potluck-nginx 0.0.4 → 0.0.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/potluck/nginx/ssl.rb +4 -3
- data/lib/potluck/nginx/util.rb +12 -12
- data/lib/potluck/nginx.rb +94 -88
- metadata +4 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: b5dc3bb7d62e4244f719abe5110cdb80a972b10f56f13d35844918a3eaa875df
|
4
|
+
data.tar.gz: b971afa507788f9bf2261df078e7df83df963928dba62dcca2e1cbf80a10cd6a
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: d6b3f68bf12bce2e2035689d9c07bd76af04d0f5c8ad596c1dfafb2c5faca4551e9a9d8c64e51fd6fb614f2b7e5dc4746a8f36137b5f416ecd78dffab961c6db
|
7
|
+
data.tar.gz: 3885228d15374b68b7af5d86050aea5bab688e4de24fa4cb18a54599bdece7baa0e6495487b707547be70646eefe4099184b69c60128370151b069153f5b2136
|
data/lib/potluck/nginx/ssl.rb
CHANGED
@@ -49,7 +49,8 @@ module Potluck
|
|
49
49
|
@auto_generated = !crt_file && !key_file && !dhparam_file
|
50
50
|
|
51
51
|
if !@auto_generated && (!crt_file || !key_file || !dhparam_file)
|
52
|
-
raise('Must supply values for all three or none: crt_file, key_file,
|
52
|
+
raise(ArgumentError.new('Must supply values for all three or none: crt_file, key_file, '\
|
53
|
+
'dhparam_file'))
|
53
54
|
end
|
54
55
|
|
55
56
|
@csr_file = File.join(@dir, "#{@host}.csr").freeze
|
@@ -57,13 +58,13 @@ module Potluck
|
|
57
58
|
@key_file = key_file || File.join(@dir, "#{@host}.key").freeze
|
58
59
|
@dhparam_file = dhparam_file || File.join(@dir, 'dhparam.pem').freeze
|
59
60
|
|
60
|
-
@config = {
|
61
|
+
@config = Util.deep_merge({
|
61
62
|
'ssl_certificate' => @crt_file,
|
62
63
|
'ssl_certificate_key' => @key_file,
|
63
64
|
'ssl_dhparam' => @dhparam_file,
|
64
65
|
'ssl_stapling' => ('on' unless @auto_generated),
|
65
66
|
'ssl_stapling_verify' => ('on' unless @auto_generated),
|
66
|
-
}
|
67
|
+
}, DEFAULT_CONFIG, config)
|
67
68
|
end
|
68
69
|
|
69
70
|
##
|
data/lib/potluck/nginx/util.rb
CHANGED
@@ -1,16 +1,16 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
3
|
module Potluck
|
4
|
-
class Nginx
|
4
|
+
class Nginx < Service
|
5
5
|
##
|
6
6
|
# Utility methods for Nginx class.
|
7
7
|
#
|
8
8
|
class Util
|
9
9
|
##
|
10
|
-
# Merges
|
11
|
-
#
|
10
|
+
# Merges N hashes by merging nested hashes rather than overwriting them as is the case with
|
11
|
+
# <tt>Hash#merge</tt>.
|
12
12
|
#
|
13
|
-
# * +hashes+ - Hashes to deep merge.
|
13
|
+
# * +hashes+ - Hashes to deep merge.
|
14
14
|
# * +arrays+ - True if arrays should be merged rather than overwritten (optional, default: false).
|
15
15
|
#
|
16
16
|
# Example:
|
@@ -18,28 +18,28 @@ module Potluck
|
|
18
18
|
# h1 = {hello: {item1: 'world'}}
|
19
19
|
# h2 = {hello: {item2: 'friend'}}
|
20
20
|
#
|
21
|
-
# Util.deep_merge
|
21
|
+
# Util.deep_merge(h1, h2)
|
22
22
|
# # => {hello: {item1: 'world', item2: 'friend'}}
|
23
23
|
#
|
24
|
-
# By default
|
25
|
-
# <tt>Hash#merge
|
26
|
-
#
|
24
|
+
# By default only hashes are merged and arrays are still overwritten as they are with
|
25
|
+
# <tt>Hash#merge</tt>. Passing <tt>arrays: true</tt> will result in arrays being merged similarly to
|
26
|
+
# hashes. Example:
|
27
27
|
#
|
28
28
|
# h1 = {hello: {item1: ['world']}}
|
29
29
|
# h2 = {hello: {item1: ['friend']}}
|
30
30
|
#
|
31
|
-
# Util.deep_merge
|
31
|
+
# Util.deep_merge(h1, h2, arrays: true)
|
32
32
|
# # => {hello: {item1: ['world', 'friend']}}
|
33
33
|
#
|
34
|
-
def self.deep_merge
|
35
|
-
hash = hashes[0]
|
34
|
+
def self.deep_merge(*hashes, arrays: false)
|
35
|
+
hash = hashes[0].dup
|
36
36
|
|
37
37
|
hashes[1..-1].each do |other_hash|
|
38
38
|
other_hash.each do |key, other_value|
|
39
39
|
this_value = hash[key]
|
40
40
|
|
41
41
|
if this_value.kind_of?(Hash) && other_value.kind_of?(Hash)
|
42
|
-
deep_merge
|
42
|
+
hash[key] = deep_merge(this_value, other_value, arrays: arrays)
|
43
43
|
elsif arrays && this_value.kind_of?(Array)
|
44
44
|
hash[key] |= Array(other_value)
|
45
45
|
else
|
data/lib/potluck/nginx.rb
CHANGED
@@ -143,7 +143,7 @@ module Potluck
|
|
143
143
|
##
|
144
144
|
# Returns a hash representation of the Nginx configuration file content. Any configuration passed to
|
145
145
|
# Nginx.new is deep-merged into a base configuration hash, meaning nested hashes are merged rather than
|
146
|
-
# overwritten (see Util.deep_merge
|
146
|
+
# overwritten (see Util.deep_merge).
|
147
147
|
#
|
148
148
|
def config
|
149
149
|
host_subdomains_regex = ([@host] + @subdomains).join('|')
|
@@ -154,97 +154,103 @@ module Potluck
|
|
154
154
|
'server' => "127.0.0.1:#{@port}",
|
155
155
|
},
|
156
156
|
|
157
|
-
'server' => Util.deep_merge
|
158
|
-
|
159
|
-
|
160
|
-
|
161
|
-
|
162
|
-
|
163
|
-
|
164
|
-
|
165
|
-
|
166
|
-
|
167
|
-
|
168
|
-
|
169
|
-
|
170
|
-
|
171
|
-
|
172
|
-
|
173
|
-
'
|
174
|
-
|
175
|
-
|
176
|
-
|
177
|
-
'Referrer-Policy' => '\'same-origin\' always',
|
178
|
-
'X-Frame-Options' => '\'DENY\' always',
|
179
|
-
'X-XSS-Protection' => '\'1; mode=block\' always',
|
180
|
-
'X-Content-Type-Options' => '\'nosniff\' always',
|
181
|
-
},
|
182
|
-
}, @ssl ? @ssl.config : {}).merge!(
|
183
|
-
'location /' => {
|
184
|
-
raw: """
|
185
|
-
if ($host !~ ^#{hosts_subdomains_regex}$) { return 404; }
|
186
|
-
|
187
|
-
set $r 0;
|
188
|
-
set $s $scheme;
|
189
|
-
set $h $host;
|
190
|
-
set $port #{@ssl ? '443' : '80'};
|
191
|
-
set $p '';
|
192
|
-
set $u '';
|
193
|
-
set $q '';
|
194
|
-
|
195
|
-
#{if @www.nil? && @one_host == false
|
196
|
-
nil
|
197
|
-
elsif @www.nil? && @one_host == true
|
198
|
-
"if ($host !~ ^(www.)?#{host_subdomains_regex}$) { set $h $1#{@host}; set $r 1; }"
|
199
|
-
elsif @www == false && @one_host == false
|
200
|
-
"if ($host ~ ^www.(.+)$) { set $h $1; set $r 1; }"
|
201
|
-
elsif @www == false && @one_host == true
|
202
|
-
"if ($host !~ ^#{host_subdomains_regex}$) { set $h #{@host}; set $r 1; }"
|
203
|
-
elsif @www == true && @one_host == false
|
204
|
-
"if ($host !~ ^www.(.+)$) { set $h $1; set $r 1; }"
|
205
|
-
elsif @www == true && @one_host == true
|
206
|
-
"if ($host !~ ^www.#{host_subdomains_regex}$) { set $h www.#{@host}; set $r 1; }"
|
207
|
-
end}
|
208
|
-
|
209
|
-
if ($scheme = #{@other_scheme}) { set $s #{@scheme}; set $r 1; }
|
210
|
-
if ($http_host ~ :([0-9]+)$) { set $p :$1; set $port $1; }
|
211
|
-
if ($request_uri ~ ^([^\\?]+)(\\?+.*)?$) { set $u $1; set $q $2; }
|
212
|
-
|
213
|
-
#{'if ($u ~ //) { set $u $uri; set $r 1; }' if @multiple_slashes == false}
|
214
|
-
#{'if ($q ~ ^\?\?+(.*)$) { set $q ?$1; set $r 1; }' if @multiple_question_marks == false}
|
215
|
-
|
216
|
-
#{if @trailing_question_mark == false
|
217
|
-
'if ($q ~ \?+$) { set $q \'\'; set $r 1; }'
|
218
|
-
elsif @trailing_question_mark == true
|
219
|
-
'if ($q !~ .) { set $q ?; set $r 1; }'
|
220
|
-
end}
|
221
|
-
#{if @trailing_slash == false
|
222
|
-
'if ($u ~ (.+?)/+$) { set $u $1; set $r 1; }'
|
223
|
-
elsif @trailing_slash == true
|
224
|
-
'if ($u ~ [^/]$) { set $u $u/; set $r 1; }'
|
225
|
-
end}
|
226
|
-
|
227
|
-
set $mr $request_method$r;
|
228
|
-
|
229
|
-
if ($mr ~ ^(GET|HEAD)1$) { return 301 $s://$h$p$u$q; }
|
230
|
-
if ($mr ~ 1$) { return 308 $s://$h$p$u$q; }
|
231
|
-
""".strip.gsub(/^ +/, '').gsub(/\n{3,}/, "\n\n"),
|
232
|
-
|
233
|
-
'proxy_pass' => "http://#{@host}",
|
234
|
-
'proxy_redirect' => 'off',
|
235
|
-
'proxy_set_header' => {
|
157
|
+
'server' => Util.deep_merge(
|
158
|
+
{
|
159
|
+
'charset' => 'UTF-8',
|
160
|
+
'access_log' => File.join(@dir, 'nginx-access.log'),
|
161
|
+
'error_log' => File.join(@dir, 'nginx-error.log'),
|
162
|
+
|
163
|
+
'listen' => {
|
164
|
+
repeat: true,
|
165
|
+
'8080' => true,
|
166
|
+
'[::]:8080' => true,
|
167
|
+
'4433 ssl http2' => @ssl ? true : nil,
|
168
|
+
'[::]:4433 ssl http2' => @ssl ? true : nil,
|
169
|
+
},
|
170
|
+
'server_name' => (@hosts + @subdomains).join(' '),
|
171
|
+
|
172
|
+
'gzip' => 'on',
|
173
|
+
'gzip_types' => 'application/javascript application/json application/xml text/css '\
|
174
|
+
'text/javascript text/plain',
|
175
|
+
|
176
|
+
'add_header' => {
|
236
177
|
repeat: true,
|
237
|
-
'
|
238
|
-
'X-
|
239
|
-
'X-
|
240
|
-
'X-
|
241
|
-
|
178
|
+
'Referrer-Policy' => '\'same-origin\' always',
|
179
|
+
'X-Frame-Options' => '\'DENY\' always',
|
180
|
+
'X-XSS-Protection' => '\'1; mode=block\' always',
|
181
|
+
'X-Content-Type-Options' => '\'nosniff\' always',
|
182
|
+
},
|
183
|
+
},
|
184
|
+
|
185
|
+
@ssl ? @ssl.config : {},
|
186
|
+
|
187
|
+
{
|
188
|
+
'location /' => {
|
189
|
+
raw: """
|
190
|
+
if ($host !~ ^#{hosts_subdomains_regex}$) { return 404; }
|
191
|
+
|
192
|
+
set $r 0;
|
193
|
+
set $s $scheme;
|
194
|
+
set $h $host;
|
195
|
+
set $port #{@ssl ? '443' : '80'};
|
196
|
+
set $p '';
|
197
|
+
set $u '';
|
198
|
+
set $q '';
|
199
|
+
|
200
|
+
#{if @www.nil? && @one_host == false
|
201
|
+
nil
|
202
|
+
elsif @www.nil? && @one_host == true
|
203
|
+
"if ($host !~ ^(www.)?#{host_subdomains_regex}$) { set $h $1#{@host}; set $r 1; }"
|
204
|
+
elsif @www == false && @one_host == false
|
205
|
+
"if ($host ~ ^www.(.+)$) { set $h $1; set $r 1; }"
|
206
|
+
elsif @www == false && @one_host == true
|
207
|
+
"if ($host !~ ^#{host_subdomains_regex}$) { set $h #{@host}; set $r 1; }"
|
208
|
+
elsif @www == true && @one_host == false
|
209
|
+
"if ($host !~ ^www.(.+)$) { set $h $1; set $r 1; }"
|
210
|
+
elsif @www == true && @one_host == true
|
211
|
+
"if ($host !~ ^www.#{host_subdomains_regex}$) { set $h www.#{@host}; set $r 1; }"
|
212
|
+
end}
|
213
|
+
|
214
|
+
if ($scheme = #{@other_scheme}) { set $s #{@scheme}; set $r 1; }
|
215
|
+
if ($http_host ~ :([0-9]+)$) { set $p :$1; set $port $1; }
|
216
|
+
if ($request_uri ~ ^([^\\?]+)(\\?+.*)?$) { set $u $1; set $q $2; }
|
217
|
+
|
218
|
+
#{'if ($u ~ //) { set $u $uri; set $r 1; }' if @multiple_slashes == false}
|
219
|
+
#{'if ($q ~ ^\?\?+(.*)$) { set $q ?$1; set $r 1; }' if @multiple_question_marks == false}
|
220
|
+
|
221
|
+
#{if @trailing_question_mark == false
|
222
|
+
'if ($q ~ \?+$) { set $q \'\'; set $r 1; }'
|
223
|
+
elsif @trailing_question_mark == true
|
224
|
+
'if ($q !~ .) { set $q ?; set $r 1; }'
|
225
|
+
end}
|
226
|
+
#{if @trailing_slash == false
|
227
|
+
'if ($u ~ (.+?)/+$) { set $u $1; set $r 1; }'
|
228
|
+
elsif @trailing_slash == true
|
229
|
+
'if ($u ~ [^/]$) { set $u $u/; set $r 1; }'
|
230
|
+
end}
|
231
|
+
|
232
|
+
set $mr $request_method$r;
|
233
|
+
|
234
|
+
if ($mr ~ ^(GET|HEAD)1$) { return 301 $s://$h$p$u$q; }
|
235
|
+
if ($mr ~ 1$) { return 308 $s://$h$p$u$q; }
|
236
|
+
""".strip.gsub(/^ +/, '').gsub(/\n{3,}/, "\n\n"),
|
237
|
+
|
238
|
+
'proxy_pass' => "http://#{@host}",
|
239
|
+
'proxy_redirect' => 'off',
|
240
|
+
'proxy_set_header' => {
|
241
|
+
repeat: true,
|
242
|
+
'Host' => '$http_host',
|
243
|
+
'X-Real-IP' => '$remote_addr',
|
244
|
+
'X-Forwarded-For' => '$proxy_add_x_forwarded_for',
|
245
|
+
'X-Forwarded-Proto' => @ssl ? 'https' : 'http',
|
246
|
+
'X-Forwarded-Port' => '$port',
|
247
|
+
},
|
242
248
|
},
|
243
249
|
},
|
244
|
-
),
|
245
|
-
}
|
246
250
|
|
247
|
-
|
251
|
+
@additional_config,
|
252
|
+
)
|
253
|
+
}
|
248
254
|
|
249
255
|
config
|
250
256
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: potluck-nginx
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.5
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Nate Pickens
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-12-
|
11
|
+
date: 2021-12-31 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: potluck
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.0.
|
19
|
+
version: 0.0.5
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.0.
|
26
|
+
version: 0.0.5
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: bundler
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|