scripts/nginx_config_maker/model.php-website.mjs

/**
 * turns a domain config to two config files for nginx web sever on proxmox and its container
 * @param domainConfig
 * @returns {{homeNginxConf: string, containerNginxConf: string, noContainerNginxConf: string}}
 */
export function makeHostFileForPhpPages (domainConfig) {

	let domainWithoutWWW = domainConfig.domain;
	if(domainConfig.domain.includes('www.')){
		domainWithoutWWW = domainConfig.domain.replace('www.', '')
	}
	let certbotChallengeAcmeRedirect = `
\tlocation ^~ /.well-known/acme-challenge/ {
\t\tallow all;
\t\troot /var/lib/letsencrypt/;
\t\tdefault_type "text/plain";
\t\ttry_files $uri =404;
\t}
`;

	let redirectToNoWWW = domainConfig.redirectToNoWWW | false;
	let redirectToNoWWWConf = `
\tserver {
\t\t# redirect from www to non-www
\t\tserver_name ${domainConfig.domain};
\t\tlisten 80 http2;
\t\treturn 301 https://${domainWithoutWWW}$request_uri;
\t}
`;

	let redirectToWWW =  domainConfig.redirectToWWW | true;
	let redirectToWWWConf = `
\tserver {
\t\t# redirect from non-www to www
\t\tserver_name ${domainWithoutWWW};
\t\tlisten 80 http2;
${certbotChallengeAcmeRedirect}
\t\treturn 301 http://${domainConfig.domain}$request_uri;
\t}
`;

	let redirectToHTTPS =  domainConfig.redirectToNoHTTPS | true;
	let redirectToHTTPSConf = `
\tserver {
\t\t# redirect to https from http no WWW
\t\tserver_name ${domainWithoutWWW};
\t\tlisten 80 http2;


\t\t# return 301 https://${domainWithoutWWW}$request_uri;
\t}
`;
	if(redirectToWWW && redirectToHTTPS && !domainConfig.disableSSL){
		redirectToWWWConf += `\tserver {
\t\t\t\t# redirect from www to HTTPS too
        server_name ${domainConfig.domain};
        listen 80 http2;
        return 301 https://${domainConfig.domain}$request_uri;
}`
	}

	let phpHandler = `
upstream php-handler {
    server 127.0.0.1:9001;
}
	`;
	let hostingFileAccess = `
	# ----------- hosting file config ----------------
	
				root /home/www/${domainConfig.domain};
				
				index index.php index.html;
				
				location = /favicon.ico {
					log_not_found off;
					access_log off;
				}
				
				location = /robots.txt {
					allow all;
					log_not_found off;
					access_log off;
				}

        location / {
                try_files $uri $uri/ /index.php?$args;
        }

        location ~ \\.php$ {
                include fastcgi.conf;
                fastcgi_intercept_errors on;
                fastcgi_pass php-handler;
        }

        location ~* \\.(js|css|png|jpg|jpeg|gif|ico)$ {
                expires max;
                log_not_found off;
        } 

        add_header Permissions-Policy "interest-cohort=()";
        
        include /etc/nginx/snippets/letsencrypt-acme-challenge.conf;
        `;

	let secureAccess = `
	server {
				listen 443 ssl http2;
        listen [::]:443 ssl http2;

        server_name ${domainConfig.domain};
        ssl_certificate /etc/letsencrypt/live/${domainConfig.domain}-0001/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/${domainConfig.domain}-0001/privkey.pem;
        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
      
}
`
	;
	if(domainConfig.disableSSL){
		secureAccess = `
			
        # ---------- SSL is disabled -----------------
				
        `
		;
	}

	/**
	 *
	 * @type {{homeNginxConf: string, containerNginxConf: string, noContainerNginxConf: string}}
	 */
	const model = {

		noContainerNginxConf: `
# ============ ${domainConfig.name} ===============

${phpHandler}

${redirectToNoWWW ? redirectToNoWWWConf : '' }

${redirectToWWW ? redirectToWWWConf : '' }


server {
				${secureAccess}
        ${hostingFileAccess}
        
}
		 `,
		homeNginxConf: `
# ============ ${domainConfig.name} ===============

${redirectToNoWWW ? redirectToNoWWWConf : '' }

${redirectToWWW ? redirectToWWWConf : '' }

${redirectToHTTPS ? redirectToHTTPSConf : '' }
${ secureAccess }

`,
		containerNginxConf: `
		# ============ ${domainConfig.name} | côté conteneur LXC ===============
		server {
    if ($host = ${domainConfig.domain}) {
        return 301 https://$host$request_uri;
    }


    listen 80 ;
    listen [::]:80 ;
    server_name ${domainConfig.domain};

    ${hostingFileAccess}

} 
# ========================== ${domainConfig.name} | fin ================ #
		`
	}
	return model
}