paulbsd/paulbsd-salt
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

updated nginx state
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse Source
This commit is contained in:
Paul 2024-07-07 22:56:18 +02:00
parent 2465bbdf23
commit b21f0b87f7
7 changed files with 96 additions and 96 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
states/nginx/templates/nginx.conf.j2
View File

@ -32,7 +32,7 @@ http {
charset utf-8; charset utf-8;
types_hash_bucket_size 256; types_hash_bucket_size 256;
types_hash_max_size 2048; types_hash_max_size 2048;
real_ip_header proxy_protocol; real_ip_header proxy_protocol;
set_real_ip_from 127.0.0.1; set_real_ip_from 127.0.0.1;

2
states/nginx/templates/ssl_params.j2
View File

@ -12,7 +12,7 @@ ssl_certificate_key /etc/acme/keys/paulbsd.com.key;
ssl_ciphers EECDH+AESGCM:EECDH+CHACHA20; ssl_ciphers EECDH+AESGCM:EECDH+CHACHA20;
ssl_dhparam /etc/acme/dh/dh.pem; ssl_dhparam /etc/acme/dh/dh.pem;
ssl_ecdh_curve secp384r1; ssl_ecdh_curve secp384r1;
ssl_prefer_server_ciphers on; ssl_prefer_server_ciphers on;
ssl_protocols TLSv1.3 TLSv1.2; ssl_protocols TLSv1.3 TLSv1.2;
ssl_session_cache shared:SSL:10m; ssl_session_cache shared:SSL:10m;
ssl_session_tickets off; ssl_session_tickets off;

24
states/nginx/templates/types/dokuwiki.j2
View File

@ -1,20 +1,20 @@
## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }} ## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }}
server { server {
include http; include http;
server_name {{ vhost_name }}; server_name {{ vhost_name }};
return 301 https://$server_name$request_uri; return 301 https://$server_name$request_uri;
} }
server { server {
include https; include https;
server_name {{ vhost_name }}; server_name {{ vhost_name }};
root {{ root_dir }}; root {{ root_dir }};
index index.php index.html; index index.php index.html;
{%- for key,value in headers.items() %} {%- for key,value in headers.items() %}
add_header {{ key }} "{{ value }}"; add_header {{ key }} "{{ value }}";
{%- endfor %} {%- endfor %}
location ~ /(conf|bin|inc)/ { location ~ /(conf|bin|inc)/ {
@ -26,10 +26,10 @@ server {
} }
location ~ \.php?$ { location ~ \.php?$ {
include fastcgi_params; include fastcgi_params;
fastcgi_pass unix:{{ php_socket_file }}; fastcgi_pass unix:{{ php_socket_file }};
fastcgi_index index.php; fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name; fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
} }
location ~* .(png|ico|gif|jpg|jpeg|css|js|svg)$ { location ~* .(png|ico|gif|jpg|jpeg|css|js|svg)$ {

76
states/nginx/templates/types/nextcloud.j2
View File

@ -1,61 +1,61 @@
## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }} ## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }}
server { server {
include http; include http;
server_name {{ vhost_name }}; server_name {{ vhost_name }};
return 301 https://$server_name$request_uri; return 301 https://$server_name$request_uri;
} }
server { server {
include https; include https;
server_name {{ vhost_name }}; server_name {{ vhost_name }};
root {{ root_dir }}; root {{ root_dir }};
index index.php; index index.php;
error_page 403 /core/templates/403.php; error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php; error_page 404 /core/templates/404.php;
client_max_body_size 4G; client_max_body_size 4G;
fastcgi_buffers 64 4K; fastcgi_buffers 64 4K;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
{%- for key,value in headers.items() %} {%- for key,value in headers.items() %}
add_header {{ key }} "{{ value }}"; add_header {{ key }} "{{ value }}";
{% endfor -%} {% endfor -%}
rewrite ^/caldav(.*)$ https://$server_name/remote.php/dav$1 redirect; rewrite ^/caldav(.*)$ https://$server_name/remote.php/dav$1 redirect;
rewrite ^/carddav(.*)$ https://$server_name/remote.php/dav$1 redirect; rewrite ^/carddav(.*)$ https://$server_name/remote.php/dav$1 redirect;
rewrite ^/webdav(.*)$ https://$server_name/remote.php/webdav$1 redirect; rewrite ^/webdav(.*)$ https://$server_name/remote.php/webdav$1 redirect;
location / { location / {
rewrite ^/caldav(.*)$ https://$server_name/remote.php/dav$1 redirect; rewrite ^/caldav(.*)$ https://$server_name/remote.php/dav$1 redirect;
rewrite ^/carddav(.*)$ https://$server_name/remote.php/dav$1 redirect; rewrite ^/carddav(.*)$ https://$server_name/remote.php/dav$1 redirect;
rewrite ^/webdav(.*)$ https://$server_name/remote.php/webdav$1 redirect; rewrite ^/webdav(.*)$ https://$server_name/remote.php/webdav$1 redirect;
rewrite ^/.well-known/caldav(.*)$ https://$server_name/remote.php/dav$1 redirect; rewrite ^/.well-known/caldav(.*)$ https://$server_name/remote.php/dav$1 redirect;
rewrite ^/.well-known/carddav(.*)$ https://$server_name/remote.php/dav$1 redirect; rewrite ^/.well-known/carddav(.*)$ https://$server_name/remote.php/dav$1 redirect;
rewrite ^/.well-known/webdav(.*)$ https://$server_name/remote.php/webdav$1 redirect; rewrite ^/.well-known/webdav(.*)$ https://$server_name/remote.php/webdav$1 redirect;
rewrite ^/.well-known/host-meta https://$server_name/public.php?service=host-meta last; rewrite ^/.well-known/host-meta https://$server_name/public.php?service=host-meta last;
rewrite ^/.well-known/host-meta.json https://$server_name/public.php?service=host-meta-json last; rewrite ^/.well-known/host-meta.json https://$server_name/public.php?service=host-meta-json last;
rewrite ^/.well-known/webfinger https://$server_name/index.php$uri last; rewrite ^/.well-known/webfinger https://$server_name/index.php$uri last;
rewrite ^/.well-known/nodeinfo https://$server_name/index.php$uri last; rewrite ^/.well-known/nodeinfo https://$server_name/index.php$uri last;
rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;
try_files $uri $uri/ index.php; try_files $uri $uri/ index.php;
} }
location = /robots.txt { location = /robots.txt {
allow all; allow all;
log_not_found off; log_not_found off;
access_log off; access_log off;
} }
location ~ ^/(data|config|\.ht|db_structure\.xml|README) { location ~ ^/(data|config|\.ht|db_structure\.xml|README) {
deny all; deny all;
} }
location ~ ^(.+?\.php)(/.*)?$ { location ~ ^(.+?\.php)(/.*)?$ {
include fastcgi_params; include fastcgi_params;
fastcgi_pass unix:{{ php_socket_file }}; fastcgi_pass unix:{{ php_socket_file }};
fastcgi_index index.php; fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name; fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_split_path_info ^(.+\.php)(/.+)$;
try_files $1 =404; try_files $1 =404;
} }
location ~* .(png|ico|gif|jpg|jpeg|css|mjs|js|svg)$ { location ~* .(png|ico|gif|jpg|jpeg|css|mjs|js|svg)$ {

26
states/nginx/templates/types/rainloop.j2
View File

@ -1,24 +1,24 @@
## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }} ## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }}
server { server {
include http; include http;
server_name {{ vhost_name }}; server_name {{ vhost_name }};
return 301 https://$server_name$request_uri; return 301 https://$server_name$request_uri;
} }
server { server {
include https; include https;
server_name {{ vhost_name }}; server_name {{ vhost_name }};
root {{ root_dir }}; root {{ root_dir }};
index index.php index.html; index index.php index.html;
{%- for key,value in headers.items() %} {%- for key,value in headers.items() %}
add_header {{ key }} "{{ value }}"; add_header {{ key }} "{{ value }}";
{%- endfor %} {%- endfor %}
location ~ /(conf|bin|inc)/ { location ~ /(conf|bin|inc)/ {
deny all; deny all;
} }
location ~ /data/ { location ~ /data/ {
@ -26,10 +26,10 @@ server {
} }
location ~ \.php?$ { location ~ \.php?$ {
include fastcgi_params; include fastcgi_params;
fastcgi_pass unix:{{ php_socket_file }}; fastcgi_pass unix:{{ php_socket_file }};
fastcgi_index index.php; fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name; fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
} }
location ~* .(png|ico|gif|jpg|jpeg|css|js|svg)$ { location ~* .(png|ico|gif|jpg|jpeg|css|js|svg)$ {

38
states/nginx/templates/types/simple.j2
View File

@ -1,16 +1,16 @@
## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }} ## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }}
server { server {
include http; include http;
server_name {{ vhost_name }}{% for i in sub %} {{ "%s.%s"|format(i,vhost_name) }} {% endfor %}; server_name {{ vhost_name }}{% for i in sub %} {{ "%s.%s"|format(i,vhost_name) }} {% endfor %};
return 301 https://$server_name$request_uri; return 301 https://$server_name$request_uri;
} }
server { server {
include https; include https;
server_name {{ vhost_name }}{% for i in sub %} {{ "%s.%s"|format(i,vhost_name) }} {% endfor %}; server_name {{ vhost_name }}{% for i in sub %} {{ "%s.%s"|format(i,vhost_name) }} {% endfor %};
{%- if not proxy %} {%- if not proxy %}
root "{{ root_dir }}"; root "{{ root_dir }}";
{%- endif %} {%- endif %}
set $auth "Restricted Area"; set $auth "Restricted Area";
@ -24,40 +24,40 @@ server {
set $auth "off"; set $auth "off";
} }
{%- if auth %} {%- if auth %}
auth_basic $auth; auth_basic $auth;
auth_basic_user_file {{ config_dir }}/auth/htpasswd; auth_basic_user_file {{ config_dir }}/auth/htpasswd;
{%- endif %} {%- endif %}
{%- for key,value in headers.items() %} {%- for key,value in headers.items() %}
add_header {{ key }} "{{ value }}"; add_header {{ key }} "{{ value }}";
{%- endfor %} {%- endfor %}
location / { location / {
{%- if proxy %} {%- if proxy %}
proxy_pass {{ proxy_pass }}; proxy_pass {{ proxy_pass }};
{%- if not cache %} {%- if not cache %}
proxy_no_cache 1; proxy_no_cache 1;
proxy_cache_bypass 1; proxy_cache_bypass 1;
{%- endif %} {%- endif %}
{%- endif %} {%- endif %}
{%- if autoindex %} {%- if autoindex %}
autoindex on; autoindex on;
autoindex_localtime on; autoindex_localtime on;
autoindex_exact_size on; autoindex_exact_size on;
{%- else %} {%- else %}
index index.html; index index.html;
{% endif %} {%- endif %}
{% if webdav %} {%- if webdav %}
dav_methods PUT DELETE MKCOL COPY MOVE; dav_methods PUT DELETE MKCOL COPY MOVE;
dav_ext_methods PROPFIND OPTIONS; dav_ext_methods PROPFIND OPTIONS;
dav_access user:rw group:r all:r; dav_access user:rw group:r all:r;
create_full_put_path on; create_full_put_path on;
{% endif %} {%- endif %}
} }
{%- for dir in dirs %} {%- for dir in dirs %}
location {{ dir.name }} { location {{ dir.name }} {
alias {{ dir.alias }}; alias {{ dir.alias }};
location ~* .(png|ico|gif|jpg|jpeg|css|js|svg)$ { location ~* .(png|ico|gif|jpg|jpeg|css|js|svg)$ {
expires 2d; expires 2d;

24
states/nginx/templates/types/zabbix.j2
View File

@ -1,20 +1,20 @@
## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }} ## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }}
server { server {
include http; include http;
server_name {{ vhost_name }}; server_name {{ vhost_name }};
return 301 https://$server_name$request_uri; return 301 https://$server_name$request_uri;
} }
server { server {
include https; include https;
server_name {{ vhost_name }}; server_name {{ vhost_name }};
root {{ root_dir }}; root {{ root_dir }};
index index.php index.html; index index.php index.html;
{%- for key,value in headers.items() %} {%- for key,value in headers.items() %}
add_header {{ key }} "{{ value }}"; add_header {{ key }} "{{ value }}";
{%- endfor %} {%- endfor %}
location ~ setup.php$ { location ~ setup.php$ {
@ -22,10 +22,10 @@ server {
} }
location ~ \.php?$ { location ~ \.php?$ {
include fastcgi_params; include fastcgi_params;
fastcgi_pass unix:{{ php_socket_file }}; fastcgi_pass unix:{{ php_socket_file }};
fastcgi_index index.php; fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name; fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
} }
location ~* .(png|ico|gif|jpg|jpeg|css|js|svg)$ { location ~* .(png|ico|gif|jpg|jpeg|css|js|svg)$ {