/** * turns a domain config to two config files for nginx web sever on proxmox and its container * @param domainConfig * @returns {{homeNginxConf: string, containerNginxConf: string, noContainerNginxConf: string}} */ export function makeHostFileForPhpPages (domainConfig) { let domainWithoutWWW = domainConfig.domain; if(domainConfig.domain.includes('www.')){ domainWithoutWWW = domainConfig.domain.replace('www.', '') } let certbotChallengeAcmeRedirect = ` \tlocation ^~ /.well-known/acme-challenge/ { \t\tallow all; \t\troot /var/lib/letsencrypt/; \t\tdefault_type "text/plain"; \t\ttry_files $uri =404; \t} `; let redirectToNoWWW = domainConfig.redirectToNoWWW | false; let redirectToNoWWWConf = ` \tserver { \t\t# redirect from www to non-www \t\tserver_name ${domainConfig.domain}; \t\t listen 80; \t\treturn 301 https://${domainWithoutWWW}$request_uri; \t} `; let redirectToWWW = domainConfig.redirectToWWW | true; let redirectToWWWConf = ` \tserver { \t\t# redirect from non-www to www \t\tserver_name ${domainWithoutWWW}; \t\t listen 80; ${certbotChallengeAcmeRedirect} \t\treturn 301 http://${domainConfig.domain}$request_uri; \t} `; let redirectToHTTPS = domainConfig.redirectToNoHTTPS | true; let redirectToHTTPSConf = ` \tserver { \t\t# redirect to https from http no WWW \t\tserver_name ${domainWithoutWWW}; \t\t listen 80; \t\t# return 301 https://${domainWithoutWWW}$request_uri; \t} `; if(redirectToWWW && redirectToHTTPS && !domainConfig.disableSSL){ redirectToWWWConf += `\tserver { \t\t\t\t# redirect from www to HTTPS too server_name ${domainConfig.domain}; listen 80; return 301 https://${domainConfig.domain}$request_uri; }` } let phpHandler = ` upstream php-handler { server 127.0.0.1:9001; } `; let hostingFileAccess = ` # ----------- hosting file config ---------------- root /home/www/${domainConfig.domain}; index index.php index.html; location = /favicon.ico { log_not_found off; access_log off; } location = /robots.txt { allow all; log_not_found off; access_log off; } location / { try_files $uri $uri/ /index.php?$args; } location ~ \\.php$ { include fastcgi.conf; fastcgi_intercept_errors on; fastcgi_pass php-handler; } location ~* \\.(js|css|png|jpg|jpeg|gif|ico)$ { expires max; log_not_found off; } add_header Permissions-Policy "interest-cohort=()"; include /etc/nginx/snippets/letsencrypt-acme-challenge.conf; `; let secureAccess = ` listen 443 ssl http2; listen [::]:443 ssl http2; server_name ${domainConfig.domain}; ssl_certificate /etc/letsencrypt/live/${domainConfig.domain}-0001/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/${domainConfig.domain}-0001/privkey.pem; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"; ` ; if(domainConfig.disableSSL){ secureAccess = ` # ---------- SSL is disabled ----------------- ` ; } /** * * @type {{homeNginxConf: string, containerNginxConf: string, noContainerNginxConf: string}} */ const model = { noContainerNginxConf: ` # ============ ${domainConfig.name} =============== ${phpHandler} ${redirectToNoWWW ? redirectToNoWWWConf : '' } ${redirectToWWW ? redirectToWWWConf : '' } server { ${secureAccess} ${hostingFileAccess} } `, homeNginxConf: ` # ============ ${domainConfig.name} =============== ${redirectToNoWWW ? redirectToNoWWWConf : '' } ${redirectToWWW ? redirectToWWWConf : '' } ${redirectToHTTPS ? redirectToHTTPSConf : '' } ${ secureAccess } `, containerNginxConf: ` # ============ ${domainConfig.name} | côté conteneur LXC =============== server { if ($host = ${domainConfig.domain}) { return 301 https://$host$request_uri; } listen 80 ; listen [::]:80 ; server_name ${domainConfig.domain}; ${hostingFileAccess} } # ========================== ${domainConfig.name} | fin ================ # ` } return model }