Verified Commit cc3cc143 authored by Giancarlo Razzolini's avatar Giancarlo Razzolini
Browse files

roles/archweb: Change the nginx template to handle the includes and rework the alternate domains

Changed the nginx template to handle includes and also reworked the way the dict is used, by using
the dict2items filter on the template directly. We also have create a custom template for ipxe.archlinux.org
using weaker ciphers.
parent be8ff7e5
server {
listen 80;
listen [::]:80;
server_name {{ domain['domain_name'] }};
access_log /var/log/nginx/{{ archweb_domain }}/access.log reduced;
error_log /var/log/nginx/{{ archweb_domain }}/error.log;
include snippets/letsencrypt.conf;
location / {
access_log off;
return 301 https://$server_name$request_uri;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name {{ domain['domain_name'] }};
access_log /var/log/nginx/{{ archweb_domain }}/access.log reduced;
error_log /var/log/nginx/{{ archweb_domain }}/error.log;
ssl_ciphers AES128-SHA:AES256-SHA:AES128-SHA256:AES256-SHA256;
ssl_certificate /etc/letsencrypt/live/{{ archweb_domain }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ archweb_domain }}/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/{{ archweb_domain }}/chain.pem;
location /releng/netboot {
access_log /var/log/nginx/{{ archweb_domain }}/access.log main;
include uwsgi_params;
uwsgi_pass archweb;
}
# Cache django's css, js and png files.
location /static {
expires 30d;
add_header Pragma public;
add_header Cache-Control "public";
alias /srv/http/archweb/collected_static;
}
location / {
access_log off;
return 301 https://{{ archweb_domain }}$request_uri;
}
}
upstream archweb {
server unix:///run/uwsgi/archweb.sock;
}
{% if archweb_alternate_domains %}
{% for domain in archweb_alternate_domains %}
{% if archweb_domains_templates -%}
{% for domain in archweb_domains_templates | dict2items(key_name='domain_name', value_name='template_name') %}
{% include domain['template_name'] %}
{% endfor %}
{%- endif %}
{% if archweb_domains_redirects %}
{% for domain in archweb_domains_redirects | dict2items(key_name='domain', value_name='redirect') %}
server {
listen 80;
listen [::]:80;
server_name {{ domain }};
server_name {{ domain['domain'] }};
access_log /var/log/nginx/{{ archweb_domain }}/access.log reduced;
error_log /var/log/nginx/{{ archweb_domain }}/error.log;
......@@ -23,7 +30,7 @@ server {
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name {{ domain }};
server_name {{ domain['domain'] }};
access_log /var/log/nginx/{{ archweb_domain }}/access.log reduced;
error_log /var/log/nginx/{{ archweb_domain }}/error.log;
......@@ -34,12 +41,7 @@ server {
location / {
access_log off;
return 301 https://{{ archweb_domain }}
{%- if archweb_domains_redirects -%}
{{ archweb_domains_redirects[domain]|default('$request_uri') }}
{%- else -%}
$request_uri
{%- endif %};
return 301 https://{{ archweb_domain }}{{ domain['redirect']|default('$request_uri') }};
}
}
{% endfor %}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment