scripts/nginx_config_maker/model.wordpress.mjs

114 lines
3.4 KiB
JavaScript
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

/**
* turns a domain config to two config files for nginx web sever on proxmox and its container
* @param domainConfig
* @returns {{homeNginxConf: string, containerNginxConf: string}}
*/
export function makeHostFileForWordpress (domainConfig) {
/**
* example:
* # redirect to https+www without www from https
* server {
listen 443 http2;
listen [::]:443 http2;
server_name ${domainConfig.name};
return 301 https://${domainConfig.name}$request_uri;
}
* @type {{homeNginxConf: string, containerNginxConf: string}}
*/
const model = {
homeNginxConf: `
# ============ ${domainConfig.name} ===============
server {
# redirect to https from http
server_name ${domainConfig.name};
listen 80 http2;
return 301 https://${domainConfig.name}$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name ${domainConfig.name};
ssl_certificate /etc/letsencrypt/live/${domainConfig.name}-0001/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${domainConfig.name}-0001/privkey.pem;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
location / {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
# Container tksites
proxy_pass ${domainConfig.LXCcontainerProtocol}://${domainConfig.LXCcontainerLocalIP};
}
add_header Permissions-Policy "interest-cohort=()";
}
`,
containerNginxConf: `
# ============ ${domainConfig.name} | côté conteneur LXC ===============
server {
if ($host = www.cipherbliss.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 ;
listen [::]:80 ;
server_name www.cipherbliss.com;
# enforce https
return 301 https://$server_name$request_uri;
add_header Permissions-Policy "interest-cohort=()";
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name www.cipherbliss.com;
ssl_certificate /etc/letsencrypt/live/www.cipherbliss.com-0001/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/www.cipherbliss.com-0001/privkey.pem; # managed by Certbot
# Path to the root of your installation
root /home/www/tykayn/cipherbliss/;
## This should be in your http block and if it is, it's not needed here.
index index.php;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location / {
# This is cool because no php is touched for static content.
# include the "?$args" part so non-default permalinks doesn't break when using query string
try_files $uri $uri/ /index.php?$args;
}
location ~ \\.php$ {
#NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
include fastcgi.conf;
fastcgi_intercept_errors on;
fastcgi_pass php-handler;
}
location ~* \\.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
}
add_header Permissions-Policy "interest-cohort=()";
}
`
}
return model
}