ppm/nginx
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

update to work with new way for the firewall

Browse source
This commit is contained in:
Peter 2025-08-15 23:11:03 +02:00
parent 42ce223749
commit 920c9db231
2 changed files with 43 additions and 32 deletions
Download patch file Download diff file Expand all files Collapse all files

49
appinfo.yml
View file

@ -21,13 +21,13 @@ configdefinition:
description: The key file used for the certificate. ATM this nginx only supports one certificate (use wildcards) description: The key file used for the certificate. ATM this nginx only supports one certificate (use wildcards)
httpport: httpport:
type: integer type: integer
default: 8080 default: 80
minimum: 1025 minimum: 1
maximum: 65536 maximum: 65536
httpsport: httpsport:
type: integer type: integer
default: 8443 default: 443
minimum: 1025 minimum: 1
maximum: 65536 maximum: 65536
listenhttpaddress4: listenhttpaddress4:
type: string type: string
@ -45,22 +45,25 @@ configdefinition:
type: string type: string
format: ipv6 format: ipv6
default: "::" default: "::"
imports: ports:
web: - http
"$id": "web import" - https
"$schema": "http://json-schema.org/draft-07/schema#" exports:
description: What we import from other apps under the web key. To define what we need to proxy firewall:
type: array redirect:
items: - from: "{{ config.httpport }}"
type: object to: "{{ ports.http }}"
additionalProperties: false version: ipv4
properties: ip: "{{ config.listenhttpaddress4 }}"
proxyaddress: - from: "{{ config.httpsport }}"
type: string to: "{{ ports.https }}"
description: The address to proxy to version: ipv4
publicname: ip: "{{ config.listenhttpaddress4 }}"
default: "" - from: "{{ config.httpport }}"
type: string to: "{{ ports.http }}"
description: The public address to expose, it will be sufixed by the domainname we use. Will default to the appname version: ipv6
required: ip: "{{ config.listenhttpaddress6 }}"
- proxyaddress - from: "{{ config.httpsport }}"
to: "{{ ports.https }}"
version: ipv6
ip: "{{ config.listenhttpaddress6 }}"

26
nginx.conf.j2
View file

@ -29,16 +29,20 @@ http {
gzip on; gzip on;
server { server {
listen [{{ config.listenhttpaddress6 }}]:{{ config.httpport }}; listen [{{ config.listenhttpaddress6 }}]:{{ ports.http }};
listen {{ config.listenhttpaddress4 }}:{{ config.httpport }}; listen {{ config.listenhttpaddress4 }}:{{ ports.http }};
{% if config.listenhttpaddress6 != "::1" %}listen [::1]:{{ ports.http }};{% endif %}
{% if config.listenhttpaddress4 != "127.0.0.1" %}listen 127.0.0.1:{{ ports.http }};{% endif %}
server_name _; server_name _;
root /var/www/empty; root /var/www/empty;
default_type text/html; default_type text/html;
return 200 "Nothing to see here"; return 200 "Nothing to see here";
} }
server { server {
listen [{{ config.listenhttpaddress6 }}]:{{ config.httpsport }} ssl; listen [{{ config.listenhttpaddress6 }}]:{{ ports.https }} ssl;
listen {{ config.listenhttpaddress4 }}:{{ config.httpsport }} ssl; listen {{ config.listenhttpaddress4 }}:{{ ports.https }} ssl;
{% if config.listenhttpaddress6 != "::1" %}listen [::1]:{{ ports.https }} ssl;{% endif %}
{% if config.listenhttpaddress4 != "127.0.0.1" %}listen 127.0.0.1:{{ ports.https }} ssl;{% endif %}
server_name _; server_name _;
ssl_certificate /etc/nginx/ssl.cert; ssl_certificate /etc/nginx/ssl.cert;
@ -52,12 +56,14 @@ http {
{% for app in otherapps -%} {% for app in otherapps -%}
{%- if "web" in otherapps[app]["imports"] -%} {%- if "web" in otherapps[app]["imports"] -%}
{%- for onesite in otherapps[app]["imports"]["web"] -%} {%- for onesite in otherapps[app]["imports"]["web"]["sites"] -%}
{# Redirect http to https. We only support https sites #} {# Redirect http to https. We only support https sites #}
server { server {
listen [{{ config.listenhttpaddress6 }}]:{{ config.httpport }}; listen [{{ config.listenhttpaddress6 }}]:{{ ports.http }};
listen {{ config.listenhttpaddress4 }}:{{ config.httpport }}; listen {{ config.listenhttpaddress4 }}:{{ ports.http }};
{% if config.listenhttpaddress6 != "::1" %}listen [::1]:{{ ports.http }};{% endif %}
{% if config.listenhttpaddress4 != "127.0.0.1" %}listen 127.0.0.1:{{ ports.http }};{% endif %}
server_name {{ onesite.publicname }}; server_name {{ onesite.publicname }};
root /var/www/empty; root /var/www/empty;
location / { location / {
@ -65,8 +71,10 @@ http {
} }
} }
server { server {
listen [{{ config.listenhttpaddress6 }}]:{{ config.httpsport }} ssl; listen [{{ config.listenhttpaddress6 }}]:{{ ports.https }} ssl;
listen {{ config.listenhttpaddress4 }}:{{ config.httpsport }} ssl; listen {{ config.listenhttpaddress4 }}:{{ ports.https }} ssl;
{% if config.listenhttpaddress6 != "::1" %}listen [::1]:{{ ports.https }} ssl;{% endif %}
{% if config.listenhttpaddress4 != "127.0.0.1" %}listen 127.0.0.1:{{ ports.https }} ssl;{% endif %}
server_name {{ onesite.publicname }}; server_name {{ onesite.publicname }};
ssl_certificate /etc/nginx/ssl.cert; ssl_certificate /etc/nginx/ssl.cert;