def filter_subitem(subitem):
if subitem[0] in ('server_tokens', 'proxy_next_upstream'):
return ''
if subitem[0] == 'include':
if 'sites-enabled' in subitem[
1] or 'sites-available' in subitem[1]:
return ''
if isinstance(subitem[0], list):
if subitem[0][0] in ('server', 'upstream'):
return ''
return nginxparser.dumps([subitem])
def nginx_conf(self):
vhosts = self._conf['vhosts']
upstreams = ''.join(vhost.upstream_block() for vhost in vhosts)
http_blocks = ''.join(vhost.http_server_block() for vhost in vhosts)
https_blocks = ''.join(vhost.https_server_block() for vhost in vhosts)
return nginxparser.dumps(
nginxparser.loads(
open(self._conf['nginx_conf_template']).read() % {
'upstreams': upstreams,
'servers': http_blocks + https_blocks
}))
def https_server_block(self):
if 'https' in self.protocols and self.letsencrypt_exists():
return nginxparser.dumps(
[[['server'],
[['listen', '443 ssl'], ['listen', '[::]:443 ssl'],
['server_name', ' '.join(self.domains)],
['ssl_certificate', self.fullchain_pem()],
['ssl_certificate_key',
self.privkey_pem()],
['ssl_session_cache', 'shared:SSL:1m'],
['ssl_session_timeout', '5m'],
['ssl_protocols', self.ssl_protocols],
['ssl_ciphers', self.ssl_ciphers],
['ssl_prefer_server_ciphers', 'on'],
[['location', '/'],
self._location_content()]]]])
else:
return ''
def _make_template_out_of_nginx_conf(cls, nginx_conf_str):
def filter_subitem(subitem):
if subitem[0] in ('server_tokens', 'proxy_next_upstream'):
return ''
if subitem[0] == 'include':
if 'sites-enabled' in subitem[
1] or 'sites-available' in subitem[1]:
return ''
if isinstance(subitem[0], list):
if subitem[0][0] in ('server', 'upstream'):
return ''
return nginxparser.dumps([subitem])
conf = nginxparser.loads(nginx_conf_str)
for item in conf:
if item[0] == ['http']:
yield 'http {\n'
for subitem in item[1]:
yield ' '
yield filter_subitem(subitem)
yield '\n'
yield (' server_tokens off;\n'
' proxy_next_upstream error;\n'
' \n'
' %(upstreams)s\n'
' \n'
' server {\n'
' listen 80 default_server;\n'
' listen [::]:80 default_server;\n'
' server_name _;\n'
' location / {\n'
' return 404;\n'
' }\n'
' }\n'
' \n'
' %(servers)s\n'
' \n'
'}')
else:
yield nginxparser.dumps([item])
yield '\n'
def http_server_block(self):
http_block = [['listen', '80'], ['listen', '[::]:80'],
['server_name', ' '.join(self.domains)]]
if 'https' in self.protocols:
http_block.append([['location', '/.well-known/'],
[[
'alias',
os.path.join(self.letsencrypt_webroot(),
'.well-known/')
], ['autoindex', 'off']]])
if 'http' in self.protocols:
if self.http_to_https:
http_block.append(
[['location', '/'],
[['return', '301 https://$host$request_uri']]])
else:
http_block.append([['location', '/'],
self._location_content()])
else:
http_block.append([['location', '/'], [['return', '404']]])
return nginxparser.dumps([[['server'], http_block]])