templating - init work on global templates

confs2/global/api-temp.conf

@@ -1,15 +1,15 @@
-
-location ~ ^%API_URI%/ping {
+# todo : if api_uri == "random"
+location ~ ^{{ API_URI }}/ping {
 	return 444;
 }
 
-location ~ ^%API_URI% {
+location ~ {{ API_URI }} {
 
 rewrite_by_lua_block {
 	
 	local api		= require "api"
-	local api_whitelist_ip  = {{ API_WHITELIST_IP }}
-	local api_uri		= "%API_URI%"
+	local api_whitelist_ip  = {% raw %}{{% endraw %}{% set elements = API_WHITELIST_IP.split(" ") %}{% for i in range(0, elements|length) %}"{{ elements[i] }}"{% if i < elements|length-1 %},{% endif %}{% endfor %}{% raw %}}{% endraw %}
+	local api_uri		= "{{ API_URI }}"
 	local logger		= require "logger"
 
 	if api.is_api_call(api_uri, api_whitelist_ip) then

confs2/global/api.conf

@@ -1,16 +1,9 @@
-{{ API_URI }}
-{% set API_WHITELIST_IP_value = "" %}
-{% for element in API_WHITELIST_IP.split(" ") %}
-	{{ element + "toto" }}
-	{% set API_WHITELIST_IP_value = API_WHITELIST_IP_value + '"' + element + '",' %}
-{% endfor %}
-{% set API_WHITELIST_IP_value = API_WHITELIST_IP_value[:-1] %}
-
+# todo : if api_uri == "random"
 rewrite_by_lua_block {
 	
 	local api		= require "api"
 	local api_whitelist_ip	= {% raw %}{{% endraw %}{% set elements = API_WHITELIST_IP.split(" ") %}{% for i in range(0, elements|length) %}"{{ elements[i] }}"{% if i < elements|length-1 %},{% endif %}{% endfor %}{% raw %}}{% endraw %}
-	local api_uri		= "%API_URI%"
+	local api_uri		= "{{ API_URI }}"
 	local logger		= require "logger"
 
 	if api.is_api_call(api_uri, api_whitelist_ip) then

confs2/global/cache.conf

@@ -1,4 +0,0 @@
-open_file_cache %CACHE%;
-open_file_cache_errors %CACHE_ERRORS%;
-open_file_cache_min_uses %CACHE_USES%;
-open_file_cache_valid %CACHE_VALID%;

confs2/global/geoip.conf

@@ -5,6 +5,11 @@ geoip2 /etc/nginx/geoip.mmdb {
 }
 
 map $geoip2_data_country_code $allowed_country {
-	default %DEFAULT%;
-	%COUNTRY%
+	default {% if WHITELIST_COUNTRY != "" %}no{% else %}yes{% endif %};
+	{% for country in WHITELIST_COUNTRY.split(" ") %}
+		{{ country }} yes;
+	{% endfor %}
+	{% for country in BLACKLIST_COUNTRY.split(" ") %}
+		{{ country }} no;
+	{% endfor %}
 }

confs2/global/init-lua.conf

@@ -3,12 +3,12 @@ init_by_lua_block {
 local dataloader		= require "dataloader"
 local logger			= require "logger"
 
-local use_proxies		= %USE_PROXIES%
-local use_abusers		= %USE_ABUSERS%
-local use_tor_exit_nodes	= %USE_TOR_EXIT_NODES%
-local use_user_agents		= %USE_USER_AGENTS%
-local use_referrers		= %USE_REFERRERS%
-local use_crowdsec		= %USE_CROWDSEC%
+local use_proxies		= {% if USE_PROXIES == "yes" %}true{% else %}false{% endif %}
+local use_abusers		= {% if USE_ABUSERS == "yes" %}true{% else %}false{% endif %}
+local use_tor_exit_nodes	= {% if USE_TOR_EXIT_NODES == "yes" %}true{% else %}false{% endif %}
+local use_user_agents		= {% if USE_USER_AGENTS == "yes" %}true{% else %}false{% endif %}
+local use_referrers		= {% if USE_REFERRERS == "yes" %}true{% else %}false{% endif %}
+local use_crowdsec		= {% if USE_CROWDSEC == "yes" %}true{% else %}false{% endif %}
 
 if use_proxies then
 	dataloader.load_ip("/etc/nginx/proxies.list", ngx.shared.proxies_data)

confs2/global/multisite-default-server-https.conf

@@ -1,11 +1,13 @@
-listen 0.0.0.0:%HTTPS_PORT% default_server ssl %HTTP2%;
+listen 0.0.0.0:{{ HTTPS_PORT }} default_server ssl {% if USE_HTTP2 == "yes" %}http2{% endif %};
 ssl_certificate /etc/nginx/default-cert.pem;
 ssl_certificate_key /etc/nginx/default-key.pem;
-ssl_protocols %HTTPS_PROTOCOLS%;
+ssl_protocols {{ HTTPS_PROTOCOLS }};
 ssl_prefer_server_ciphers off;
 ssl_session_tickets off;
 ssl_session_timeout 1d;
 ssl_session_cache shared:MozSSL:10m;
-%SSL_DHPARAM%
-%SSL_CIPHERS%
-%LETS_ENCRYPT_WEBROOT%
+{% if "TLSv1.2" in HTTPS_PROTOCOLS %}
+ssl_dhparam /etc/nginx/dhparam;
+ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+{% endif %}
+include /etc/nginx/multisite-default-server-lets-encrypt-webroot.conf;

confs2/global/multisite-default-server.conf

@@ -1,6 +1,7 @@
+toto
 server {
-	%LISTEN_HTTP%
+	{% if LISTEN_HTTP == "yes" %}listen 0.0.0.0:{{ HTTP_PORT }} default_server{% endif %}
 	server_name _;
-	%USE_HTTPS%
-	%MULTISITE_DISABLE_DEFAULT_SERVER%
+	{% if has_value("AUTO_LETS_ENCRYPT", "yes") %}include /etc/nginx/multisite-default-server-https.conf;{% endif %}
+	{% if DISABLE_DEFAULT_SERVER == "yes" %}include /etc/nginx/multisite-disable-default-server.conf;{% endif %}
 }

confs2/global/nginx.conf

@@ -26,11 +26,11 @@ pcre_jit on;
 include /etc/nginx/modules/*.conf;
 
 # max open files for each worker
-worker_rlimit_nofile %WORKER_RLIMIT_NOFILE%;
+worker_rlimit_nofile {{ WORKER_RLIMIT_NOFILE }};
 
 events {
 	# max connections per worker
-	worker_connections %WORKER_CONNECTIONS%;
+	worker_connections {{ WORKER_CONNECTIONS }};
 
 	# epoll seems to be the best on Linux
 	use epoll;
@@ -51,9 +51,9 @@ http {
 	default_type application/octet-stream;
 
 	# write logs to local syslog
-	log_format logf '%LOG_FORMAT%';
+	log_format logf '{{ LOG_FORMAT }}';
 	access_log /var/log/access.log logf;
-	error_log /var/log/error.log %LOG_LEVEL%;
+	error_log /var/log/error.log {{ LOG_LEVEL }};
 
 	# temp paths
 	proxy_temp_path /tmp/proxy_temp;
@@ -72,36 +72,39 @@ http {
 	send_timeout 10;
 
 	# resolvers to use
-	resolver %DNS_RESOLVERS% ipv6=off;
+	resolver {{ DNS_RESOLVERS }} ipv6=off;
 
 	# remove ports when sending redirects
 	port_in_redirect off;
 
 	# lua path and dicts
 	lua_package_path "/usr/local/lib/lua/?.lua;;";
-	%WHITELIST_IP_CACHE%
-	%WHITELIST_REVERSE_CACHE%
-	%BLACKLIST_IP_CACHE%
-	%BLACKLIST_REVERSE_CACHE%
-	%DNSBL_CACHE%
-	%BLOCK_PROXIES%
-	%BLOCK_ABUSERS%
-	%BLOCK_TOR_EXIT_NODES%
-	%BLOCK_USER_AGENTS%
-	%BLOCK_REFERRERS%
-	%BAD_BEHAVIOR%
+	{% if has_value("USE_WHITELIST_IP", "yes") %}lua_shared_dict whitelist_ip_cache 10m;{% endif %}
+	{% if has_value("USE_WHITELIST_REVERSE", "yes") %}lua_shared_dict whitelist_reverse_cache 10m;{% endif %}
+	{% if has_value("USE_BLACKLIST_IP", "yes") %}lua_shared_dict blacklist_ip_cache 10m;{% endif %}
+	{% if has_value("USE_BLACKLIST_REVERSE", "yes") %}lua_shared_dict blacklist_reverse_cache 10m;{% endif %}
+	{% if has_value("USE_DNSBL", "yes") %}lua_shared_dict dnsbl_cache 10m;{% endif %}
+	{% if has_value("BLOCK_PROXIES", "yes") %}lua_shared_dict proxies_data 250m;{% endif %}
+	{% if has_value("BLOCK_ABUSERS", "yes") %}lua_shared_dict abusers_data 50m;{% endif %}
+	{% if has_value("BLOCK_TOR_EXIT_NODE", "yes") %}lua_shared_dict tor_exit_nodes_data 1m;{% endif %}
+	{% if has_value("BLOCK_USER_AGENT", "yes") %}lua_shared_dict user_agents_data 1m;{% endif %}
+	{% if has_value("BLOCK_USER_AGENT", "yes") %}lua_shared_dict user_agents_cache 10m;{% endif %}
+	{% if has_value("BLOCK_REFERRER", "yes") %}lua_shared_dict referrers_data 1m;{% endif %}
+	{% if has_value("BLOCK_REFERRER", "yes") %}lua_shared_dict referrers_cache 10m;{% endif %}
+	{% if has_value("USE_BAD_BEHAVIOR", "yes") %}lua_shared_dict behavior_ban 10m;{% endif %}
+	{% if has_value("USE_BAD_BEHAVIOR", "yes") %}lua_shared_dict behavior_count 10m;{% endif %}
 
 	# shared memory zone for limit_req
-	%LIMIT_REQ_ZONE%
+	{% if has_value("USE_LIMIT_REQ", "yes") %}limit_req_zone $binary_remote_addr$uri zone=limit:{{ LIMIT_REQ_CACHE }} rate={{ LIMIT_REQ_RATE }};{% endif %}
 
 	# shared memory zone for limit_conn
-	%LIMIT_CONN_ZONE%
+	{% if has_value("USE_LIMIT_CONN", "yes") %}limit_conn_zone $binary_remote_addr zone=ddos:{{ LIMIT_CONN_CACHE }};{% endif %}
 
 	# whitelist or blacklist country
-	%USE_COUNTRY%
+	{% if BLACKLIST_COUNTRY != "" or WHITELIST_COUNTRY != "" %}include /etc/nginx/geoip.conf;{% endif %}
 
 	# zone for proxy_cache
-	%PROXY_CACHE_PATH%
+	{% if has_value("USE_PROXY_CACHE", "yes") %}proxy_cache_path /tmp/proxy_cache keys_zone=proxycache:{{ PROXY_CACHE_PATH_ZONE_SIZE }} {{ PROXY_CACHE_PATH_PARAMS }};{% endif %}
 
 	# custom http confs
 	include /http-confs/*.conf;
@@ -110,11 +113,19 @@ http {
 	include /etc/nginx/init-lua.conf;
 
 	# default server when MULTISITE=yes
-	%MULTISITE_DEFAULT_SERVER%
+	{% if MULTISITE == "yes" %}include /etc/nginx/multisite-default-server.conf;{% endif %}
 
 	# server config(s)
-	%INCLUDE_SERVER%
+	{% if SWARM_MODE == "no" %}
+		{% if MULTISITE == "yes" %}
+			{% for server_name in SERVER_NAME.split(" ") %}
+	include /etc/nginx/{{ server_name }}/server.conf;
+			{% endfor %}
+		{% else %}
+	include /etc/nginx/server.conf;
+		{% endif %}
+	{% endif %}
 
 	# API
-	%USE_API%
+	{% if USE_API == "yes" %}include /etc/nginx/api.conf;{% endif %}
 }

gen/Configurator.py

@@ -40,4 +40,6 @@ class Configurator :
 			real_var = var
 		elif var[len(var.split("_")[0])+1:] in self.__settings :
 			real_var = var[len(var.split("_")[0])+1:]
+		print(real_var)
+		print(var[len(var.split("_")[0])+1:])
 		return real_var != "" and re.search(self.__settings[real_var]["regex"], value) and (not multisite_only or self.__settings[real_var]["context"] == "multisite")

gen/Templator.py

@@ -21,9 +21,17 @@ class Templator :
 			if os.path.isfile(filename) :
 				relative_filename = filename.replace(self.__input_path, "").replace(type + "/", "")
 				template = self.__template_env.get_template(type + "/" + relative_filename)
-				output = template.render(real_config)
+				template.globals["has_value"] = Templator.has_value
+				output = template.render(real_config, all=real_config)
 				if "/" in relative_filename :
 					directory = relative_filename.replace(relative_filename.split("/")[-1], "")
 					pathlib.Path(output_path + "/" + directory).mkdir(parents=True, exist_ok=True)
 				with open(output_path + "/" + relative_filename, "w") as f :
 					f.write(output)
+
+	@jinja2.contextfunction
+	def has_value(context, name, value) :
+		for k, v in context.items() :
+			if (k == name or k.endswith("_" + name)) and v == value :
+				return True
+		return False