| {%- set site = salt['pillar.get']('nginx:server:site:'+site_name) %} |
| |
| server { |
| |
| {%- include "nginx/files/_name.conf" %} |
| {%- include "nginx/files/_ssl.conf" %} |
| |
| {%- if site.get('ssl', {'enabled': False}).get('enabled', False) %} |
| ssl_session_cache shared:SSL:10m; |
| {%- endif %} |
| |
| {%- if site.get('underscores_in_headers', False) %} |
| underscores_in_headers on; |
| {%- endif %} |
| |
| {%- include "nginx/files/_auth.conf" %} |
| |
| location / { |
| proxy_pass {{ site.proxy.protocol }}://{{ site.proxy.host }}:{{ site.proxy.port }}; |
| |
| {%- include "nginx/files/_access_policy.conf" %} |
| |
| {%- if site.proxy.size is defined %} |
| client_max_body_size {{ site.proxy.size }}; |
| {%- if site.proxy.size > 200 %} |
| client_body_buffer_size 200m; |
| {%- else %} |
| client_body_buffer_size 20m; |
| {%- endif %} |
| {%- else %} |
| client_max_body_size 20m; |
| client_body_buffer_size 20m; |
| {% endif %} |
| |
| {%- if site.proxy.timeout is defined %} |
| proxy_connect_timeout {{ site.proxy.timeout }}; |
| proxy_send_timeout {{ site.proxy.timeout }}; |
| proxy_read_timeout {{ site.proxy.timeout }}; |
| send_timeout {{ site.proxy.timeout }}; |
| {%- else %} |
| proxy_connect_timeout 600; |
| proxy_send_timeout 600; |
| proxy_read_timeout 600; |
| send_timeout 600; |
| {%- endif %} |
| |
| {%- if site.proxy.rewrite is defined %} |
| rewrite {{ site.proxy.rewrite }}; |
| {%- endfor %} |
| |
| {%- if site.proxy.filter is defined %} |
| sub_filter '{{ site.proxy.filter.search }}' {% if site.proxy.filter.replace == '$server_addr' %}$server_addr{% else %}'{{ site.proxy.filter.replace }}'{% endif %}; |
| sub_filter_types *; |
| sub_filter_once off; |
| {%- endif %} |
| |
| {%- if site.get('ssl', {'enabled': False}).get('enabled', False) %} |
| proxy_redirect http:// https://; |
| {%- else %} |
| proxy_redirect off; |
| {%- endif %} |
| |
| {%- if site.proxy.buffer is defined %} |
| {%- set buffer_size = site.proxy.buffer.get('size', 16) * 2 %} |
| proxy_buffering on; |
| proxy_buffers {{ site.proxy.buffer.get('number', 8) }} {{ site.proxy.buffer.get('size', 16) }}k; |
| proxy_buffer_size {{ buffer_size }}k; |
| {%- else %} |
| proxy_buffering off; |
| {%- endif %} |
| |
| proxy_http_version 1.1; |
| |
| proxy_set_header Host $host{% if site.host.port is defined and site.host.port not in [80,443] %}:{{ site.host.port }}{% endif %}; |
| proxy_set_header X-Real-IP $remote_addr; |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; |
| proxy_set_header X-Forwarded-Proto $scheme; |
| proxy_set_header X-Forwarded-Host $host{% if site.host.port is defined and site.host.port not in [80,443] %}:{{ site.host.port }}{% endif %}; |
| proxy_set_header X-Forwarded-Server $host; |
| proxy_set_header X-Forwarded-Port $server_port; |
| {%- if site.get('ssl', {'enabled': False}).get('enabled', False) %} |
| add_header Front-End-Https on; |
| {%- endif %} |
| |
| {%- if site.proxy.websocket is defined %} |
| proxy_set_header Upgrade $http_upgrade; |
| proxy_set_header Connection "upgrade"; |
| {%- endif %} |
| |
| } |
| |
| } |