%- for key,value in headers.items() %} - add_header {{ key }} "{{ value }}"; + add_header {{ key }} "{{ value }}"; {% endfor -%} - rewrite ^/caldav(.*)$ https://$server_name/remote.php/dav$1 redirect; - rewrite ^/carddav(.*)$ https://$server_name/remote.php/dav$1 redirect; - rewrite ^/webdav(.*)$ https://$server_name/remote.php/webdav$1 redirect; + rewrite ^/caldav(.*)$ https://$server_name/remote.php/dav$1 redirect; + rewrite ^/carddav(.*)$ https://$server_name/remote.php/dav$1 redirect; + rewrite ^/webdav(.*)$ https://$server_name/remote.php/webdav$1 redirect; location / { - rewrite ^/caldav(.*)$ https://$server_name/remote.php/dav$1 redirect; - rewrite ^/carddav(.*)$ https://$server_name/remote.php/dav$1 redirect; - rewrite ^/webdav(.*)$ https://$server_name/remote.php/webdav$1 redirect; - rewrite ^/.well-known/caldav(.*)$ https://$server_name/remote.php/dav$1 redirect; - rewrite ^/.well-known/carddav(.*)$ https://$server_name/remote.php/dav$1 redirect; - rewrite ^/.well-known/webdav(.*)$ https://$server_name/remote.php/webdav$1 redirect; - rewrite ^/.well-known/host-meta https://$server_name/public.php?service=host-meta last; - rewrite ^/.well-known/host-meta.json https://$server_name/public.php?service=host-meta-json last; - rewrite ^/.well-known/webfinger https://$server_name/index.php$uri last; - rewrite ^/.well-known/nodeinfo https://$server_name/index.php$uri last; - rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; - try_files $uri $uri/ index.php; + rewrite ^/caldav(.*)$ https://$server_name/remote.php/dav$1 redirect; + rewrite ^/carddav(.*)$ https://$server_name/remote.php/dav$1 redirect; + rewrite ^/webdav(.*)$ https://$server_name/remote.php/webdav$1 redirect; + rewrite ^/.well-known/caldav(.*)$ https://$server_name/remote.php/dav$1 redirect; + rewrite ^/.well-known/carddav(.*)$ https://$server_name/remote.php/dav$1 redirect; + rewrite ^/.well-known/webdav(.*)$ https://$server_name/remote.php/webdav$1 redirect; + rewrite ^/.well-known/host-meta https://$server_name/public.php?service=host-meta last; + rewrite ^/.well-known/host-meta.json https://$server_name/public.php?service=host-meta-json last; + rewrite ^/.well-known/webfinger https://$server_name/index.php$uri last; + rewrite ^/.well-known/nodeinfo https://$server_name/index.php$uri last; + rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; + try_files $uri $uri/ index.php; } location = /robots.txt { - allow all; - log_not_found off; - access_log off; + allow all; + log_not_found off; + access_log off; } location ~ ^/(data|config|\.ht|db_structure\.xml|README) { - deny all; + deny all; } location ~ ^(.+?\.php)(/.*)?$ { - include fastcgi_params; - fastcgi_pass unix:{{ php_socket_file }}; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name; - fastcgi_split_path_info ^(.+\.php)(/.+)$; - try_files $1 =404; + include fastcgi_params; + fastcgi_pass unix:{{ php_socket_file }}; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + try_files $1 =404; } location ~* .(png|ico|gif|jpg|jpeg|css|mjs|js|svg)$ { diff --git a/states/nginx/templates/types/rainloop.j2 b/states/nginx/templates/types/rainloop.j2 index 999157c..76fd26b 100644 --- a/states/nginx/templates/types/rainloop.j2 +++ b/states/nginx/templates/types/rainloop.j2 @@ -1,24 +1,24 @@ ## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }} server { - include http; - server_name {{ vhost_name }}; - return 301 https://$server_name$request_uri; + include http; + server_name {{ vhost_name }}; + return 301 https://$server_name$request_uri; } server { - include https; - server_name {{ vhost_name }}; - root {{ root_dir }}; + include https; + server_name {{ vhost_name }}; + root {{ root_dir }}; - index index.php index.html; + index index.php index.html; {%- for key,value in headers.items() %} - add_header {{ key }} "{{ value }}"; + add_header {{ key }} "{{ value }}"; {%- endfor %} location ~ /(conf|bin|inc)/ { - deny all; + deny all; } location ~ /data/ { @@ -26,10 +26,10 @@ server { } location ~ \.php?$ { - include fastcgi_params; - fastcgi_pass unix:{{ php_socket_file }}; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name; + include fastcgi_params; + fastcgi_pass unix:{{ php_socket_file }}; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name; } location ~* .(png|ico|gif|jpg|jpeg|css|js|svg)$ { diff --git a/states/nginx/templates/types/simple.j2 b/states/nginx/templates/types/simple.j2 index f06d153..95d3465 100644 --- a/states/nginx/templates/types/simple.j2 +++ b/states/nginx/templates/types/simple.j2 @@ -1,16 +1,16 @@ ## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }} server { - include http; - server_name {{ vhost_name }}{% for i in sub %} {{ "%s.%s"|format(i,vhost_name) }} {% endfor %}; - return 301 https://$server_name$request_uri; + include http; + server_name {{ vhost_name }}{% for i in sub %} {{ "%s.%s"|format(i,vhost_name) }} {% endfor %}; + return 301 https://$server_name$request_uri; } server { - include https; - server_name {{ vhost_name }}{% for i in sub %} {{ "%s.%s"|format(i,vhost_name) }} {% endfor %}; + include https; + server_name {{ vhost_name }}{% for i in sub %} {{ "%s.%s"|format(i,vhost_name) }} {% endfor %}; {%- if not proxy %} - root "{{ root_dir }}"; + root "{{ root_dir }}"; {%- endif %} set $auth "Restricted Area"; @@ -24,40 +24,40 @@ server { set $auth "off"; } {%- if auth %} - auth_basic $auth; - auth_basic_user_file {{ config_dir }}/auth/htpasswd; + auth_basic $auth; + auth_basic_user_file {{ config_dir }}/auth/htpasswd; {%- endif %} {%- for key,value in headers.items() %} - add_header {{ key }} "{{ value }}"; + add_header {{ key }} "{{ value }}"; {%- endfor %} location / { {%- if proxy %} - proxy_pass {{ proxy_pass }}; + proxy_pass {{ proxy_pass }}; {%- if not cache %} - proxy_no_cache 1; - proxy_cache_bypass 1; + proxy_no_cache 1; + proxy_cache_bypass 1; {%- endif %} {%- endif %} {%- if autoindex %} - autoindex on; - autoindex_localtime on; + autoindex on; + autoindex_localtime on; autoindex_exact_size on; {%- else %} - index index.html; - {% endif %} - {% if webdav %} + index index.html; + {%- endif %} + {%- if webdav %} dav_methods PUT DELETE MKCOL COPY MOVE; dav_ext_methods PROPFIND OPTIONS; dav_access user:rw group:r all:r; create_full_put_path on; - {% endif %} + {%- endif %} } {%- for dir in dirs %} location {{ dir.name }} { - alias {{ dir.alias }}; + alias {{ dir.alias }}; location ~* .(png|ico|gif|jpg|jpeg|css|js|svg)$ { expires 2d; diff --git a/states/nginx/templates/types/zabbix.j2 b/states/nginx/templates/types/zabbix.j2 index d892e2d..8767281 100644 --- a/states/nginx/templates/types/zabbix.j2 +++ b/states/nginx/templates/types/zabbix.j2 @@ -1,20 +1,20 @@ ## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }} server { - include http; - server_name {{ vhost_name }}; - return 301 https://$server_name$request_uri; + include http; + server_name {{ vhost_name }}; + return 301 https://$server_name$request_uri; } server { - include https; - server_name {{ vhost_name }}; - root {{ root_dir }}; + include https; + server_name {{ vhost_name }}; + root {{ root_dir }}; - index index.php index.html; + index index.php index.html; {%- for key,value in headers.items() %} - add_header {{ key }} "{{ value }}"; + add_header {{ key }} "{{ value }}"; {%- endfor %} location ~ setup.php$ { @@ -22,10 +22,10 @@ server { } location ~ \.php?$ { - include fastcgi_params; - fastcgi_pass unix:{{ php_socket_file }}; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name; + include fastcgi_params; + fastcgi_pass unix:{{ php_socket_file }}; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name; } location ~* .(png|ico|gif|jpg|jpeg|css|js|svg)$ {