Merge branch 'develop' into ssl-fix

2019-08-20 20:29:32 -04:00 · 2019-08-20 20:29:32 -04:00 · dfc6d91962
commit dfc6d91962
parent 0d5a232d00 31aa9c9644
6 changed files with 37 additions and 0 deletions
--- a/doc/ADVANCED_NGINX.md
+++ b/doc/ADVANCED_NGINX.md
@ -0,0 +1,17 @@
+## Advanced Nginx Configuration
+
+If you are a more advanced user, you might be itching for extra Nginx customizability.
+
+NPM has the ability to include different custom configuration snippets in different places.
+
+You can add your custom configuration snippet files at `/data/nginx/custom` as follow:
+
+`/data/nginx/custom/root.conf`: Included at the very end of nginx.conf
+`/data/nginx/custom/http.conf`: Included at the end of the main http block
+`/data/nginx/custom/server_proxy.conf`: Included at the end of every proxy server block
+`/data/nginx/custom/server_redirect.conf`: Included at the end of every redirection server block
+`/data/nginx/custom/server_stream.conf`: Included at the end of every stream server block
+`/data/nginx/custom/server_stream_tcp.conf`: Included at the end of every TCP stream server block
+`/data/nginx/custom/server_stream_udp.conf`: Included at the end of every UDP stream server block
+
+Every file is optional.
--- a/rootfs/etc/nginx/conf.d/include/letsencrypt-acme-challenge.conf
+++ b/rootfs/etc/nginx/conf.d/include/letsencrypt-acme-challenge.conf
@ -2,7 +2,10 @@
 # We use ^~ here, so that we don't check other regexes (for speed-up). We actually MUST cancel
 # other regex checks, because in our other config files have regex rule that denies access to files with dotted names.
 location ^~ /.well-known/acme-challenge/ {
+    # Since this is for letsencrypt authentication of a domain and they do not give IP ranges of their infrastructure
+    # we need to open up access by turning off auth and IP ACL for this location.
    auth_basic off;
+    allow all;

    # Set correct content type. According to this:
    # https://community.letsencrypt.org/t/using-the-webroot-domain-verification-method/1445/29
--- a/rootfs/etc/nginx/nginx.conf
+++ b/rootfs/etc/nginx/nginx.conf
@ -76,6 +76,9 @@ http {
  include /data/nginx/redirection_host/*.conf;
  include /data/nginx/dead_host/*.conf;
  include /data/nginx/temp/*.conf;
+
+  # Custom
+  include /data/nginx/custom/http[.]conf;
 }

 stream {
@ -83,3 +86,5 @@ stream {
    include /data/nginx/stream/*.conf;
 }

+# Custom
+include /data/nginx/custom/root[.]conf;
--- a/src/backend/templates/proxy_host.conf
+++ b/src/backend/templates/proxy_host.conf
@ -41,5 +41,7 @@ server {
  }
 {% endif %}

+  # Custom
+  include /data/nginx/custom/server_proxy[.]conf;
 }
 {% endif %}
--- a/src/backend/templates/redirection_host.conf
+++ b/src/backend/templates/redirection_host.conf
@ -25,5 +25,7 @@ server {
  }
 {% endif %}

+  # Custom
+  include /data/nginx/custom/server_redirect[.]conf;
 }
 {% endif %}
--- a/src/backend/templates/stream.conf
+++ b/src/backend/templates/stream.conf
@ -7,12 +7,20 @@
 server {
  listen {{ incoming_port }};
  proxy_pass {{ forward_ip }}:{{ forwarding_port }};
+
+  # Custom
+  include /data/nginx/custom/server_stream[.]conf;
+  include /data/nginx/custom/server_stream_tcp[.]conf;
 }
 {% endif %}
 {% if udp_forwarding == 1 or udp_forwarding == true %}
 server {
  listen {{ incoming_port }} udp;
  proxy_pass {{ forward_ip }}:{{ forwarding_port }};
+
+  # Custom
+  include /data/nginx/custom/server_stream[.]conf;
+  include /data/nginx/custom/server_stream_udp[.]conf;
 }
 {% endif %}
 {% endif %}