tykayn
/
scripts
1
0
Fork 0
Code Issues 1 Pull Requests Projects Releases Wiki Activity
scripts/nginx_config_maker/model.php-website.mjs

186 lines
4.6 KiB
JavaScript
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

/**
* turns a domain config to two config files for nginx web sever on proxmox and its container
* @param domainConfig
* @returns {{homeNginxConf: string, containerNginxConf: string, noContainerNginxConf: string}}
*/
export function makeHostFileForPhpPages (domainConfig) {
let domainWithoutWWW = domainConfig.domain;
if(domainConfig.domain.includes('www.')){
domainWithoutWWW = domainConfig.domain.replace('www.', '')
}
let certbotChallengeAcmeRedirect = `
\tlocation ^~ /.well-known/acme-challenge/ {
\t\tallow all;
\t\troot /var/lib/letsencrypt/;
\t\tdefault_type "text/plain";
\t\ttry_files $uri =404;
\t}
`;
let redirectToNoWWW = domainConfig.redirectToNoWWW | false;
let redirectToNoWWWConf = `
\tserver {
\t\t# redirect from www to non-www
\t\tserver_name ${domainConfig.domain};
\t\tlisten 80 http2;
\t\treturn 301 https://${domainWithoutWWW}$request_uri;
\t}
`;
let redirectToWWW = domainConfig.redirectToWWW | true;
let redirectToWWWConf = `
\tserver {
\t\t# redirect from non-www to www
\t\tserver_name ${domainWithoutWWW};
\t\tlisten 80 http2;
\t\treturn 301 https://${domainConfig.domain}$request_uri;
\t}
`;
let redirectToHTTPS = domainConfig.redirectToNoHTTPS | true;
let redirectToHTTPSConf = `
\tserver {
\t\t# redirect to https from http no WWW
\t\tserver_name ${domainWithoutWWW};
\t\tlisten 80 http2;
${certbotChallengeAcmeRedirect}
\t\t# return 301 https://${domainWithoutWWW}$request_uri;
\t}
`;
if(redirectToWWW && redirectToHTTPS && !domainConfig.disableSSL){
redirectToWWWConf += `\tserver {
\t\t\t\t# redirect from www to HTTPS too
server_name ${domainConfig.domain};
listen 80 http2;
return 301 https://${domainConfig.domain}$request_uri;
}`
}
let phpHandler = `
upstream php-handler {
server 127.0.0.1:9001;
}
`;
let hostingFileAccess = `
# ----------- hosting file config ----------------
root /home/www/${domainConfig.domain};
index index.php index.html;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \\.php$ {
include fastcgi.conf;
fastcgi_intercept_errors on;
fastcgi_pass php-handler;
}
location ~* \\.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
}
add_header Permissions-Policy "interest-cohort=()";
include /etc/nginx/snippets/letsencrypt-acme-challenge.conf;
`;
let secureAccess = `listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name ${domainConfig.domain};
ssl_certificate /etc/letsencrypt/live/${domainConfig.domain}-0001/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${domainConfig.domain}-0001/privkey.pem;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";`
;
if(domainConfig.disableSSL){
secureAccess = `
# ---------- SSL is disabled -----------------
listen 443 http2;
listen [::]:443 http2;
server_name ${domainConfig.domain};
`
;
}
/**
*
* @type {{homeNginxConf: string, containerNginxConf: string, noContainerNginxConf: string}}
*/
const model = {
noContainerNginxConf: `
# ============ ${domainConfig.name} ===============
${phpHandler}
${redirectToNoWWW ? redirectToNoWWWConf : '' }
${redirectToWWW ? redirectToWWWConf : '' }
server {
${secureAccess}
${hostingFileAccess}
}
`,
homeNginxConf: `
# ============ ${domainConfig.name} ===============
${redirectToNoWWW ? redirectToNoWWWConf : '' }
${redirectToWWW ? redirectToWWWConf : '' }
${redirectToHTTPS ? redirectToHTTPSConf : '' }
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name ${domainConfig.domain};
ssl_certificate /etc/letsencrypt/live/${domainConfig.domain}-0001/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${domainConfig.domain}-0001/privkey.pem;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
${hostingFileAccess}
}
`,
containerNginxConf: `
# ============ ${domainConfig.name} | côté conteneur LXC ===============
server {
if ($host = ${domainConfig.domain}) {
return 301 https://$host$request_uri;
}
listen 80 ;
listen [::]:80 ;
server_name ${domainConfig.domain};
${hostingFileAccess}
}
# ========================== ${domainConfig.name} | fin ================ #
`
}
return model
}
Reference in New Issue View Git Blame Copy Permalink