Fabio/nginx-proxy-auto-docker
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

template code formatting

Browse source
This commit is contained in:
atnartur 2018-04-11 22:32:04 +03:00
parent ccbbbeb928
commit 333b5d7497
1 changed files with 252 additions and 252 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

132
nginx.tmpl
View file

@ -48,7 +48,7 @@ server_names_hash_bucket_size 128;
# Default dhparam # Default dhparam
{{ if (exists "/etc/nginx/dhparam/dhparam.pem") }} {{ if (exists "/etc/nginx/dhparam/dhparam.pem") }}
ssl_dhparam /etc/nginx/dhparam/dhparam.pem; ssl_dhparam /etc/nginx/dhparam/dhparam.pem;
{{ end }} {{ end }}
# Set appropriate X-Forwarded-Ssl header # Set appropriate X-Forwarded-Ssl header
@ -66,26 +66,26 @@ log_format vhost '$host $remote_addr - $remote_user [$time_local] '
access_log off; access_log off;
{{ if $.Env.RESOLVERS }} {{ if $.Env.RESOLVERS }}
resolver {{ $.Env.RESOLVERS }}; resolver {{ $.Env.RESOLVERS }};
{{ end }} {{ end }}
{{ if (exists "/etc/nginx/proxy.conf") }} {{ if (exists "/etc/nginx/proxy.conf") }}
include /etc/nginx/proxy.conf; include /etc/nginx/proxy.conf;
{{ else }} {{ else }}
# HTTP 1.1 support # HTTP 1.1 support
proxy_http_version 1.1; proxy_http_version 1.1;
proxy_buffering off; proxy_buffering off;
proxy_set_header Host $http_host; proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade; proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $proxy_connection; proxy_set_header Connection $proxy_connection;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto; proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
proxy_set_header X-Forwarded-Ssl $proxy_x_forwarded_ssl; proxy_set_header X-Forwarded-Ssl $proxy_x_forwarded_ssl;
proxy_set_header X-Forwarded-Port $proxy_x_forwarded_port; proxy_set_header X-Forwarded-Port $proxy_x_forwarded_port;
# Mitigate httpoxy attack (see README for details) # Mitigate httpoxy attack (see README for details)
proxy_set_header Proxy ""; proxy_set_header Proxy "";
{{ end }} {{ end }}
{{ $enable_ipv6 := eq (or ($.Env.ENABLE_IPV6) "") "true" }} {{ $enable_ipv6 := eq (or ($.Env.ENABLE_IPV6) "") "true" }}
@ -100,7 +100,7 @@ server {
} }
{{ if (and (exists "/etc/nginx/certs/default.crt") (exists "/etc/nginx/certs/default.key")) }} {{ if (and (exists "/etc/nginx/certs/default.crt") (exists "/etc/nginx/certs/default.key")) }}
server { server {
server_name _; # This is just an invalid value which will never trigger on a real hostname. server_name _; # This is just an invalid value which will never trigger on a real hostname.
listen 443 ssl http2; listen 443 ssl http2;
{{ if $enable_ipv6 }} {{ if $enable_ipv6 }}
@ -112,19 +112,19 @@ server {
ssl_session_tickets off; ssl_session_tickets off;
ssl_certificate /etc/nginx/certs/default.crt; ssl_certificate /etc/nginx/certs/default.crt;
ssl_certificate_key /etc/nginx/certs/default.key; ssl_certificate_key /etc/nginx/certs/default.key;
} }
{{ end }} {{ end }}
{{ range $host, $containers := groupByMulti $ "Env.VIRTUAL_HOST" "," }} {{ range $host, $containers := groupByMulti $ "Env.VIRTUAL_HOST" "," }}
{{ $host := trim $host }} {{ $host := trim $host }}
{{ $is_regexp := hasPrefix "~" $host }} {{ $is_regexp := hasPrefix "~" $host }}
{{ $upstream_name := when $is_regexp (sha1 $host) $host }} {{ $upstream_name := when $is_regexp (sha1 $host) $host }}
# {{ $host }} # {{ $host }}
upstream {{ $upstream_name }} { upstream {{ $upstream_name }} {
{{ range $container := $containers }} {{ range $container := $containers }}
{{ $addrLen := len $container.Addresses }} {{ $addrLen := len $container.Addresses }}
{{ range $knownNetwork := $CurrentContainer.Networks }} {{ range $knownNetwork := $CurrentContainer.Networks }}
@ -148,50 +148,50 @@ upstream {{ $upstream_name }} {
{{ end }} {{ end }}
{{ end }} {{ end }}
{{ end }} {{ end }}
{{ end }} {{ end }}
} }
{{ $default_host := or ($.Env.DEFAULT_HOST) "" }} {{ $default_host := or ($.Env.DEFAULT_HOST) "" }}
{{ $default_server := index (dict $host "" $default_host "default_server") $host }} {{ $default_server := index (dict $host "" $default_host "default_server") $host }}
{{/* Get the VIRTUAL_PROTO defined by containers w/ the same vhost, falling back to "http" */}} {{/* Get the VIRTUAL_PROTO defined by containers w/ the same vhost, falling back to "http" */}}
{{ $proto := trim (or (first (groupByKeys $containers "Env.VIRTUAL_PROTO")) "http") }} {{ $proto := trim (or (first (groupByKeys $containers "Env.VIRTUAL_PROTO")) "http") }}
{{/* Get the NETWORK_ACCESS defined by containers w/ the same vhost, falling back to "external" */}} {{/* Get the NETWORK_ACCESS defined by containers w/ the same vhost, falling back to "external" */}}
{{ $network_tag := or (first (groupByKeys $containers "Env.NETWORK_ACCESS")) "external" }} {{ $network_tag := or (first (groupByKeys $containers "Env.NETWORK_ACCESS")) "external" }}
{{/* Get the HTTPS_METHOD defined by containers w/ the same vhost, falling back to "redirect" */}} {{/* Get the HTTPS_METHOD defined by containers w/ the same vhost, falling back to "redirect" */}}
{{ $https_method := or (first (groupByKeys $containers "Env.HTTPS_METHOD")) "redirect" }} {{ $https_method := or (first (groupByKeys $containers "Env.HTTPS_METHOD")) "redirect" }}
{{/* Get the SSL_POLICY defined by containers w/ the same vhost, falling back to "Mozilla-Intermediate" */}} {{/* Get the SSL_POLICY defined by containers w/ the same vhost, falling back to "Mozilla-Intermediate" */}}
{{ $ssl_policy := or (first (groupByKeys $containers "Env.SSL_POLICY")) "Mozilla-Intermediate" }} {{ $ssl_policy := or (first (groupByKeys $containers "Env.SSL_POLICY")) "Mozilla-Intermediate" }}
{{/* Get the HSTS defined by containers w/ the same vhost, falling back to "max-age=31536000" */}} {{/* Get the HSTS defined by containers w/ the same vhost, falling back to "max-age=31536000" */}}
{{ $hsts := or (first (groupByKeys $containers "Env.HSTS")) "max-age=31536000" }} {{ $hsts := or (first (groupByKeys $containers "Env.HSTS")) "max-age=31536000" }}
{{/* Get the VIRTUAL_ROOT By containers w/ use fastcgi root */}} {{/* Get the VIRTUAL_ROOT By containers w/ use fastcgi root */}}
{{ $vhost_root := or (first (groupByKeys $containers "Env.VIRTUAL_ROOT")) "/var/www/public" }} {{ $vhost_root := or (first (groupByKeys $containers "Env.VIRTUAL_ROOT")) "/var/www/public" }}
{{/* Get the first cert name defined by containers w/ the same vhost */}} {{/* Get the first cert name defined by containers w/ the same vhost */}}
{{ $certName := (first (groupByKeys $containers "Env.CERT_NAME")) }} {{ $certName := (first (groupByKeys $containers "Env.CERT_NAME")) }}
{{/* Get the best matching cert by name for the vhost. */}} {{/* Get the best matching cert by name for the vhost. */}}
{{ $vhostCert := (closest (dir "/etc/nginx/certs") (printf "%s.crt" $host))}} {{ $vhostCert := (closest (dir "/etc/nginx/certs") (printf "%s.crt" $host))}}
{{/* vhostCert is actually a filename so remove any suffixes since they are added later */}} {{/* vhostCert is actually a filename so remove any suffixes since they are added later */}}
{{ $vhostCert := trimSuffix ".crt" $vhostCert }} {{ $vhostCert := trimSuffix ".crt" $vhostCert }}
{{ $vhostCert := trimSuffix ".key" $vhostCert }} {{ $vhostCert := trimSuffix ".key" $vhostCert }}
{{/* Use the cert specified on the container or fallback to the best vhost match */}} {{/* Use the cert specified on the container or fallback to the best vhost match */}}
{{ $cert := (coalesce $certName $vhostCert) }} {{ $cert := (coalesce $certName $vhostCert) }}
{{ $is_https := (and (ne $https_method "nohttps") (ne $cert "") (exists (printf "/etc/nginx/certs/%s.crt" $cert)) (exists (printf "/etc/nginx/certs/%s.key" $cert))) }} {{ $is_https := (and (ne $https_method "nohttps") (ne $cert "") (exists (printf "/etc/nginx/certs/%s.crt" $cert)) (exists (printf "/etc/nginx/certs/%s.key" $cert))) }}
{{ if $is_https }} {{ if $is_https }}
{{ if eq $https_method "redirect" }} {{ if eq $https_method "redirect" }}
server { server {
server_name {{ $host }}; server_name {{ $host }};
listen 80 {{ $default_server }}; listen 80 {{ $default_server }};
{{ if $enable_ipv6 }} {{ if $enable_ipv6 }}
@ -199,10 +199,10 @@ server {
{{ end }} {{ end }}
access_log /var/log/nginx/access.log vhost; access_log /var/log/nginx/access.log vhost;
return 301 https://$host$request_uri; return 301 https://$host$request_uri;
} }
{{ end }} {{ end }}
server { server {
server_name {{ $host }}; server_name {{ $host }};
listen 443 ssl http2 {{ $default_server }}; listen 443 ssl http2 {{ $default_server }};
{{ if $enable_ipv6 }} {{ if $enable_ipv6 }}
@ -294,13 +294,13 @@ server {
include /etc/nginx/vhost.d/default_location; include /etc/nginx/vhost.d/default_location;
{{ end }} {{ end }}
} }
} }
{{ end }} {{ end }}
{{ if or (not $is_https) (eq $https_method "noredirect") }} {{ if or (not $is_https) (eq $https_method "noredirect") }}
server { server {
server_name {{ $host }}; server_name {{ $host }};
listen 80 {{ $default_server }}; listen 80 {{ $default_server }};
{{ if $enable_ipv6 }} {{ if $enable_ipv6 }}
@ -340,10 +340,10 @@ server {
include /etc/nginx/vhost.d/default_location; include /etc/nginx/vhost.d/default_location;
{{ end }} {{ end }}
} }
} }
{{ if (and (not $is_https) (exists "/etc/nginx/certs/default.crt") (exists "/etc/nginx/certs/default.key")) }} {{ if (and (not $is_https) (exists "/etc/nginx/certs/default.crt") (exists "/etc/nginx/certs/default.key")) }}
server { server {
server_name {{ $host }}; server_name {{ $host }};
listen 443 ssl http2 {{ $default_server }}; listen 443 ssl http2 {{ $default_server }};
{{ if $enable_ipv6 }} {{ if $enable_ipv6 }}
@ -354,8 +354,8 @@ server {
ssl_certificate /etc/nginx/certs/default.crt; ssl_certificate /etc/nginx/certs/default.crt;
ssl_certificate_key /etc/nginx/certs/default.key; ssl_certificate_key /etc/nginx/certs/default.key;
} }
{{ end }} {{ end }}
{{ end }} {{ end }}
{{ end }} {{ end }}