clean up tmpl (#2263)
The nginx.conf generated now is too messy remove some section only useful when dynamic configure enabled and headers only useful for https.
This commit is contained in:
Oilbeater
Manuel Alejandro de Brito Fontes
parent
b09ecf790b
commit
c6c219a7d1
2 changed files with 7 additions and 16 deletions
File diff suppressed because one or more lines are too long
|
|
@ -36,6 +36,7 @@ events {
|
||||||
}
|
}
|
||||||
|
|
||||||
http {
|
http {
|
||||||
|
{{ if $all.DynamicConfigurationEnabled }}
|
||||||
lua_package_cpath "/usr/local/lib/lua/?.so;/usr/lib/x86_64-linux-gnu/lua/5.1/?.so;;";
|
lua_package_cpath "/usr/local/lib/lua/?.so;/usr/lib/x86_64-linux-gnu/lua/5.1/?.so;;";
|
||||||
lua_package_path "/etc/nginx/lua/?.lua;/etc/nginx/lua/vendor/?.lua;/usr/local/lib/lua/?.lua;;";
|
lua_package_path "/etc/nginx/lua/?.lua;/etc/nginx/lua/vendor/?.lua;/usr/local/lib/lua/?.lua;;";
|
||||||
|
|
||||||
|
|
@ -70,7 +71,7 @@ http {
|
||||||
init_worker_by_lua_block {
|
init_worker_by_lua_block {
|
||||||
balancer.init_worker()
|
balancer.init_worker()
|
||||||
}
|
}
|
||||||
|
{{ end }}
|
||||||
{{/* we use the value of the header X-Forwarded-For to be able to use the geo_ip module */}}
|
{{/* we use the value of the header X-Forwarded-For to be able to use the geo_ip module */}}
|
||||||
{{ if $cfg.UseProxyProtocol }}
|
{{ if $cfg.UseProxyProtocol }}
|
||||||
real_ip_header proxy_protocol;
|
real_ip_header proxy_protocol;
|
||||||
|
|
@ -373,6 +374,7 @@ http {
|
||||||
{{ end }}
|
{{ end }}
|
||||||
{{ end }}
|
{{ end }}
|
||||||
|
|
||||||
|
{{ if $all.DynamicConfigurationEnabled }}
|
||||||
upstream upstream_balancer {
|
upstream upstream_balancer {
|
||||||
server 0.0.0.1; # placeholder
|
server 0.0.0.1; # placeholder
|
||||||
|
|
||||||
|
|
@ -384,6 +386,7 @@ http {
|
||||||
keepalive {{ $cfg.UpstreamKeepaliveConnections }};
|
keepalive {{ $cfg.UpstreamKeepaliveConnections }};
|
||||||
{{ end }}
|
{{ end }}
|
||||||
}
|
}
|
||||||
|
{{ end }}
|
||||||
|
|
||||||
{{/* build the maps that will be use to validate the Whitelist */}}
|
{{/* build the maps that will be use to validate the Whitelist */}}
|
||||||
{{ range $index, $server := $servers }}
|
{{ range $index, $server := $servers }}
|
||||||
|
|
@ -500,6 +503,7 @@ http {
|
||||||
{{ end }}
|
{{ end }}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
{{ if $all.DynamicConfigurationEnabled }}
|
||||||
location /configuration {
|
location /configuration {
|
||||||
allow 127.0.0.1;
|
allow 127.0.0.1;
|
||||||
{{ if $IsIPV6Enabled }}
|
{{ if $IsIPV6Enabled }}
|
||||||
|
|
@ -510,6 +514,7 @@ http {
|
||||||
configuration.call()
|
configuration.call()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
{{ end }}
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
{{ if .CustomErrors }}
|
{{ if .CustomErrors }}
|
||||||
|
|
@ -760,17 +765,10 @@ stream {
|
||||||
{{ if not (empty $server.CertificateAuth.CAFileName) }}
|
{{ if not (empty $server.CertificateAuth.CAFileName) }}
|
||||||
{{ if $server.CertificateAuth.PassCertToUpstream }}
|
{{ if $server.CertificateAuth.PassCertToUpstream }}
|
||||||
proxy_set_header ssl-client-cert $ssl_client_escaped_cert;
|
proxy_set_header ssl-client-cert $ssl_client_escaped_cert;
|
||||||
{{ else }}
|
|
||||||
proxy_set_header ssl-client-cert "";
|
|
||||||
{{ end }}
|
{{ end }}
|
||||||
proxy_set_header ssl-client-verify $ssl_client_verify;
|
proxy_set_header ssl-client-verify $ssl_client_verify;
|
||||||
proxy_set_header ssl-client-subject-dn $ssl_client_s_dn;
|
proxy_set_header ssl-client-subject-dn $ssl_client_s_dn;
|
||||||
proxy_set_header ssl-client-issuer-dn $ssl_client_i_dn;
|
proxy_set_header ssl-client-issuer-dn $ssl_client_i_dn;
|
||||||
{{ else }}
|
|
||||||
proxy_set_header ssl-client-cert "";
|
|
||||||
proxy_set_header ssl-client-verify "";
|
|
||||||
proxy_set_header ssl-client-client-dn "";
|
|
||||||
proxy_set_header ssl-client-subject-dn "";
|
|
||||||
{{ end }}
|
{{ end }}
|
||||||
|
|
||||||
set $target {{ $location.ExternalAuth.URL }};
|
set $target {{ $location.ExternalAuth.URL }};
|
||||||
|
|
@ -892,17 +890,10 @@ stream {
|
||||||
{{ if not (empty $server.CertificateAuth.CAFileName) }}
|
{{ if not (empty $server.CertificateAuth.CAFileName) }}
|
||||||
{{ if $server.CertificateAuth.PassCertToUpstream }}
|
{{ if $server.CertificateAuth.PassCertToUpstream }}
|
||||||
proxy_set_header ssl-client-cert $ssl_client_escaped_cert;
|
proxy_set_header ssl-client-cert $ssl_client_escaped_cert;
|
||||||
{{ else }}
|
|
||||||
proxy_set_header ssl-client-cert "";
|
|
||||||
{{ end }}
|
{{ end }}
|
||||||
proxy_set_header ssl-client-verify $ssl_client_verify;
|
proxy_set_header ssl-client-verify $ssl_client_verify;
|
||||||
proxy_set_header ssl-client-subject-dn $ssl_client_s_dn;
|
proxy_set_header ssl-client-subject-dn $ssl_client_s_dn;
|
||||||
proxy_set_header ssl-client-issuer-dn $ssl_client_i_dn;
|
proxy_set_header ssl-client-issuer-dn $ssl_client_i_dn;
|
||||||
{{ else }}
|
|
||||||
proxy_set_header ssl-client-cert "";
|
|
||||||
proxy_set_header ssl-client-verify "";
|
|
||||||
proxy_set_header ssl-client-subject-dn "";
|
|
||||||
proxy_set_header ssl-client-issuer-dn "";
|
|
||||||
{{ end }}
|
{{ end }}
|
||||||
|
|
||||||
# Allow websocket connections
|
# Allow websocket connections
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue