nginx/templates/etc/nginx/sites-available/proxy.j2

133 lines
3.9 KiB
Django/Jinja

{% extends "core.j2" %}
{% block location %}
## LOCATIONS
# ROOT LOCATION
location / {
proxy_pass {{ item.upstream_proto }}://{{ item.upstream_name }}:{{ item.upstream_port}};
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_redirect off;
{% if item.secure_cookie is defined %}
proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict";
{% endif %}
{% if item.root_custom_headers is defined %}
{% for header in item.root_custom_headers %}
{% if header.secure_site is defined %}
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header Referrer-Policy {{ item.referrer | default('no-referrer') }};
{% if header.header_sameorigin is defined %}
add_header X-Frame-Options "SAMEORIGIN";
{% endif %}
{% endif %}
{% if header.nginx_HSTS_policy is defined %}
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
{% endif %}
{% if header.referrer is defined %}
add_header Referrer-Policy no-referrer;
{% endif %}
{% if header.csp is defined %}
add_header Content-Security-Policy "{{ header.csp }}";
{% endif %}
{% if header.cto is defined %}
{% if header.cto == 'none' %}
{% else %}
add_header X-Content-Type-Options {{ header.cto }};
{% endif %}
{% else %}
add_header X-Content-Type-Options nosniff;
{% endif %}
{%if header.xss is defined %}
{% if header.xss == 'none' %}
{% else %}
add_header X-XSS-Protection "{{ header.xss }}";
{% endif %}
{% else %}
add_header X-XSS-Protection "1; mode=block";
{% endif %}
{% if header.robots is defined %}
add_header X-Robots-Tag "{{ header.robots }}";
{% else %}
add_header X-Robots-Tag none;
{% endif %}
{% endfor %}
{% endif %}
}
{% if item.favicon is defined %}
location /favicon.ico {
alias {{ item.favicon }};
expires 30d;
access_log off;
log_not_found off;
}
{% endif %}
{% if item.extra_locations is defined %}
# EXTRA LOCATIONS
{% for locations in item.extra_locations %}
location {{ locations.name }} {
proxy_pass {{ locations.upstream_proto }}://{{ locations.upstream_name }}:{{ locations.upstream_port}};
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_redirect off;
{% if item.secure_cookie is defined %}
proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict";
{% endif %}
{% if locations.headers is defined %}
{% for item in locations.headers %}
{% if item.secure_site is defined %}
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header Referrer-Policy {{ item.referrer | default('no-referrer') }};
{% if item.header_sameorigin is defined %}
add_header X-Frame-Options "SAMEORIGIN";
{% endif %}
{% endif %}
{% if item.nginx_HSTS_policy is defined %}
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
{% endif %}
{% if item.referrer is defined %}
add_header Referrer-Policy no-referrer;
{% endif %}
{% if item.csp is defined %}
add_header Content-Security-Policy "{{ item.csp }}";
{% endif %}
{% if item.cto is defined %}
{% if item.cto == 'none' %}
{% else %}
add_header X-Content-Type-Options {{ item.cto }};
{% endif %}
{% else %}
add_header X-Content-Type-Options nosniff;
{% endif %}
{%if item.xss is defined %}
{% if item.xss == 'none' %}
{% else %}
add_header X-XSS-Protection "{{ item.xss }}";
{% endif %}
{% else %}
add_header X-XSS-Protection "1; mode=block";
{% endif %}
{% if item.robots is defined %}
add_header X-Robots-Tag "{{ item.robots }}";
{% else %}
add_header X-Robots-Tag none;
{% endif %}
{% endfor %}
{% endif %}
}
{% endfor %}
{% endif %}
{% endblock %}
```