-
Notifications
You must be signed in to change notification settings - Fork 11
/
Copy pathmacros.jinja
79 lines (65 loc) · 2.53 KB
/
macros.jinja
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
{%- macro filebeat_prospector(log_source, paths=[], multiline=True) -%}
{%- set log_paths = [paths] if paths is string else paths -%}
- paths:
{%- for path in log_paths %}
- {{ path }}
{%- endfor %}
exclude_files:
- .gz$
encoding: plain
fields:
log_source: {{ log_source }}
input_type: log
document_type: log
{%- if multiline %}
multiline:
pattern: ^[[:space:]]
match: after
{%- endif %}
{%- endmacro -%}
{%- macro nginx_ssl_config(key, cert, dhparam) -%}
- ssi: 'on'
- ssl: 'on'
- ssl_session_cache: shared:SSL:10m
- ssl_session_timeout: 10m
- ssl_certificate_key: {{ key }}
- ssl_certificate: {{ cert }}
- ssl_protocols: TLSv1 TLSv1.1 TLSv1.2
- ssl_ciphers: 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS'
- ssl_prefer_server_ciphers: 'on'
- ssl_dhparam: {{ dhparam }}
{%- endmacro -%}
{%- macro nginx_proxy_config(
proxy_pass='http://127.0.0.1:8282',
proxy_redirect='http:// https://',
front_end_port=False,
front_end_https=False,
cache=False) -%}
- proxy_pass: {{ proxy_pass }}
- proxy_redirect: {{ proxy_redirect }}
{% if not cache -%}
- proxy_no_cache: '"1"'
{%- else -%}
- proxy_hide_header: Set-Cookie
- proxy_ignore_headers: Cache-Control Set-Cookie
{%- endif %}
- proxy_connect_timeout: 60
- proxy_send_timeout: 60
- proxy_read_timeout: 60
- send_timeout: 60
- proxy_http_version: 1.1
- proxy_set_header: Host $host{%- if front_end_port %}:{{ front_end_port }}{%- endif %}
- proxy_set_header: X-Forwarded-For $proxy_add_x_forwarded_for
- proxy_set_header: X-Forwarded-Proto $scheme
- proxy_set_header: X-Forwarded-Host $host{%- if front_end_port %}:{{ front_end_port }}{%- endif %}
- proxy_set_header: X-Forwarded-Server $host
- proxy_set_header: X-Forwarded-Port $server_port
{% if front_end_https -%}
- add_header: Front-End-Https 'on'
{%- endif %}
- 'if (-f $document_root/maintenance.html)':
- return: 503
{% if cache -%}
- include: {{ cache }}
{%- endif %}
{%- endmacro -%}