mirror of
https://github.com/frappe/bench.git
synced 2024-11-14 09:14:04 +00:00
add https to nginx config
This commit is contained in:
parent
59eb9fd9b3
commit
198519ee27
@ -31,10 +31,16 @@ def get_site_config(site, bench='.'):
|
||||
|
||||
def get_sites_with_config(bench='.'):
|
||||
sites = get_sites()
|
||||
return [{
|
||||
ret = []
|
||||
for site in sites:
|
||||
site_config = get_site_config(site, bench=bench)
|
||||
ret.append({
|
||||
"name": site,
|
||||
"port": get_site_config(site, bench=bench).get('nginx_port')
|
||||
} for site in sites]
|
||||
"port": site_config.get('nginx_port'),
|
||||
"ssl_certificate": site_config.get('ssl_certificate'),
|
||||
"ssl_certificate_key": site_config.get('ssl_certificate_key')
|
||||
})
|
||||
return ret
|
||||
|
||||
def generate_nginx_config(bench='.'):
|
||||
template = env.get_template('nginx.conf')
|
||||
|
@ -5,15 +5,7 @@ upstream frappe {
|
||||
server 127.0.0.1:8000 fail_timeout=0;
|
||||
}
|
||||
|
||||
{% macro server_block(site, port=80, default=False, server_name=None, sites=None, dns_multitenant=False) -%}
|
||||
server {
|
||||
listen {{ site.port if not default and site.port else port }} {% if default %} default {% endif %};
|
||||
client_max_body_size 4G;
|
||||
{% if dns_multitenant and sites %}
|
||||
server_name {% for site in sites %} {{ site.name }} {% endfor %};
|
||||
{% else %}
|
||||
server_name {{ site.name if not server_name else server_name }};
|
||||
{% endif %}
|
||||
{% macro location_block(site, port=80, default=False, server_name=None, sites=None, dns_multitenant=False) -%}
|
||||
keepalive_timeout 5;
|
||||
sendfile on;
|
||||
root {{ sites_dir }};
|
||||
@ -43,21 +35,58 @@ upstream frappe {
|
||||
proxy_redirect off;
|
||||
proxy_pass http://frappe;
|
||||
}
|
||||
{%- endmacro %}
|
||||
|
||||
{% macro server_name_block(site, default=False, server_name=None, sites=None, dns_multitenant=False) -%}
|
||||
client_max_body_size 4G;
|
||||
{% if dns_multitenant and sites %}
|
||||
server_name {% for site in sites %} {{ site.name }} {% endfor %};
|
||||
{% else %}
|
||||
server_name {{ site.name if not server_name else server_name }};
|
||||
{% endif %}
|
||||
{%- endmacro %}
|
||||
|
||||
{% macro server_block_http(site, port=80, default=False, server_name=None, sites=None, dns_multitenant=False) -%}
|
||||
server {
|
||||
listen {{ site.port if not default and site.port else port }} {% if default %} default {% endif %};
|
||||
{{ server_name_block(site, default=default, server_name=server_name, sites=sites, dns_multitenant=dns_multitenant) }}
|
||||
{{ location_block(site, port=port, default=default, server_name=server_name, sites=sites, dns_multitenant=dns_multitenant) }}
|
||||
}
|
||||
{%- endmacro %}
|
||||
|
||||
{% macro server_block_https(site, port=443, default=False, server_name=None, sites=None, dns_multitenant=False) -%}
|
||||
server {
|
||||
listen {{ site.ssl_port if not default and site.ssl_port else port }} {% if default %} default {% endif %};
|
||||
{{ server_name_block(site, default=default, server_name=server_name, sites=sites, dns_multitenant=dns_multitenant) }}
|
||||
|
||||
ssl on;
|
||||
ssl_certificate {{ site.ssl_certificate }};
|
||||
ssl_certificate_key {{ site.ssl_certificate_key }};
|
||||
ssl_session_timeout 5m;
|
||||
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
|
||||
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";
|
||||
ssl_prefer_server_ciphers on;
|
||||
|
||||
{{ location_block(site, port=port, default=default, server_name=server_name, sites=sites, dns_multitenant=dns_multitenant) }}
|
||||
}
|
||||
{%- endmacro %}
|
||||
|
||||
{% for site in sites %}
|
||||
|
||||
{% if site.port %}
|
||||
{{ server_block(site) }}
|
||||
{{ server_block_http(site) }}
|
||||
{% endif %}
|
||||
|
||||
{% if site.ssl_certificate_key and site.ssl_certificate %}
|
||||
{{ server_block_https(site) }}
|
||||
{% endif %}
|
||||
|
||||
{% endfor %}
|
||||
|
||||
{% if default_site %}
|
||||
{{ server_block(default_site, default=True, server_name="frappe_default_site") }}
|
||||
{{ server_block_http(default_site, default=True, server_name="frappe_default_site") }}
|
||||
{% endif %}
|
||||
|
||||
{% if dns_multitenant and sites %}
|
||||
{{ server_block(None, default=False, sites=sites, dns_multitenant=True) }}
|
||||
{{ server_block_http(None, default=False, sites=sites, dns_multitenant=True) }}
|
||||
{% endif %}
|
||||
|
Loading…
Reference in New Issue
Block a user