0x90/pyinfra-nginx
12
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Add webroot param to add_nginx_domain (#70)

Browse source 
* add webroot param to add_nginx_domain

* add slash to webroot param docstring

Co-authored-by: missytake <missytake@systemli.org>

* make webroot notrequire proxyport

Co-authored-by: missytake <missytake@systemli.org>

* fix nginx template for webroot param

Co-authored-by: missytake <missytake@systemli.org>

* remove unneeded lines from webroot nginx config

* rename webroot jinja template

---------

Co-authored-by: missytake <missytake@systemli.org>
This commit is contained in:
hagi 2024-04-24 12:44:16 +02:00 committed by GitHub
parent d5c5fe3098
commit f289afbbef
2 changed files with 25 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
pyinfra_nginx/nginx.py
View file

@ -18,11 +18,12 @@ def deploy_nginx():
packages = ["nginx-extras"], packages = ["nginx-extras"],
) )
def add_nginx_domain(domain: str, config_path: str = None, proxy_port: int = None, enabled=True, acmetool=True): def add_nginx_domain(domain: str, config_path: str = None, webroot: str = None, proxy_port: int = None, enabled=True, acmetool=True):
"""Let a domain be handled by nginx, create a Let's Encrypt certificate for it, and deploy the config. """Let a domain be handled by nginx, create a Let's Encrypt certificate for it, and deploy the config.
:param domain: the domain of the website :param domain: the domain of the website
:param config_path: the local path to the nginx config file :param config_path: the local path to the nginx config file
:param webroot: path to a webroot directory, e.g. /var/www/staging/. Generates its own config from template.
:param proxy_port: proxy_pass all HTTP traffic to some internal port :param proxy_port: proxy_pass all HTTP traffic to some internal port
:param enabled: whether the site should be enabled at /etc/nginx/sites-enabled :param enabled: whether the site should be enabled at /etc/nginx/sites-enabled
:param acmetool: whether acmetool should fetch TLS certs for the domain :param acmetool: whether acmetool should fetch TLS certs for the domain
@ -49,6 +50,16 @@ def add_nginx_domain(domain: str, config_path: str = None, proxy_port: int = Non
group="root", group="root",
mode="644", mode="644",
) )
elif webroot:
config = files.template(
src=importlib.resources.files(__package__) / "webroot.nginx_config.j2",
dest=f"/etc/nginx/sites-available/{domain}",
user="root",
group="root",
mode="644",
webroot=webroot,
domain=domain,
)
elif proxy_port: elif proxy_port:
config = files.template( config = files.template(
src=importlib.resources.files(__package__) / "proxy_pass.nginx_config.j2", src=importlib.resources.files(__package__) / "proxy_pass.nginx_config.j2",

13
pyinfra_nginx/webroot.nginx_config.j2 Normal file
View file

@ -0,0 +1,13 @@
server {
server_name {{ domain }};
root {{ webroot }};
location / {
try_files $uri $uri/ $uri.html =404;
}
listen [::]:443 ssl http2;
listen 443 ssl http2;
ssl_certificate /var/lib/acme/live/{{ domain }}/fullchain; # managed by acmetool
ssl_certificate_key /var/lib/acme/live/{{ domain }}/privkey; # managed by acmetool
}