scripts/nginx_config_maker/model.php-website.mjs

126 lines
3.4 KiB
JavaScript
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

/**
* turns a domain config to two config files for nginx web sever on proxmox and its container
* @param domainConfig
* @returns {{homeNginxConf: string, containerNginxConf: string}}
*/
export function makeHostFileForPhpPages (domainConfig) {
let domainWithoutWWW = domainConfig.domain;
if(domainConfig.domain.includes('www.')){
domainWithoutWWW = domainConfig.domain.replace('www.', '')
}
let redirectToNoWWW = false;
let redirectToNoWWWConf = `
server {
# redirect from www to non-www
server_name ${domainConfig.domain};
listen 80 http2;
return 301 https://${domainWithoutWWW}$request_uri;
}
`;
let redirectToWWW = true;
let redirectToWWWConf = `
server {
# redirect from non-www to www
server_name ${domainWithoutWWW};
listen 80 http2;
return 301 https://${domainConfig.domain}$request_uri;
}
`;
let redirectToHTTPS = true;
let redirectToHTTPSConf = `
server {
# redirect to https from http
server_name ${domainConfig.domain};
listen 80 http2;
return 301 https://${domainConfig.domain}$request_uri;
}
`;
/**
* @type {{homeNginxConf: string, containerNginxConf: string}}
*/
const model = {
homeNginxConf: `
# ============ ${domainConfig.name} ===============
${redirectToNoWWW ? redirectToNoWWWConf : '' }
${redirectToWWW ? redirectToWWWConf : '' }
${redirectToHTTPS ? redirectToHTTPSConf : '' }
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name ${domainConfig.domain};
ssl_certificate /etc/letsencrypt/live/${domainConfig.domain}-0001/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${domainConfig.domain}-0001/privkey.pem;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
location / {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
# Container tksites
proxy_pass ${domainConfig.LXCcontainerProtocol}://${domainConfig.LXCcontainerLocalIP};
}
add_header Permissions-Policy "interest-cohort=()";
include /etc/nginx/snippets/letsencrypt-acme-challenge.conf;
}
`,
containerNginxConf: `
# ============ ${domainConfig.name} | côté conteneur LXC ===============
server {
if ($host = ${domainConfig.domain}) {
return 301 https://$host$request_uri;
}
listen 80 ;
listen [::]:80 ;
server_name ${domainConfig.domain};
add_header Permissions-Policy "interest-cohort=()";
root /home/www/${domainConfig.domain};
index index.php index.html;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \\.php$ {
#NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
include fastcgi.conf;
fastcgi_intercept_errors on;
fastcgi_pass php-handler;
}
location ~* \\.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
}
add_header Permissions-Policy "interest-cohort=()";
}
# ========================== ${domainConfig.name} | fin ================ #
`
}
return model
}