+ non-www redirect nginx script (with todo)

+ domain_name & refactored nginx variables for resolve connect of www-domain logic and redirect to or from
* some installs have error after login to non-privileged user with starship $-symbol - correct escaped function for that
+ use separate domain for pma nginx config based on new domain_name variable (defined in nginx vars file)
* update database example vars (use inventory dir path and bz2 by default)

#861m7vaer Шаблон операционной системы на Debian 10
This commit is contained in:
2023-10-29 21:57:44 +03:00
parent 3bf86281d2
commit 73647f855d
12 changed files with 49 additions and 16 deletions

View File

@ -1,13 +1,16 @@
server {
listen 80;
listen 443 ssl;
ssl_certificate /etc/letsencrypt/tmp/domain/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/tmp/domain/privkey.pem;
server_name domain;
location / {
proxy_pass https://site_name;
proxy_pass https://lxc;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
}
listen 443 ssl;
ssl_certificate /etc/letsencrypt/tmp/domain/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/tmp/domain/privkey.pem;
}
# TODO: example site.auth.conf

View File

@ -0,0 +1,17 @@
error_page 418 = @nonwww;
set $nonwww "";
if ( $http_host ~* "^www\.") {
set $nonwww "${nonwww}0";
}
if ( $nonwww ~* "^0+$" ) {
return 418;
}
# TODO: map need moved to conf.d
map $host $tld {
default $host;
'~^www\.(?<domain>.*)$' $domain;
}
location @nonwww {
rewrite ^ https://$tld$request_uri permanent;
}

View File

@ -24,8 +24,10 @@
# nginx_webroot_create: False
nginx_ocsp: False
nginx_worker_processes: auto
nginx_manage_ipv6only: False
# TODO: Replace [::]:443 to 443 and [::]:80 to 80 in site nginx config
nginx__servers:
- name: '{{ site_name }}'
- name: '{{ domain_name }}'
type: php
@ -64,7 +66,8 @@
nginx_includes_begin: "{{ (nginx_includes_begin | default([])) | union([item]) }}"
when: item != omit
loop:
- "{{ (nginx_www_redirect | default(False)) | ternary('includes.d/www.conf', omit) }}"
- "{{ (nginx_www_domain and nginx_www_redirect == 'www') | ternary('includes.d/www.conf', omit) }}"
- "{{ (nginx_www_domain and nginx_www_redirect == 'non-www') | ternary('includes.d/non-www.conf', omit) }}"
- includes.d/octobercms.conf
- includes.d/staticfiles.conf

View File

@ -21,7 +21,7 @@
post_tasks:
- name: Change starship character to dollar sign
shell: |
sed -i 's/#/\\\\$/g' /home/{{ site_name }}/.config/starship.toml
sed -i 's/#/\\$/g' /home/{{ site_name }}/.config/starship.toml
args:
executable: /bin/bash