nginx: add config template for 301 redirects

2024-04-24 20:44:38 +02:00 · 2024-04-24 20:44:38 +02:00 · 512d0e8abc
parent f289afbbef
commit 512d0e8abc
2 changed files with 31 additions and 1 deletions
--- a/pyinfra_nginx/nginx.py
+++ b/pyinfra_nginx/nginx.py
@ -18,13 +18,21 @@ def deploy_nginx():
        packages = ["nginx-extras"],
    )

-def add_nginx_domain(domain: str, config_path: str = None, webroot: str = None, proxy_port: int = None, enabled=True, acmetool=True):
+def add_nginx_domain(
+        domain: str,
+        config_path: str = None,
+        webroot: str = None,
+        proxy_port: int = None,
+        redirect: str = None,
+        enabled=True,
+        acmetool=True):
    """Let a domain be handled by nginx, create a Let's Encrypt certificate for it, and deploy the config.

    :param domain: the domain of the website
    :param config_path: the local path to the nginx config file
    :param webroot: path to a webroot directory, e.g. /var/www/staging/. Generates its own config from template.
    :param proxy_port: proxy_pass all HTTP traffic to some internal port
+    :param redirect: where to 301 redirect to, e.g. https://i.delta.chat$request_uri
    :param enabled: whether the site should be enabled at /etc/nginx/sites-enabled
    :param acmetool: whether acmetool should fetch TLS certs for the domain
    """
@ -70,6 +78,16 @@ def add_nginx_domain(domain: str, config_path: str = None, webroot: str = None,
                domain=domain,
                proxy_port=proxy_port,
            )
+        elif redirect:
+            config = files.template(
+                src=importlib.resources.files(__package__) / "redirect.nginx_config.j2",
+                dest=f"/etc/nginx/sites-available/{domain}",
+                user="root",
+                group="root",
+                mode="644",
+                domain=domain,
+                redirect=redirect,
+            )
        config_link = files.link(
            path=f"/etc/nginx/sites-enabled/{domain}",
            target=f"/etc/nginx/sites-available/{domain}",
--- a/pyinfra_nginx/redirect.nginx_config.j2
+++ b/pyinfra_nginx/redirect.nginx_config.j2
@ -0,0 +1,12 @@
+server {
+	server_name {{ domain }};
+
+    return 301 {{ redirect }};
+
+    listen [::]:443 ssl;
+    listen 443 ssl;
+    ssl_certificate /var/lib/acme/live/{{ domain }}/fullchain;
+    ssl_certificate_key /var/lib/acme/live/{{ domain }}/privkey;
+    include /etc/letsencrypt/options-ssl-nginx.conf;
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+}