save

2025-08-01 20:11:48 +02:00 · 2025-08-01 20:11:48 +02:00 · 0c98334d1c
commit 0c98334d1c
parent b3dba4542f
9 changed files with 151 additions and 0 deletions
--- a/recipes/nginx/default.erb
+++ b/recipes/nginx/default.erb
@ -0,0 +1,5 @@
+server {
+    listen 80;
+    listen [::]:80;
+    return 301 https://$host$request_uri;
+}
--- a/recipes/nginx/generate.rb
+++ b/recipes/nginx/generate.rb
@ -0,0 +1,37 @@
+require 'erb'
+
+
+class NGINXProxy
+  class << self
+    attr_accessor :domain, :port, :service
+
+    def domain(value = nil)
+      @domain = value unless value.nil?
+      @domain
+    end
+
+    def port(value = nil)
+      @port = value unless value.nil?
+      @port
+    end
+
+    def service(value = nil)
+      @service = value unless value.nil?
+      @service
+    end
+
+    def generate
+        template = File.read("proxy.erb")
+        template = ERB.new(template)
+        template.result(binding)
+    end
+  end
+end
+
+class ExampleProxy < NGINXProxy
+  domain "gurgul.org"
+  service "forgejo"
+  port 3000
+end
+
+puts ExampleProxy.generate
--- a/recipes/nginx/proxy.erb
+++ b/recipes/nginx/proxy.erb
@ -0,0 +1,29 @@
+server {
+  root /home/<%= service %>/;
+
+  index index.html index.htm;
+  server_name <%= domain %>;
+  listen [::]:443 ssl ipv6only=on;
+  listen 443 ssl;
+
+  location / {
+    proxy_pass http://localhost:<%= port %>;
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection 'upgrade';
+    proxy_cache_bypass $http_upgrade;
+    
+    proxy_connect_timeout 60s;
+    proxy_send_timeout 60s;
+    proxy_read_timeout 60s;
+  }
+
+  ssl_certificate /etc/letsencrypt/live/<%= domain %>/fullchain.pem;
+  ssl_certificate_key /etc/letsencrypt/live/<%= domain %>/privkey.pem;
+  include /etc/letsencrypt/options-ssl-nginx.conf;
+  ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+}
--- a/recipes/nginx/static.erb
+++ b/recipes/nginx/static.erb
@ -0,0 +1,31 @@
+server {
+    listen 443 ssl;
+    server_name ~^(?<username>[^.]+)\.gurgul\.pro$;
+
+    ssl_certificate /etc/letsencrypt/live/gurgul.pro/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/gurgul.pro/privkey.pem;
+
+    root /home/$username/website;
+    index index.html index.htm index.php;
+
+    location / {
+        try_files $uri $uri/ =404;
+    }
+
+    ## Optional: handle PHP (if using PHP)
+    #location ~ \.php$ {
+    #    include snippets/fastcgi-php.conf;
+    #    fastcgi_pass unix:/run/php/php8.1-fpm.sock; # adjust PHP version as needed
+    #}
+
+    location ~* \.(jpg|jpeg|png|gif|ico|css|js|pdf)$ {
+        expires 7d;
+        access_log off;
+    }
+}
+
+server {
+    listen 80;
+    server_name ~^(?<username>[^.]+)\.gurgul\.pro$;
+    return 301 https://$host$request_uri;
+}