scripts/nginx_config_maker/model.php-website.mjs

186 lines
4.6 KiB
JavaScript
Raw Normal View History

2023-06-12 23:41:37 +02:00
/**
* turns a domain config to two config files for nginx web sever on proxmox and its container
* @param domainConfig
2023-06-27 13:22:03 +02:00
* @returns {{homeNginxConf: string, containerNginxConf: string, noContainerNginxConf: string}}
2023-06-12 23:41:37 +02:00
*/
export function makeHostFileForPhpPages (domainConfig) {
2023-06-27 10:28:46 +02:00
let domainWithoutWWW = domainConfig.domain;
if(domainConfig.domain.includes('www.')){
domainWithoutWWW = domainConfig.domain.replace('www.', '')
}
2023-06-27 13:22:03 +02:00
let certbotChallengeAcmeRedirect = `
\tlocation ^~ /.well-known/acme-challenge/ {
\t\tallow all;
\t\troot /var/lib/letsencrypt/;
\t\tdefault_type "text/plain";
\t\ttry_files $uri =404;
\t}
`;
2023-06-27 10:28:46 +02:00
2023-06-27 13:22:03 +02:00
let redirectToNoWWW = domainConfig.redirectToNoWWW | false;
2023-06-27 10:28:46 +02:00
let redirectToNoWWWConf = `
2023-06-27 13:22:03 +02:00
\tserver {
\t\t# redirect from www to non-www
\t\tserver_name ${domainConfig.domain};
\t\tlisten 80 http2;
\t\treturn 301 https://${domainWithoutWWW}$request_uri;
\t}
2023-06-27 10:28:46 +02:00
`;
2023-06-27 13:22:03 +02:00
let redirectToWWW = domainConfig.redirectToWWW | true;
2023-06-27 10:28:46 +02:00
let redirectToWWWConf = `
2023-06-27 13:22:03 +02:00
\tserver {
\t\t# redirect from non-www to www
\t\tserver_name ${domainWithoutWWW};
\t\tlisten 80 http2;
2023-06-27 15:01:54 +02:00
${certbotChallengeAcmeRedirect}
\t\treturn 301 http://${domainConfig.domain}$request_uri;
2023-06-27 13:22:03 +02:00
\t}
2023-06-27 10:28:46 +02:00
`;
2023-06-27 13:22:03 +02:00
let redirectToHTTPS = domainConfig.redirectToNoHTTPS | true;
2023-06-27 10:28:46 +02:00
let redirectToHTTPSConf = `
2023-06-27 13:22:03 +02:00
\tserver {
\t\t# redirect to https from http no WWW
\t\tserver_name ${domainWithoutWWW};
\t\tlisten 80 http2;
\t\t# return 301 https://${domainWithoutWWW}$request_uri;
\t}
`;
2023-06-27 13:46:47 +02:00
if(redirectToWWW && redirectToHTTPS && !domainConfig.disableSSL){
2023-06-27 13:22:03 +02:00
redirectToWWWConf += `\tserver {
\t\t\t\t# redirect from www to HTTPS too
2023-06-27 10:28:46 +02:00
server_name ${domainConfig.domain};
listen 80 http2;
return 301 https://${domainConfig.domain}$request_uri;
2023-06-27 13:22:03 +02:00
}`
}
2023-06-27 13:46:47 +02:00
let phpHandler = `
upstream php-handler {
server 127.0.0.1:9001;
}
`;
2023-06-27 13:22:03 +02:00
let hostingFileAccess = `
# ----------- hosting file config ----------------
root /home/www/${domainConfig.domain};
index index.php index.html;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \\.php$ {
include fastcgi.conf;
fastcgi_intercept_errors on;
fastcgi_pass php-handler;
}
location ~* \\.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
}
add_header Permissions-Policy "interest-cohort=()";
include /etc/nginx/snippets/letsencrypt-acme-challenge.conf;
`;
2023-06-27 13:46:47 +02:00
let secureAccess = `listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name ${domainConfig.domain};
ssl_certificate /etc/letsencrypt/live/${domainConfig.domain}-0001/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${domainConfig.domain}-0001/privkey.pem;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";`
;
if(domainConfig.disableSSL){
secureAccess = `
# ---------- SSL is disabled -----------------
listen 443 http2;
listen [::]:443 http2;
server_name ${domainConfig.domain};
`
;
}
2023-06-27 10:28:46 +02:00
2023-06-12 23:41:37 +02:00
/**
2023-06-27 13:22:03 +02:00
*
* @type {{homeNginxConf: string, containerNginxConf: string, noContainerNginxConf: string}}
2023-06-12 23:41:37 +02:00
*/
const model = {
2023-06-27 13:22:03 +02:00
noContainerNginxConf: `
2023-06-27 13:46:47 +02:00
# ============ ${domainConfig.name} ===============
${phpHandler}
2023-06-27 13:22:03 +02:00
${redirectToNoWWW ? redirectToNoWWWConf : '' }
${redirectToWWW ? redirectToWWWConf : '' }
server {
2023-06-27 13:46:47 +02:00
${secureAccess}
2023-06-27 13:22:03 +02:00
${hostingFileAccess}
2023-06-27 13:46:47 +02:00
2023-06-27 13:22:03 +02:00
}
`,
2023-06-12 23:41:37 +02:00
homeNginxConf: `
# ============ ${domainConfig.name} ===============
2023-06-27 10:28:46 +02:00
${redirectToNoWWW ? redirectToNoWWWConf : '' }
${redirectToWWW ? redirectToWWWConf : '' }
${redirectToHTTPS ? redirectToHTTPSConf : '' }
2023-06-12 23:41:37 +02:00
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name ${domainConfig.domain};
ssl_certificate /etc/letsencrypt/live/${domainConfig.domain}-0001/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${domainConfig.domain}-0001/privkey.pem;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
2023-06-27 13:22:03 +02:00
${hostingFileAccess}
2023-06-12 23:41:37 +02:00
}
`,
containerNginxConf: `
# ============ ${domainConfig.name} | côté conteneur LXC ===============
server {
if ($host = ${domainConfig.domain}) {
return 301 https://$host$request_uri;
}
listen 80 ;
listen [::]:80 ;
server_name ${domainConfig.domain};
2023-06-27 13:22:03 +02:00
${hostingFileAccess}
2023-06-12 23:41:37 +02:00
}
# ========================== ${domainConfig.name} | fin ================ #
`
}
return model
}