This commit is contained in:
parent
813f71d99d
commit
f38d9b8edc
@ -1,6 +1,5 @@
|
|||||||
---
|
---
|
||||||
{%- from "nginx/map.jinja" import nginx with context -%}
|
{%- from "nginx/map.jinja" import nginx with context -%}
|
||||||
|
|
||||||
{%- for configfile in nginx.config.files %}
|
{%- for configfile in nginx.config.files %}
|
||||||
nginx-config-{{ configfile }}:
|
nginx-config-{{ configfile }}:
|
||||||
file.managed:
|
file.managed:
|
||||||
@ -17,6 +16,13 @@ nginx-config-{{ configfile }}:
|
|||||||
# - sls: acme.*
|
# - sls: acme.*
|
||||||
{%- endfor %}
|
{%- endfor %}
|
||||||
|
|
||||||
|
nginx-default-index-file:
|
||||||
|
file.managed:
|
||||||
|
- name: /var/www/html/index.html
|
||||||
|
- user: root
|
||||||
|
- group: root
|
||||||
|
- contents: "<html><head></head><body></body></html>"
|
||||||
|
|
||||||
nginx-config-wipe-default:
|
nginx-config-wipe-default:
|
||||||
file.absent:
|
file.absent:
|
||||||
- name: /etc/nginx/sites-enabled/default
|
- name: /etc/nginx/sites-enabled/default
|
||||||
@ -31,10 +37,10 @@ nginx-config-dir-{{ subdir }}:
|
|||||||
- service: nginx-service
|
- service: nginx-service
|
||||||
{%- endfor %}
|
{%- endfor %}
|
||||||
|
|
||||||
{%- for key, vhost in nginx.vhosts.items() %}
|
{%- for name, vhost in nginx.vhosts.items() %}
|
||||||
nginx-sites-available-{{ key }}:
|
nginx-sites-available-{{ name }}:
|
||||||
file.managed:
|
file.managed:
|
||||||
- name: {{ nginx.config.dir }}/sites-available/{{ key }}
|
- name: {{ nginx.config.dir }}/sites-available/{{ name }}
|
||||||
- source: salt://nginx/templates/types/{{ vhost.type }}.j2
|
- source: salt://nginx/templates/types/{{ vhost.type }}.j2
|
||||||
- template: jinja
|
- template: jinja
|
||||||
- user: {{ nginx.config.user }}
|
- user: {{ nginx.config.user }}
|
||||||
@ -45,7 +51,8 @@ nginx-sites-available-{{ key }}:
|
|||||||
- watch_in:
|
- watch_in:
|
||||||
- service: nginx-service
|
- service: nginx-service
|
||||||
- context:
|
- context:
|
||||||
vhost_name: {{ vhost.name }}
|
vhost_name: {{ name }}
|
||||||
|
sub: {{ vhost.sub|default([]) }}
|
||||||
config_dir: {{ nginx.config.dir }}
|
config_dir: {{ nginx.config.dir }}
|
||||||
https: {{ vhost.https|default(true) }}
|
https: {{ vhost.https|default(true) }}
|
||||||
proxy: {{ vhost.proxy|default(false) }}
|
proxy: {{ vhost.proxy|default(false) }}
|
||||||
@ -60,17 +67,17 @@ nginx-sites-available-{{ key }}:
|
|||||||
php_socket_file: {{ nginx.config.php_socket_file }}
|
php_socket_file: {{ nginx.config.php_socket_file }}
|
||||||
geoip: {{ nginx.config.geoip }}
|
geoip: {{ nginx.config.geoip }}
|
||||||
|
|
||||||
nginx-site-enabled-{{ key }}:
|
nginx-site-enabled-{{ name }}:
|
||||||
file.symlink:
|
file.symlink:
|
||||||
- name: {{ nginx.config.dir }}/sites-enabled/{{ key }}
|
- name: {{ nginx.config.dir }}/sites-enabled/{{ name }}
|
||||||
- target: {{ nginx.config.dir }}/sites-available/{{ key }}
|
- target: {{ nginx.config.dir }}/sites-available/{{ name }}
|
||||||
- template: jinja
|
- template: jinja
|
||||||
- user: {{ nginx.config.user }}
|
- user: {{ nginx.config.user }}
|
||||||
- group: {{ nginx.config.group }}
|
- group: {{ nginx.config.group }}
|
||||||
- require:
|
- require:
|
||||||
- file: nginx-config-dir-sites-available
|
- file: nginx-config-dir-sites-available
|
||||||
- file: nginx-config-dir-sites-enabled
|
- file: nginx-config-dir-sites-enabled
|
||||||
- nginx-sites-available-{{ key }}
|
- nginx-sites-available-{{ name }}
|
||||||
- watch_in:
|
- watch_in:
|
||||||
- service: nginx-service
|
- service: nginx-service
|
||||||
{%- endfor %}
|
{%- endfor %}
|
||||||
|
@ -71,6 +71,10 @@ http {
|
|||||||
root /var/www/html;
|
root /var/www/html;
|
||||||
index index.html;
|
index index.html;
|
||||||
|
|
||||||
|
real_ip_header X-Forwarded-For;
|
||||||
|
set_real_ip_from 127.0.0.1;
|
||||||
|
set_real_ip_from ::1;
|
||||||
|
|
||||||
location /status {
|
location /status {
|
||||||
stub_status on;
|
stub_status on;
|
||||||
access_log off;
|
access_log off;
|
||||||
|
@ -2,7 +2,7 @@
|
|||||||
|
|
||||||
server {
|
server {
|
||||||
include http;
|
include http;
|
||||||
server_name {{ vhost_name }};
|
server_name {{ vhost_name }}{% for i in sub %} {{ "%s.%s"|format(i,vhost_name) }} {% endfor %};
|
||||||
return 301 https://$server_name$request_uri;
|
return 301 https://$server_name$request_uri;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -14,7 +14,7 @@ server {
|
|||||||
return 403;
|
return 403;
|
||||||
}
|
}
|
||||||
{%- endif %}
|
{%- endif %}
|
||||||
server_name {{ vhost_name }};
|
server_name {{ vhost_name }}{% for i in sub %} {{ "%s.%s"|format(i,vhost_name) }} {% endfor %};
|
||||||
{%- if not proxy %}
|
{%- if not proxy %}
|
||||||
root "{{ root_dir }}";
|
root "{{ root_dir }}";
|
||||||
{%- endif %}
|
{%- endif %}
|
||||||
@ -38,8 +38,8 @@ server {
|
|||||||
index index.html index.rss;
|
index index.html index.rss;
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{%- if auth %}
|
{%- if auth %}
|
||||||
auth_basic "Restricted area";
|
auth_basic "Restricted area";
|
||||||
auth_basic_user_file {{ config_dir }}/auth/htpasswd;
|
auth_basic_user_file {{ config_dir }}/auth/htpasswd;
|
||||||
{%- endif %}
|
{%- endif %}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user