From f38d9b8edc8ad561427a7710025a768335f27c90 Mon Sep 17 00:00:00 2001 From: Paul Lecuq Date: Wed, 4 Jan 2023 21:57:00 +0100 Subject: [PATCH] updated nginx state --- states/nginx/config.sls | 25 ++++++++++++++++--------- states/nginx/templates/nginx.conf.j2 | 4 ++++ states/nginx/templates/types/simple.j2 | 8 ++++---- 3 files changed, 24 insertions(+), 13 deletions(-) diff --git a/states/nginx/config.sls b/states/nginx/config.sls index 93959bb..8605958 100644 --- a/states/nginx/config.sls +++ b/states/nginx/config.sls @@ -1,6 +1,5 @@ --- {%- from "nginx/map.jinja" import nginx with context -%} - {%- for configfile in nginx.config.files %} nginx-config-{{ configfile }}: file.managed: @@ -17,6 +16,13 @@ nginx-config-{{ configfile }}: # - sls: acme.* {%- endfor %} +nginx-default-index-file: + file.managed: + - name: /var/www/html/index.html + - user: root + - group: root + - contents: "" + nginx-config-wipe-default: file.absent: - name: /etc/nginx/sites-enabled/default @@ -31,10 +37,10 @@ nginx-config-dir-{{ subdir }}: - service: nginx-service {%- endfor %} -{%- for key, vhost in nginx.vhosts.items() %} -nginx-sites-available-{{ key }}: +{%- for name, vhost in nginx.vhosts.items() %} +nginx-sites-available-{{ name }}: file.managed: - - name: {{ nginx.config.dir }}/sites-available/{{ key }} + - name: {{ nginx.config.dir }}/sites-available/{{ name }} - source: salt://nginx/templates/types/{{ vhost.type }}.j2 - template: jinja - user: {{ nginx.config.user }} @@ -45,7 +51,8 @@ nginx-sites-available-{{ key }}: - watch_in: - service: nginx-service - context: - vhost_name: {{ vhost.name }} + vhost_name: {{ name }} + sub: {{ vhost.sub|default([]) }} config_dir: {{ nginx.config.dir }} https: {{ vhost.https|default(true) }} proxy: {{ vhost.proxy|default(false) }} @@ -60,17 +67,17 @@ nginx-sites-available-{{ key }}: php_socket_file: {{ nginx.config.php_socket_file }} geoip: {{ nginx.config.geoip }} -nginx-site-enabled-{{ key }}: +nginx-site-enabled-{{ name }}: file.symlink: - - name: {{ nginx.config.dir }}/sites-enabled/{{ key }} - - target: {{ nginx.config.dir }}/sites-available/{{ key }} + - name: {{ nginx.config.dir }}/sites-enabled/{{ name }} + - target: {{ nginx.config.dir }}/sites-available/{{ name }} - template: jinja - user: {{ nginx.config.user }} - group: {{ nginx.config.group }} - require: - file: nginx-config-dir-sites-available - file: nginx-config-dir-sites-enabled - - nginx-sites-available-{{ key }} + - nginx-sites-available-{{ name }} - watch_in: - service: nginx-service {%- endfor %} diff --git a/states/nginx/templates/nginx.conf.j2 b/states/nginx/templates/nginx.conf.j2 index abb7953..7c38b4d 100644 --- a/states/nginx/templates/nginx.conf.j2 +++ b/states/nginx/templates/nginx.conf.j2 @@ -71,6 +71,10 @@ http { root /var/www/html; index index.html; + real_ip_header X-Forwarded-For; + set_real_ip_from 127.0.0.1; + set_real_ip_from ::1; + location /status { stub_status on; access_log off; diff --git a/states/nginx/templates/types/simple.j2 b/states/nginx/templates/types/simple.j2 index 6656a36..b9f7b35 100644 --- a/states/nginx/templates/types/simple.j2 +++ b/states/nginx/templates/types/simple.j2 @@ -2,7 +2,7 @@ server { include http; - server_name {{ vhost_name }}; + server_name {{ vhost_name }}{% for i in sub %} {{ "%s.%s"|format(i,vhost_name) }} {% endfor %}; return 301 https://$server_name$request_uri; } @@ -14,7 +14,7 @@ server { return 403; } {%- endif %} - server_name {{ vhost_name }}; + server_name {{ vhost_name }}{% for i in sub %} {{ "%s.%s"|format(i,vhost_name) }} {% endfor %}; {%- if not proxy %} root "{{ root_dir }}"; {%- endif %} @@ -38,8 +38,8 @@ server { index index.html index.rss; {% endif %} {%- if auth %} - auth_basic "Restricted area"; - auth_basic_user_file {{ config_dir }}/auth/htpasswd; + auth_basic "Restricted area"; + auth_basic_user_file {{ config_dir }}/auth/htpasswd; {%- endif %} }