133 lines
No EOL
3.9 KiB
Django/Jinja
133 lines
No EOL
3.9 KiB
Django/Jinja
{% extends "core.j2" %}
|
|
|
|
{% block location %}
|
|
|
|
## LOCATIONS
|
|
# ROOT LOCATION
|
|
location / {
|
|
proxy_pass {{ item.upstream_proto }}://{{ item.upstream_name }}:{{ item.upstream_port}};
|
|
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $remote_addr;
|
|
proxy_redirect off;
|
|
{% if item.secure_cookie is defined %}
|
|
proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict";
|
|
{% endif %}
|
|
{% if item.root_custom_headers is defined %}
|
|
{% for header in item.root_custom_headers %}
|
|
{% if header.secure_site is defined %}
|
|
add_header X-Download-Options noopen;
|
|
add_header X-Permitted-Cross-Domain-Policies none;
|
|
add_header Referrer-Policy {{ item.referrer | default('no-referrer') }};
|
|
{% if header.header_sameorigin is defined %}
|
|
add_header X-Frame-Options "SAMEORIGIN";
|
|
{% endif %}
|
|
{% endif %}
|
|
{% if header.nginx_HSTS_policy is defined %}
|
|
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
|
|
{% endif %}
|
|
{% if header.referrer is defined %}
|
|
add_header Referrer-Policy no-referrer;
|
|
{% endif %}
|
|
{% if header.csp is defined %}
|
|
add_header Content-Security-Policy "{{ header.csp }}";
|
|
{% endif %}
|
|
{% if header.cto is defined %}
|
|
{% if header.cto == 'none' %}
|
|
{% else %}
|
|
add_header X-Content-Type-Options {{ header.cto }};
|
|
{% endif %}
|
|
{% else %}
|
|
add_header X-Content-Type-Options nosniff;
|
|
{% endif %}
|
|
{%if header.xss is defined %}
|
|
{% if header.xss == 'none' %}
|
|
{% else %}
|
|
add_header X-XSS-Protection "{{ header.xss }}";
|
|
{% endif %}
|
|
{% else %}
|
|
add_header X-XSS-Protection "1; mode=block";
|
|
{% endif %}
|
|
{% if header.robots is defined %}
|
|
add_header X-Robots-Tag "{{ header.robots }}";
|
|
{% else %}
|
|
add_header X-Robots-Tag none;
|
|
{% endif %}
|
|
|
|
{% endfor %}
|
|
{% endif %}
|
|
|
|
}
|
|
|
|
{% if item.favicon is defined %}
|
|
location /favicon.ico {
|
|
alias {{ item.favicon }};
|
|
expires 30d;
|
|
access_log off;
|
|
log_not_found off;
|
|
}
|
|
{% endif %}
|
|
|
|
{% if item.extra_locations is defined %}
|
|
# EXTRA LOCATIONS
|
|
{% for locations in item.extra_locations %}
|
|
location {{ locations.name }} {
|
|
proxy_pass {{ locations.upstream_proto }}://{{ locations.upstream_name }}:{{ locations.upstream_port}};
|
|
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $remote_addr;
|
|
proxy_redirect off;
|
|
{% if item.secure_cookie is defined %}
|
|
proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict";
|
|
{% endif %}
|
|
{% if locations.headers is defined %}
|
|
{% for item in locations.headers %}
|
|
{% if item.secure_site is defined %}
|
|
add_header X-Download-Options noopen;
|
|
add_header X-Permitted-Cross-Domain-Policies none;
|
|
add_header Referrer-Policy {{ item.referrer | default('no-referrer') }};
|
|
{% if item.header_sameorigin is defined %}
|
|
add_header X-Frame-Options "SAMEORIGIN";
|
|
{% endif %}
|
|
{% endif %}
|
|
{% if item.nginx_HSTS_policy is defined %}
|
|
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
|
|
{% endif %}
|
|
{% if item.referrer is defined %}
|
|
add_header Referrer-Policy no-referrer;
|
|
{% endif %}
|
|
{% if item.csp is defined %}
|
|
add_header Content-Security-Policy "{{ item.csp }}";
|
|
{% endif %}
|
|
{% if item.cto is defined %}
|
|
{% if item.cto == 'none' %}
|
|
{% else %}
|
|
add_header X-Content-Type-Options {{ item.cto }};
|
|
{% endif %}
|
|
{% else %}
|
|
add_header X-Content-Type-Options nosniff;
|
|
{% endif %}
|
|
{%if item.xss is defined %}
|
|
{% if item.xss == 'none' %}
|
|
{% else %}
|
|
add_header X-XSS-Protection "{{ item.xss }}";
|
|
{% endif %}
|
|
{% else %}
|
|
add_header X-XSS-Protection "1; mode=block";
|
|
{% endif %}
|
|
{% if item.robots is defined %}
|
|
add_header X-Robots-Tag "{{ item.robots }}";
|
|
{% else %}
|
|
add_header X-Robots-Tag none;
|
|
{% endif %}
|
|
|
|
{% endfor %}
|
|
{% endif %}
|
|
}
|
|
|
|
{% endfor %}
|
|
{% endif %}
|
|
{% endblock %}
|
|
``` |