Add webroot param to add_nginx_domain (#70)

* add webroot param to add_nginx_domain * add slash to webroot param docstring Co-authored-by: missytake <missytake@systemli.org> * make webroot notrequire proxyport Co-authored-by: missytake <missytake@systemli.org> * fix nginx template for webroot param Co-authored-by: missytake <missytake@systemli.org> * remove unneeded lines from webroot nginx config * rename webroot jinja template --------- Co-authored-by: missytake <missytake@systemli.org>
2024-04-24 12:44:16 +02:00 · 2024-04-24 12:44:16 +02:00 · f289afbbef
parent d5c5fe3098
commit f289afbbef
2 changed files with 25 additions and 1 deletions
--- a/pyinfra_nginx/nginx.py
+++ b/pyinfra_nginx/nginx.py
@ -18,11 +18,12 @@ def deploy_nginx():
        packages = ["nginx-extras"],
    )

-def add_nginx_domain(domain: str, config_path: str = None, proxy_port: int = None, enabled=True, acmetool=True):
+def add_nginx_domain(domain: str, config_path: str = None, webroot: str = None, proxy_port: int = None, enabled=True, acmetool=True):
    """Let a domain be handled by nginx, create a Let's Encrypt certificate for it, and deploy the config.

    :param domain: the domain of the website
    :param config_path: the local path to the nginx config file
+    :param webroot: path to a webroot directory, e.g. /var/www/staging/. Generates its own config from template.
    :param proxy_port: proxy_pass all HTTP traffic to some internal port
    :param enabled: whether the site should be enabled at /etc/nginx/sites-enabled
    :param acmetool: whether acmetool should fetch TLS certs for the domain
@ -49,6 +50,16 @@ def add_nginx_domain(domain: str, config_path: str = None, proxy_port: int = Non
                group="root",
                mode="644",
            )
+        elif webroot:
+                config = files.template(
+                src=importlib.resources.files(__package__) / "webroot.nginx_config.j2",
+                dest=f"/etc/nginx/sites-available/{domain}",
+                user="root",
+                group="root",
+                mode="644",
+                webroot=webroot,
+                domain=domain,
+            )
        elif proxy_port:
            config = files.template(
                src=importlib.resources.files(__package__) / "proxy_pass.nginx_config.j2",
--- a/pyinfra_nginx/webroot.nginx_config.j2
+++ b/pyinfra_nginx/webroot.nginx_config.j2
@ -0,0 +1,13 @@
+server {
+    server_name {{ domain }};
+    root {{ webroot }};
+
+    location / {
+        try_files $uri $uri/ $uri.html =404;
+	}
+
+    listen [::]:443 ssl http2;
+    listen 443 ssl http2;
+    ssl_certificate /var/lib/acme/live/{{ domain }}/fullchain; # managed by acmetool
+    ssl_certificate_key /var/lib/acme/live/{{ domain }}/privkey; # managed by acmetool
+}