nginx-server-block-file
Description
Nginx server configuration
Variables
| Name | Type | Default | Description |
|---|---|---|---|
|
string | -- | The path to the file. Required |
|
string | -- | The access log. |
|
string | -- | Adding header. |
|
string | Please authenticate. | The message that will be displayed to the user. |
|
string | /etc/htpasswd | The file to store htpasswd information. |
|
string | -- | Client max body size. |
|
boolean | False | One Nginx instance can only have one 'default' server, this is used for everything that hasn't been caught otherwise. |
|
boolean | False | Whether to disable ipv6 for this server block. |
|
string | /var/www/html | The document root. |
|
string | -- | The error log path and (optional) log level. |
|
string | -- | The error page. |
|
string | -- | The group of the file. |
|
dict | ordereddict() | gzip configuration, if enabled |
|
boolean | -- | Whether to enable gzip. |
|
list | ['index.html', 'index.htm'] | The index files. |
|
integer | 80 | The port to listen to. |
|
integer | 443 | The port to listen for https. |
|
list | [] | A list of location blocks. |
|
string | -- | The permissions of the file. |
|
string | -- | The owner of the file. |
|
string | -- | Proxy read timeout. |
|
list | -- | The server names. |
|
string | -- | The ssl certificate file. |
|
string | -- | The ssl certificate key file. |
|
string | -- | The ssl certificate chain file. |
|
list | [] | A list of upstreams. |
|
boolean | False | Whether to setup basic auth. |
|
boolean | False | Whether to use https. All http traffic will be redirected to https. |
|
boolean | True | Whether to use letsencrypt certificates. If this is the case, and 'use_https' is selected, the ssl_* certificate paths don't need to be provided, and the location to renew them will be added automatically. |
Code
doc: short_help: Nginx server configuration todo: - nginx basic auth args: default_server: doc: short_help: Whether this server is the 'default' (catchall) server. help: | One Nginx instance can only have one 'default' server, this is used for everything that hasn't been caught otherwise. references: - '[Nginx server block documentation](https://www.nginx.com/resources/wiki/start/topics/examples/server_blocks/#a-default-catch-all-server-block)' type: boolean default: false required: false cli: is_flag: true use_https: doc: short_help: Whether to use https. help: | Whether to use https. All http traffic will be redirected to https. type: boolean required: false default: false use_letsencrypt: doc: short_help: Whether to use letsencrypt certificates. help: | Whether to use [letsencrypt](https://letsencrypt.org/) certificates. If this is the case, and 'use_https' is selected, the ssl_* certificate paths don't need to be provided, and the location to renew them will be added automatically. references: - '[LetsEncrypt homepage](https://letsencrypt.org/)' type: boolean required: false default: true cli: enabled: false listen_port_https: doc: short_help: The port to listen for https. type: integer default: 443 required: false listen_port: doc: short_help: The port to listen to. type: integer required: false default: 80 server_admin: doc: short_help: The server admin email. type: string required: false cli: metavar: EMAIL access_log: doc: short_help: The access log. type: string required: false cli: metavar: PATH error_log: doc: short_help: The error log path and (optional) log level. references: - '[Nginx core documentation](http://nginx.org/en/docs/ngx_core_module.html#error_log)' type: string required: false cli: metavar: PATH server_names: doc: short_help: The server names. references: - '[Nginx server documentation](https://www.nginx.com/resources/wiki/start/topics/examples/server_blocks/#wildcard-subdomains-in-a-parent-folder)' type: list required: false empty: true schema: type: string cli: param_decls: - --server-name - -n document_root: doc: short_help: The document root. type: string required: false default: /var/www/html cli: metavar: PATH ssl_certificate_file: doc: short_help: The ssl certificate file. type: string required: false cli: metavar: PATH ssl_certificate_key_file: doc: short_help: The ssl certificate key file. type: string required: false cli: metavar: PATH ssl_trusted_certificate_file: doc: short_help: The ssl certificate chain file. type: string required: false cli: metavar: PATH index: doc: short_help: The index files. type: list schema: type: string default: - index.html - index.htm required: false cli: metavar: FILENAME error_page: doc: short_help: The error page. type: string required: false add_header: doc: short_help: Adding header. type: string required: false upstream: doc: short_help: A list of upstreams. type: list required: false default: [] empty: true schema: type: dict schema: name: type: string required: true empty: false properties: type: string required: true empty: false cli: enabled: false location_blocks: doc: short_help: A list of location blocks. references: - '[DigitalOcean nginx location tutorial](https://www.digitalocean.com/community/tutorials/understanding-nginx-server-and-location-block-selection-algorithms )' type: list required: false default: [] empty: true schema: type: dict schema: location_match: type: string required: true location_modifier: type: string required: false allowed: - '=' - '~' - ~* - ^~ properties: type: string required: false default: '' cli: enabled: false gzip_enabled: doc: short_help: Whether to enable gzip. type: boolean required: false cli: is_flag: true gzip: doc: short_help: gzip configuration, if enabled references: - '[Nginx gzip module documentation](http://nginx.org/en/docs/http/ngx_http_gzip_module.html)' type: dict required: false empty: true default: {} schema: gzip_buffers: type: string required: false gzip_comp_level: type: integer min: 1 max: 9 required: false gzip_disable: type: string required: false gzip_http_version: type: string required: false gzip_min_length: type: integer required: false gzip_proxied: type: string required: false gzip_types: type: string required: false gzip_vary: type: string allowed: - on - off proxy_read_timeout: doc: short_help: Proxy read timeout. type: string required: false client_max_body_size: doc: short_help: Client max body size. type: string required: false webserver_user: doc: short_help: The user to run the webserver as. type: string required: false cli: metavar: USERNAME webserver_group: doc: short_help: The group to run the webserver as (if applicable). type: string required: false cli: metavar: GROUP letsencrypt_staging: doc: short_help: Whether to use the letsencrypt staging server (for developing -- production only allows a few requests per day). type: boolean required: false default: false cli: is_flag: true use_basic_auth: doc: short_help: Whether to setup basic auth. type: boolean required: false default: false cli: enabled: false basic_auth_message: doc: short_help: The message that will be displayed to the user. help: | The message that will be displayed to the user. type: string empty: false required: false default: Please authenticate. basic_auth_users: doc: short_help: A dict with username as key, password as value. type: dict required: false cli: enabled: false basic_auth_user_file: doc: short_help: The file to store htpasswd information. type: string required: false default: /etc/htpasswd cli: show_default: true enabled: false restart_webserver: doc: short_help: Whether to restart the webserver afterwards. type: boolean required: false default: false cli: is_flag: true disable_ipv6: doc: short_help: Whether to disable ipv6 for this server block. type: boolean required: false default: false cli: is_flag: true param_decls: - --disable-ipv6 _import: - file-with-content frecklets: - file-with-content: path: '{{:: path ::}}' group: '{{:: group ::}}' owner: '{{:: owner ::}}' mode: '{{:: mode ::}}' content: |- {%:: for u in upstream ::%} upstream {{:: u.name ::}} { {{:: u.properties | indent(2, True) ::}} } {%:: endfor ::%} {%:: if use_https ::%} server { listen {{:: listen_port ::}}; {%:: if not disable_ipv6 ::%}listen [::]:{{:: listen_port ::}};{%:: endif ::%} {%:: if server_names is defined and server_names ::%}server_name {{:: server_names | join(' ') ::}};{%:: endif ::%} return 301 https://{{:: server_names[0] ::}}$request_uri; } {%:: endif ::%} server { listen {%:: if not use_https ::%}{{:: listen_port ::}}{%:: else ::%}{{:: listen_port_https ::}} ssl http2{%:: endif ::%}{%:: if default_server ::%} default_server{%:: endif ::%}; {%:: if not disable_ipv6 ::%}listen [::]:{%:: if not use_https ::%}{{:: listen_port ::}}{%:: else ::%}{{:: listen_port_https ::}} ssl http2{%:: endif ::%}{%:: if default_server ::%} default_server{%:: endif ::%};{%:: endif ::%} {%:: if server_names is defined and server_names ::%}server_name {{:: server_names | join(' ') ::}};{%:: endif ::%} root "{{:: document_root ::}}"; {%:: if error_page ::%}error_page {{:: error_page ::}};{%:: endif ::%} {%:: if access_log ::%}access_log {{:: access_log ::}};{%:: endif ::%} {%:: if error_log ::%}error_log {{:: error_log ::}};{%:: endif ::%} {%:: if index ::%}index {{:: index | join(' ') ::}};{%:: endif ::%} {%:: if add_header ::%}add_header {{:: add_header ::}};{%:: endif ::%} {%:: if use_https ::%} {%:: if use_letsencrypt ::%} ssl_certificate /etc/letsencrypt/live/{{:: server_names[0] ::}}/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/{{:: server_names[0] ::}}/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/{{:: server_names[0] ::}}/fullchain.pem; location ~ /\.well-known\/acme-challenge { allow all; default_type "text/plain"; } {%:: else ::%} {%:: if ssl_certificate_file ::%}ssl_certificate {{:: ssl_certificate_file ::}};{%:: endif ::%} {%:: if ssl_certificate_key_file ::%}ssl_certificate_key {{:: ssl_certificate_key_file ::}};{%:: endif ::%} {%:: if ssl_trusted_certificate_file ::%}ssl_trusted_certificate {{:: ssl_trusted_certificate_file ::}};{%:: endif ::%} {%:: endif ::%} {%:: endif ::%} {%:: if use_basic_auth ::%} auth_basic "{{:: basic_auth_message ::}}"; auth_basic_user_file {{:: basic_auth_user_file ::}}; {%:: endif ::%} {%:: if gzip_enabled ::%} gzip on; {%:: for k, v in gzip.items() ::%} {{:: k ::}} {{:: v ::}};{%:: endfor ::%} {%:: endif ::%} {%:: if proxy_read_timeout ::%} proxy_read_timeout {{:: proxy_read_timeout ::}}; {%:: endif ::%} {%:: if client_max_body_size ::%} client_max_body_size {{:: client_max_body_size ::}}; {%:: endif ::%} {%:: for l in location_blocks ::%} location {%:: if l.location_modifier ::%}{{:: l.location_modifier ::}}{%:: endif ::%} {{:: l.location_match ::}} { {{:: l.properties | indent(4, true) ::}} } {%:: endfor ::%} }
frecklecute nginx-server-block-file --help Usage: frecklecute nginx-server-block-file [OPTIONS] PATH Nginx server configuration Options: --access-log PATH The access log. --add-header ADD_HEADER Adding header. --basic-auth-message BASIC_AUTH_MESSAGE The message that will be displayed to the user. --client-max-body-size CLIENT_MAX_BODY_SIZE Client max body size. --default-server / --no-default-server Whether this server is the 'default' (catchall) server. --disable-ipv6 Whether to disable ipv6 for this server block. --document-root PATH The document root. --error-log PATH The error log path and (optional) log level. --error-page ERROR_PAGE The error page. --group GROUP The group of the file. --gzip GZIP gzip configuration, if enabled --gzip-enabled / --no-gzip-enabled Whether to enable gzip. --index FILENAME The index files. --listen-port LISTEN_PORT The port to listen to. --listen-port-https LISTEN_PORT_HTTPS The port to listen for https. --mode MODE The permissions of the file. --owner USER The owner of the file. --proxy-read-timeout PROXY_READ_TIMEOUT Proxy read timeout. -n, --server-name SERVER_NAMES The server names. --ssl-certificate-file PATH The ssl certificate file. --ssl-certificate-key-file PATH The ssl certificate key file. --ssl-trusted-certificate-file PATH The ssl certificate chain file. --use-https / --no-use-https Whether to use https. --help Show this message and exit.
# -*- coding: utf-8 -*- # # module path: pycklets.nginx_server_block_file.NginxServerBlockFile # from dataclasses import dataclass from pyckles import AutoPycklet from typing import * # noqa @dataclass class NginxServerBlockFile(AutoPycklet): """Nginx server configuration Args: access_log: The access log. add_header: Adding header. basic_auth_message: The message that will be displayed to the user. basic_auth_user_file: The file to store htpasswd information. client_max_body_size: Client max body size. default_server: Whether this server is the 'default' (catchall) server. disable_ipv6: Whether to disable ipv6 for this server block. document_root: The document root. error_log: The error log path and (optional) log level. error_page: The error page. group: The group of the file. gzip: gzip configuration, if enabled gzip_enabled: Whether to enable gzip. index: The index files. listen_port: The port to listen to. listen_port_https: The port to listen for https. location_blocks: A list of location blocks. mode: The permissions of the file. owner: The owner of the file. path: The path to the file. proxy_read_timeout: Proxy read timeout. server_names: The server names. ssl_certificate_file: The ssl certificate file. ssl_certificate_key_file: The ssl certificate key file. ssl_trusted_certificate_file: The ssl certificate chain file. upstream: A list of upstreams. use_basic_auth: Whether to setup basic auth. use_https: Whether to use https. use_letsencrypt: Whether to use letsencrypt certificates. """ FRECKLET_ID = "nginx-server-block-file" access_log: str = None add_header: str = None basic_auth_message: str = None basic_auth_user_file: str = None client_max_body_size: str = None default_server: bool = None disable_ipv6: bool = None document_root: str = None error_log: str = None error_page: str = None group: str = None gzip: Dict = None gzip_enabled: bool = None index: List = None listen_port: int = None listen_port_https: int = None location_blocks: List = None mode: str = None owner: str = None path: str = None proxy_read_timeout: str = None server_names: List = None ssl_certificate_file: str = None ssl_certificate_key_file: str = None ssl_trusted_certificate_file: str = None upstream: List = None use_basic_auth: bool = None use_https: bool = None use_letsencrypt: bool = None def __post_init__(self): super(NginxServerBlockFile, self).__init__(var_names=["access_log", "add_header", "basic_auth_message", "basic_auth_user_file", "client_max_body_size", "default_server", "disable_ipv6", "document_root", "error_log", "error_page", "group", "gzip", "gzip_enabled", "index", "listen_port", "listen_port_https", "location_blocks", "mode", "owner", "path", "proxy_read_timeout", "server_names", "ssl_certificate_file", "ssl_certificate_key_file", "ssl_trusted_certificate_file", "upstream", "use_basic_auth", "use_https", "use_letsencrypt"]) frecklet_class = NginxServerBlockFile
# -*- coding: utf-8 -*- # # module path: pycklets.nginx_server_block_file.NginxServerBlockFile # from pyckles import AutoPycklet class NginxServerBlockFile(AutoPycklet): """Nginx server configuration Args: access_log: The access log. add_header: Adding header. basic_auth_message: The message that will be displayed to the user. basic_auth_user_file: The file to store htpasswd information. client_max_body_size: Client max body size. default_server: Whether this server is the 'default' (catchall) server. disable_ipv6: Whether to disable ipv6 for this server block. document_root: The document root. error_log: The error log path and (optional) log level. error_page: The error page. group: The group of the file. gzip: gzip configuration, if enabled gzip_enabled: Whether to enable gzip. index: The index files. listen_port: The port to listen to. listen_port_https: The port to listen for https. location_blocks: A list of location blocks. mode: The permissions of the file. owner: The owner of the file. path: The path to the file. proxy_read_timeout: Proxy read timeout. server_names: The server names. ssl_certificate_file: The ssl certificate file. ssl_certificate_key_file: The ssl certificate key file. ssl_trusted_certificate_file: The ssl certificate chain file. upstream: A list of upstreams. use_basic_auth: Whether to setup basic auth. use_https: Whether to use https. use_letsencrypt: Whether to use letsencrypt certificates. """ FRECKLET_ID = "nginx-server-block-file" def __init__(self, access_log=None, add_header=None, basic_auth_message="Please authenticate.", basic_auth_user_file="/etc/htpasswd", client_max_body_size=None, default_server=None, disable_ipv6=None, document_root="/var/www/html", error_log=None, error_page=None, group=None, gzip=None, gzip_enabled=None, index=['index.html', 'index.htm'], listen_port=80, listen_port_https=443, location_blocks=None, mode=None, owner=None, path=None, proxy_read_timeout=None, server_names=None, ssl_certificate_file=None, ssl_certificate_key_file=None, ssl_trusted_certificate_file=None, upstream=None, use_basic_auth=None, use_https=None, use_letsencrypt=True): super(NginxServerBlockFile, self).__init__(var_names=["access_log", "add_header", "basic_auth_message", "basic_auth_user_file", "client_max_body_size", "default_server", "disable_ipv6", "document_root", "error_log", "error_page", "group", "gzip", "gzip_enabled", "index", "listen_port", "listen_port_https", "location_blocks", "mode", "owner", "path", "proxy_read_timeout", "server_names", "ssl_certificate_file", "ssl_certificate_key_file", "ssl_trusted_certificate_file", "upstream", "use_basic_auth", "use_https", "use_letsencrypt"]) self._access_log = access_log self._add_header = add_header self._basic_auth_message = basic_auth_message self._basic_auth_user_file = basic_auth_user_file self._client_max_body_size = client_max_body_size self._default_server = default_server self._disable_ipv6 = disable_ipv6 self._document_root = document_root self._error_log = error_log self._error_page = error_page self._group = group self._gzip = gzip self._gzip_enabled = gzip_enabled self._index = index self._listen_port = listen_port self._listen_port_https = listen_port_https self._location_blocks = location_blocks self._mode = mode self._owner = owner self._path = path self._proxy_read_timeout = proxy_read_timeout self._server_names = server_names self._ssl_certificate_file = ssl_certificate_file self._ssl_certificate_key_file = ssl_certificate_key_file self._ssl_trusted_certificate_file = ssl_trusted_certificate_file self._upstream = upstream self._use_basic_auth = use_basic_auth self._use_https = use_https self._use_letsencrypt = use_letsencrypt @property def access_log(self): return self._access_log @access_log.setter def access_log(self, access_log): self._access_log = access_log @property def add_header(self): return self._add_header @add_header.setter def add_header(self, add_header): self._add_header = add_header @property def basic_auth_message(self): return self._basic_auth_message @basic_auth_message.setter def basic_auth_message(self, basic_auth_message): self._basic_auth_message = basic_auth_message @property def basic_auth_user_file(self): return self._basic_auth_user_file @basic_auth_user_file.setter def basic_auth_user_file(self, basic_auth_user_file): self._basic_auth_user_file = basic_auth_user_file @property def client_max_body_size(self): return self._client_max_body_size @client_max_body_size.setter def client_max_body_size(self, client_max_body_size): self._client_max_body_size = client_max_body_size @property def default_server(self): return self._default_server @default_server.setter def default_server(self, default_server): self._default_server = default_server @property def disable_ipv6(self): return self._disable_ipv6 @disable_ipv6.setter def disable_ipv6(self, disable_ipv6): self._disable_ipv6 = disable_ipv6 @property def document_root(self): return self._document_root @document_root.setter def document_root(self, document_root): self._document_root = document_root @property def error_log(self): return self._error_log @error_log.setter def error_log(self, error_log): self._error_log = error_log @property def error_page(self): return self._error_page @error_page.setter def error_page(self, error_page): self._error_page = error_page @property def group(self): return self._group @group.setter def group(self, group): self._group = group @property def gzip(self): return self._gzip @gzip.setter def gzip(self, gzip): self._gzip = gzip @property def gzip_enabled(self): return self._gzip_enabled @gzip_enabled.setter def gzip_enabled(self, gzip_enabled): self._gzip_enabled = gzip_enabled @property def index(self): return self._index @index.setter def index(self, index): self._index = index @property def listen_port(self): return self._listen_port @listen_port.setter def listen_port(self, listen_port): self._listen_port = listen_port @property def listen_port_https(self): return self._listen_port_https @listen_port_https.setter def listen_port_https(self, listen_port_https): self._listen_port_https = listen_port_https @property def location_blocks(self): return self._location_blocks @location_blocks.setter def location_blocks(self, location_blocks): self._location_blocks = location_blocks @property def mode(self): return self._mode @mode.setter def mode(self, mode): self._mode = mode @property def owner(self): return self._owner @owner.setter def owner(self, owner): self._owner = owner @property def path(self): return self._path @path.setter def path(self, path): self._path = path @property def proxy_read_timeout(self): return self._proxy_read_timeout @proxy_read_timeout.setter def proxy_read_timeout(self, proxy_read_timeout): self._proxy_read_timeout = proxy_read_timeout @property def server_names(self): return self._server_names @server_names.setter def server_names(self, server_names): self._server_names = server_names @property def ssl_certificate_file(self): return self._ssl_certificate_file @ssl_certificate_file.setter def ssl_certificate_file(self, ssl_certificate_file): self._ssl_certificate_file = ssl_certificate_file @property def ssl_certificate_key_file(self): return self._ssl_certificate_key_file @ssl_certificate_key_file.setter def ssl_certificate_key_file(self, ssl_certificate_key_file): self._ssl_certificate_key_file = ssl_certificate_key_file @property def ssl_trusted_certificate_file(self): return self._ssl_trusted_certificate_file @ssl_trusted_certificate_file.setter def ssl_trusted_certificate_file(self, ssl_trusted_certificate_file): self._ssl_trusted_certificate_file = ssl_trusted_certificate_file @property def upstream(self): return self._upstream @upstream.setter def upstream(self, upstream): self._upstream = upstream @property def use_basic_auth(self): return self._use_basic_auth @use_basic_auth.setter def use_basic_auth(self, use_basic_auth): self._use_basic_auth = use_basic_auth @property def use_https(self): return self._use_https @use_https.setter def use_https(self, use_https): self._use_https = use_https @property def use_letsencrypt(self): return self._use_letsencrypt @use_letsencrypt.setter def use_letsencrypt(self, use_letsencrypt): self._use_letsencrypt = use_letsencrypt frecklet_class = NginxServerBlockFile