|
@@ -1,3 +1,8 @@
|
|
|
|
|
+{% include "_assets.conf" %}
|
|
|
|
|
+{% include "_exploits.conf" %}
|
|
|
|
|
+{% include "_hsts.conf" %}
|
|
|
|
|
+
|
|
|
|
|
+
|
|
|
location {{ path }} {
|
|
location {{ path }} {
|
|
|
proxy_set_header Host $host;
|
|
proxy_set_header Host $host;
|
|
|
proxy_set_header X-Forwarded-Scheme $scheme;
|
|
proxy_set_header X-Forwarded-Scheme $scheme;
|
|
@@ -6,25 +11,26 @@
|
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
|
proxy_pass {{ forward_scheme }}://{{ forward_host }}:{{ forward_port }}{{ forward_path }};
|
|
proxy_pass {{ forward_scheme }}://{{ forward_host }}:{{ forward_port }}{{ forward_path }};
|
|
|
|
|
|
|
|
|
|
+
|
|
|
{% if access_list_id > 0 %}
|
|
{% if access_list_id > 0 %}
|
|
|
{% if access_list.items.length > 0 %}
|
|
{% if access_list.items.length > 0 %}
|
|
|
# Authorization
|
|
# Authorization
|
|
|
auth_basic "Authorization required";
|
|
auth_basic "Authorization required";
|
|
|
auth_basic_user_file /data/access/{{ access_list_id }};
|
|
auth_basic_user_file /data/access/{{ access_list_id }};
|
|
|
-
|
|
|
|
|
|
|
+
|
|
|
{{ access_list.passauth }}
|
|
{{ access_list.passauth }}
|
|
|
{% endif %}
|
|
{% endif %}
|
|
|
-
|
|
|
|
|
|
|
+
|
|
|
# Access Rules
|
|
# Access Rules
|
|
|
{% for client in access_list.clients %}
|
|
{% for client in access_list.clients %}
|
|
|
{{- client.rule -}};
|
|
{{- client.rule -}};
|
|
|
{% endfor %}deny all;
|
|
{% endfor %}deny all;
|
|
|
-
|
|
|
|
|
|
|
+
|
|
|
# Access checks must...
|
|
# Access checks must...
|
|
|
{% if access_list.satisfy %}
|
|
{% if access_list.satisfy %}
|
|
|
{{ access_list.satisfy }};
|
|
{{ access_list.satisfy }};
|
|
|
{% endif %}
|
|
{% endif %}
|
|
|
-
|
|
|
|
|
|
|
+
|
|
|
{% endif %}
|
|
{% endif %}
|
|
|
|
|
|
|
|
|
|
|
vipergts450