61 lines
1.6 KiB
Python
61 lines
1.6 KiB
Python
# -*- mode: python; encoding: utf-8 -*-
|
|
|
|
info["owner"] = "root"
|
|
info["group"] = "root"
|
|
info["mode"] = 0644
|
|
|
|
comment_start = "#"
|
|
|
|
import gestion.secrets_new as secrets_new
|
|
|
|
base = """
|
|
root /var/www/;
|
|
index index.html index.htm;
|
|
|
|
server_name tv.crans.org;
|
|
location /sap.txt {
|
|
alias /var/www/sap.txt;
|
|
}
|
|
location /images/{
|
|
autoindex on;
|
|
try_files $uri $uri/ =404;
|
|
}
|
|
location / {
|
|
try_files $uri $uri/ %s;
|
|
rewrite ^/$ https://intranet2.crans.org/tv/;
|
|
}
|
|
""" % "@404" if has("icecast") else "=404"
|
|
|
|
icecast = """location @404 {
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Auth %s;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_pass http://127.0.0.1:8000;
|
|
}
|
|
""" % secrets_new.get('icecast-token')
|
|
|
|
if has("icecast"):
|
|
body = "%s\n %s" % (base, icecast)
|
|
else:
|
|
body = base
|
|
|
|
out("""server {
|
|
listen 80; ## listen for ipv4; this line is default and implied
|
|
listen [::]:80 default_server ipv6only=on; ## listen for ipv6%s
|
|
|
|
}""" % (body,))
|
|
|
|
|
|
out("""# HTTPS server
|
|
#
|
|
server {
|
|
listen 443;
|
|
listen [::]:443 default_server ipv6only=on;
|
|
|
|
ssl on;
|
|
ssl_certificate /etc/ssl/crans/cochon.ferme.crans.org/xid=33/cert_chain.pem;
|
|
ssl_certificate_key /etc/ssl/crans/cochon.ferme.crans.org/xid=33/key.pem;
|
|
|
|
ssl_session_timeout 5m;%s
|
|
}""" % (body,))
|