|
| 1 | +{{ range $port_map := .PROXY_PORT_MAP | split " " }} |
| 2 | +{{ $port_map_list := $port_map | split ":" }} |
| 3 | +{{ $scheme := index $port_map_list 0 }} |
| 4 | +{{ $listen_port := index $port_map_list 1 }} |
| 5 | +{{ $upstream_port := index $port_map_list 2 }} |
| 6 | + |
| 7 | +{{ if eq $scheme "http" }} |
| 8 | +server { |
| 9 | + listen [::]:{{ $listen_port }}; |
| 10 | + listen {{ $listen_port }}; |
| 11 | + {{ if $.NOSSL_SERVER_NAME }}server_name {{ $.NOSSL_SERVER_NAME }}; {{ end }} |
| 12 | + access_log /var/log/nginx/{{ $.APP }}-access.log; |
| 13 | + error_log /var/log/nginx/{{ $.APP }}-error.log; |
| 14 | +{{ if (and (eq $listen_port "80") ($.SSL_INUSE)) }} |
| 15 | + return 301 https://$host:{{ $.NGINX_SSL_PORT }}$request_uri; |
| 16 | +{{ else }} |
| 17 | + location / { |
| 18 | + |
| 19 | + gzip on; |
| 20 | + gzip_min_length 1100; |
| 21 | + gzip_buffers 4 32k; |
| 22 | + gzip_types text/css text/javascript text/xml text/plain text/x-component application/javascript application/x-javascript application/json application/xml application/rss+xml font/truetype application/x-font-ttf font/opentype application/vnd.ms-fontobject image/svg+xml; |
| 23 | + gzip_vary on; |
| 24 | + gzip_comp_level 6; |
| 25 | + |
| 26 | + ## Start CORS here. |
| 27 | + if ($request_method = 'GET') { |
| 28 | + add_header 'Access-Control-Allow-Origin' '*'; |
| 29 | + add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; |
| 30 | + add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range'; |
| 31 | + add_header 'Access-Control-Expose-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range'; |
| 32 | + } |
| 33 | + |
| 34 | + ##End CORS |
| 35 | + |
| 36 | + proxy_pass http://{{ $.APP }}-{{ $upstream_port }}; |
| 37 | + proxy_http_version 1.1; |
| 38 | + proxy_set_header Upgrade $http_upgrade; |
| 39 | + proxy_set_header Connection "upgrade"; |
| 40 | + proxy_set_header Host $http_host; |
| 41 | + proxy_set_header X-Forwarded-Proto $scheme; |
| 42 | + proxy_set_header X-Forwarded-For $remote_addr; |
| 43 | + proxy_set_header X-Forwarded-Port $server_port; |
| 44 | + proxy_set_header X-Request-Start $msec; |
| 45 | + } |
| 46 | + include {{ $.DOKKU_ROOT }}/{{ $.APP }}/nginx.conf.d/*.conf; |
| 47 | + |
| 48 | + |
| 49 | +{{ end }} |
| 50 | +} |
| 51 | +{{ else if eq $scheme "https"}} |
| 52 | +server { |
| 53 | + listen [::]:{{ $listen_port }} ssl {{ if eq $.HTTP2_SUPPORTED "true" }}http2{{ else if eq $.SPDY_SUPPORTED "true" }}spdy{{ end }}; |
| 54 | + listen {{ $listen_port }} ssl {{ if eq $.HTTP2_SUPPORTED "true" }}http2{{ else if eq $.SPDY_SUPPORTED "true" }}spdy{{ end }}; |
| 55 | + {{ if $.SSL_SERVER_NAME }}server_name {{ $.SSL_SERVER_NAME }}; {{ end }} |
| 56 | + {{ if $.NOSSL_SERVER_NAME }}server_name {{ $.NOSSL_SERVER_NAME }}; {{ end }} |
| 57 | + access_log /var/log/nginx/{{ $.APP }}-access.log; |
| 58 | + error_log /var/log/nginx/{{ $.APP }}-error.log; |
| 59 | + |
| 60 | + ssl_certificate {{ $.APP_SSL_PATH }}/server.crt; |
| 61 | + ssl_certificate_key {{ $.APP_SSL_PATH }}/server.key; |
| 62 | + ssl_protocols TLSv1.2; |
| 63 | + ssl_prefer_server_ciphers on; |
| 64 | + |
| 65 | + keepalive_timeout 70; |
| 66 | + {{ if and (eq $.SPDY_SUPPORTED "true") (ne $.HTTP2_SUPPORTED "true") }}add_header Alternate-Protocol {{ $.NGINX_SSL_PORT }}:npn-spdy/2;{{ end }} |
| 67 | + |
| 68 | + location / { |
| 69 | + |
| 70 | + gzip on; |
| 71 | + gzip_min_length 1100; |
| 72 | + gzip_buffers 4 32k; |
| 73 | + gzip_types text/css text/javascript text/xml text/plain text/x-component application/javascript application/x-javascript application/json application/xml application/rss+xml font/truetype application/x-font-ttf font/opentype application/vnd.ms-fontobject image/svg+xml; |
| 74 | + gzip_vary on; |
| 75 | + gzip_comp_level 6; |
| 76 | + |
| 77 | + ## Start CORS here. |
| 78 | + if ($request_method = 'GET') { |
| 79 | + add_header 'Access-Control-Allow-Origin' '*'; |
| 80 | + add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; |
| 81 | + add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range'; |
| 82 | + add_header 'Access-Control-Expose-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range'; |
| 83 | + } |
| 84 | + |
| 85 | + ##End CORS |
| 86 | + |
| 87 | + proxy_pass http://{{ $.APP }}-{{ $upstream_port }}; |
| 88 | + proxy_http_version 1.1; |
| 89 | + proxy_set_header Upgrade $http_upgrade; |
| 90 | + proxy_set_header Connection "upgrade"; |
| 91 | + proxy_set_header Host $http_host; |
| 92 | + proxy_set_header X-Forwarded-Proto $scheme; |
| 93 | + proxy_set_header X-Forwarded-For $remote_addr; |
| 94 | + proxy_set_header X-Forwarded-Port $server_port; |
| 95 | + proxy_set_header X-Request-Start $msec; |
| 96 | + } |
| 97 | + include {{ $.DOKKU_ROOT }}/{{ $.APP }}/nginx.conf.d/*.conf; |
| 98 | + |
| 99 | +} |
| 100 | +{{ end }}{{ end }} |
| 101 | + |
| 102 | +{{ if $.DOKKU_APP_LISTENERS }} |
| 103 | +{{ range $upstream_port := $.PROXY_UPSTREAM_PORTS | split " " }} |
| 104 | +upstream {{ $.APP }}-{{ $upstream_port }} { |
| 105 | +{{ range $listeners := $.DOKKU_APP_LISTENERS | split " " }} |
| 106 | +{{ $listener_list := $listeners | split ":" }} |
| 107 | +{{ $listener_ip := index $listener_list 0 }} |
| 108 | +{{ $listener_port := index $listener_list 1 }} |
| 109 | + server {{ $listener_ip }}:{{ $listener_port }};{{ end }} |
| 110 | +} |
| 111 | +{{ end }}{{ end }} |
0 commit comments