Skip to content

Add ability to insert an additional location block & custom configuration #6

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 13 commits into
base: master
Choose a base branch
from
Open

Add ability to insert an additional location block & custom configuration #6

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
78da5e5
add more conditional include logic
khaliqgant Jun 22, 2020
fd3b9be
Merge pull request #1 from khaliqgant/dynamic-adjustments
khaliqgant Jun 22, 2020
c35a9fd
allow for dynamic ssl configuration
khaliqgant Jun 22, 2020
5a2cd8a
Merge pull request #2 from khaliqgant/dynamic-adjustments
khaliqgant Jun 22, 2020
22e445a
add location_block_header to an annotation
khaliqgant Jun 23, 2020
b66b539
fix variable reference
khaliqgant Jun 23, 2020
210e129
reference variable correctly
khaliqgant Jun 23, 2020
12c65f6
use group by keysto grab the variable
khaliqgant Jun 23, 2020
3556fc0
fix ne check
khaliqgant Jun 24, 2020
eca2dd3
add in an additional server block that can dynamically add in locatio…
khaliqgant Jun 24, 2020
284fa1e
remove add_server_block and add default empty string for location_blo…
khaliqgant Jul 1, 2020
b456528
get first available value then coalesce in case not provided
khaliqgant Jul 1, 2020
d7f5493
remove dockerfile change
khaliqgant Jul 5, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions .editorconfig
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
[**.tmpl]
indent_style = tab
indent_size = 2
2 changes: 1 addition & 1 deletion Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
FROM nginx:1.14.2
LABEL maintainer="Kyle McCullough <kylemcc@gmail.com>"

LABEL version="0.2.1"
LABEL version="0.2.2"

# Install available package updates, wget, and install/updates certificates
RUN apt-get update \
Expand Down
47 changes: 38 additions & 9 deletions sites.tmpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -116,6 +116,9 @@ upstream {{ $host }} {
{{/* Use the cert specified on the container or fallback to the best vhost match */}}
{{ $cert := (coalesce $certName $vhostCert) -}}

{{ $location_block_header_raw := (groupByKeys $resources "ObjectMeta.Annotations.location_block_header" | first) -}}
{{ $location_block_header := coalesce $location_block_header_raw "" -}}

{{ $is_https := (and (ne $cert "") (exists (printf "/etc/nginx/certs/%s.crt" $cert)) (exists (printf "/etc/nginx/certs/%s.key" $cert))) -}}

{{- if $is_https -}}
Expand All @@ -134,15 +137,22 @@ server {
listen 443 ssl http2 {{ $default_server }};
access_log /var/log/nginx/access.log vhost;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA;

ssl_prefer_server_ciphers on;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:50m;
{{ if (exists "/etc/nginx/ssl_protocols_and_ciphers") -}}
include /etc/nginx/ssl_protocols_and_ciphers;
{{ else }}
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA;
ssl_prefer_server_ciphers on;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:50m;
{{ end -}}

ssl_certificate /etc/nginx/certs/{{ (printf "%s.crt" $cert) }};
ssl_certificate_key /etc/nginx/certs/{{ (printf "%s.key" $cert) }};
{{ if (exists "/etc/nginx/ssl_certificate_configuration") -}}
include /etc/nginx/ssl_certificate_configuration;
{{ else }}
ssl_certificate /etc/nginx/certs/{{ (printf "%s.crt" $cert) }};
ssl_certificate_key /etc/nginx/certs/{{ (printf "%s.key" $cert) }};
{{ end -}}

{{ if (exists (printf "/etc/nginx/certs/%s.dhparam.pem" $cert)) -}}
ssl_dhparam {{ printf "/etc/nginx/certs/%s.dhparam.pem" $cert }};
Expand All @@ -160,6 +170,12 @@ server {

location / {
proxy_pass {{ trim $proto }}://{{ trim $host }};
{{ if (exists "/etc/nginx/proxy-headers.conf") -}}
include /etc/nginx/proxy-headers.conf;
{{ end -}}
{{ if (exists "/etc/nginx/security-headers.conf") -}}
include /etc/nginx/security-headers.conf;
{{ end -}}
{{ if (exists (printf "/etc/nginx/htpasswd/%s" $host)) -}}
auth_basic "Restricted {{ $host }}";
auth_basic_user_file {{ (printf "/etc/nginx/htpasswd/%s" $host) }};
Expand All @@ -169,9 +185,22 @@ server {
{{ else if (exists "/etc/nginx/vhost.d/default_location") -}}
include /etc/nginx/vhost.d/default_location;
{{ end -}}
}
}

{{ if (ne $location_block_header "") -}}
location {{ (trim $location_block_header) }} {
proxy_pass {{ trim $proto }}://{{ trim $host }};
{{ if (exists "/etc/nginx/security-headers.conf") -}}
include /etc/nginx/security-headers.conf;
{{ end -}}
{{ if (exists "/etc/nginx/upgrade-protocol-headers.conf") -}}
include /etc/nginx/upgrade-protocol-headers.conf;
{{ end -}}
}
{{ end -}}
}


{{- end -}}

{{- if or (not $is_https) (eq $https_method "noredirect") -}}
Expand Down