diff --git a/nginx_config_maker/README.md b/nginx_config_maker/README.md index 9886f820..3ebd5352 100644 --- a/nginx_config_maker/README.md +++ b/nginx_config_maker/README.md @@ -1,6 +1,9 @@ # Nginx config maker crée une configuration nginx pour des sites web selon certaines préconfigurations +# pile technique +du nodejs pour générer des fichiers de conf nginx, +pour faire marcher des sites web en PHP, avec divers frameworks comme symfony ou wordpress. # utilisation configurer l'objet de conf listant les domaines et leur framework, diff --git a/nginx_config_maker/index.mjs b/nginx_config_maker/index.mjs index 5068a6c7..d909c968 100644 --- a/nginx_config_maker/index.mjs +++ b/nginx_config_maker/index.mjs @@ -6,6 +6,7 @@ import fs from 'node-fs' import { makeHostFileForWordpress } from './model.wordpress.mjs' import { makeHostFileForSymfony } from './model.symfony.mjs' +import { makeHostFileForPhpPages } from './model.php-website' const LXCcontainerLocalIP = '10.10.10.103' const LXCcontainerProtocol = 'https' @@ -109,6 +110,14 @@ const domainsConfig = [{ framework: 'symfony', disableSSL: false, }, + { + LXCcontainerLocalIP, + LXCcontainerProtocol, + name: 'Chaton coussinet', + domain: 'www.coussinet.org', + framework: 'static', + disableSSL: false, + }, ] // autres frameworks: // nextcloud: cloud.tykayn.fr @@ -130,6 +139,9 @@ for (let configDomain of domainsConfig) { if (configDomain.framework === 'symfony') { hostFile = makeHostFileForSymfony(configDomain) } + if (configDomain.framework === 'static') { + hostFile = makeHostFileForPhpPages(configDomain) + } writeFile(configDomain.domain + '_host.conf', hostFile.homeNginxConf) writeFile(configDomain.domain + '_container.conf', hostFile.containerNginxConf) } diff --git a/nginx_config_maker/model.php-website.mjs b/nginx_config_maker/model.php-website.mjs new file mode 100644 index 00000000..0766c470 --- /dev/null +++ b/nginx_config_maker/model.php-website.mjs @@ -0,0 +1,91 @@ +/** + * turns a domain config to two config files for nginx web sever on proxmox and its container + * @param domainConfig + * @returns {{homeNginxConf: string, containerNginxConf: string}} + */ +export function makeHostFileForPhpPages (domainConfig) { + + /** + * @type {{homeNginxConf: string, containerNginxConf: string}} + */ + const model = { + homeNginxConf: ` +# ============ ${domainConfig.name} =============== + +server { + # redirect to https from http + server_name ${domainConfig.domain}; + listen 80 http2; + return 301 https://${domainConfig.domain}$request_uri; +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name ${domainConfig.domain}; + ssl_certificate /etc/letsencrypt/live/${domainConfig.domain}-0001/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/${domainConfig.domain}-0001/privkey.pem; + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"; + + location / { + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Host $http_host; + # Container tksites + proxy_pass ${domainConfig.LXCcontainerProtocol}://${domainConfig.LXCcontainerLocalIP}; + } + + add_header Permissions-Policy "interest-cohort=()"; +} +`, + containerNginxConf: ` + # ============ ${domainConfig.name} | côté conteneur LXC =============== + server { + if ($host = ${domainConfig.domain}) { + return 301 https://$host$request_uri; + } + + + listen 80 ; + listen [::]:80 ; + server_name ${domainConfig.domain}; + + add_header Permissions-Policy "interest-cohort=()"; + + root /home/www/${domainConfig.domain}; + index index.php index.html; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ /index.php?$args; + } + + location ~ \\.php$ { + #NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini + include fastcgi.conf; + fastcgi_intercept_errors on; + fastcgi_pass php-handler; + } + + location ~* \\.(js|css|png|jpg|jpeg|gif|ico)$ { + expires max; + log_not_found off; + } + add_header Permissions-Policy "interest-cohort=()"; + +} +# ========================== ${domainConfig.name} | fin ================ # + ` + } + return model +} \ No newline at end of file diff --git a/nginx_config_maker/model.symfony.mjs b/nginx_config_maker/model.symfony.mjs index c903d5d9..d75f37c0 100644 --- a/nginx_config_maker/model.symfony.mjs +++ b/nginx_config_maker/model.symfony.mjs @@ -7,6 +7,7 @@ export function makeHostFileForSymfony(domainConfig){ const model = { homeNginxConf : ` # ---------------- ${domainConfig.name} ------------------------- +# ---------- un site utilisant Symfony -------------------------- server { server_name ${domainConfig.name}; diff --git a/nginx_config_maker/model.wordpress.mjs b/nginx_config_maker/model.wordpress.mjs index daa74d50..3a7ae685 100644 --- a/nginx_config_maker/model.wordpress.mjs +++ b/nginx_config_maker/model.wordpress.mjs @@ -19,6 +19,7 @@ export function makeHostFileForWordpress (domainConfig) { const model = { homeNginxConf: ` # ============ ${domainConfig.name} =============== +# ---------- un site utilisant Wordpress ---------- server { # redirect to https from http @@ -51,29 +52,10 @@ server { if ($host = ${domainConfig.domain}) { return 301 https://$host$request_uri; } - - listen 80 ; listen [::]:80 ; server_name ${domainConfig.domain}; - # enforce https - return 301 https://$server_name$request_uri; - - add_header Permissions-Policy "interest-cohort=()"; - - -} - -# ==== https | côté conteneur LXC =============== - -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - server_name ${domainConfig.domain}; - - ssl_certificate /etc/letsencrypt/live/${domainConfig.domain}-0001/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/${domainConfig.domain}-0001/privkey.pem; # managed by Certbot - + # Path to the root of your installation root /home/www/tykayn/${domainConfig.domain}/;