[+] update nginx config

1. allow http only for servers with a flag set; 1.1. by default revert to redirecting to https;
2025-09-03 13:44:24 +03:00 · 2025-09-03 13:44:24 +03:00 · a666658e0b
commit a666658e0b
parent 7f2f0cbda3
2 changed files with 54 additions and 6 deletions
--- a/25
+++ b/25
@ -135,3 +135,28 @@ mypy:
 	. .venv/bin/activate && \
 	mypy --strict --follow-imports silent \
 	$(MYPY_SOURCES)
+
+COMPOSE ?= sudo docker-compose
+
+nginx_config_http:
+	$(COMPOSE) exec app \
+		python3 \
+		d1/nginx_config.py \
+		tmp/cache/forward.nginx.json \
+		/etc/nginx/nginx.conf
+
+nginx_config_https:
+	$(COMPOSE) exec ssl-app \
+		python3 \
+		d1/nginx_config.py ssl \
+		tmp/d1/ssl.nginx.json \
+		/etc/nginx/nginx.conf
+
+nginx_config: nginx_config_https nginx_config_http
+
+nginx_reload_common:
+	$(COMPOSE) exec $(NGINX_SERVICE) nginx -s reload
+
+nginx_reload:
+	make nginx_reload_common NGINX_SERVICE=ssl-app
+	make nginx_reload_common NGINX_SERVICE=app
--- a/d1/nginx_config.py
+++ b/d1/nginx_config.py
@ -348,10 +348,34 @@ server {
        )

    for server in ssl_nginx['servers']:
+        location_proxy_app = r'''
+  location ^~ / {
+    proxy_set_header Host $http_host;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection $connection_upgrade;
+    proxy_redirect off;
+    proxy_buffering off;
+    proxy_http_version 1.1;
+    proxy_pass http://app:80;
+  }
+        '''
+
+        location_forward_ssl = r'''
+  location ~ {
+    #return 444;
+    return 301 https://$host$request_uri;
+  }
+        '''
+
+        if server.get('allow_http') in [True]:
+          http_location = location_proxy_app
+        else:
+          http_location = location_forward_ssl
+
        servers.append(
            r'''
-
-
 server {
  set $t1 $remote_addr;
  if ($http_x_forwarded_for)
@ -368,10 +392,7 @@ server {
    try_files $uri =404;
  }

-  location ~ {
-    #return 444;
-    return 301 https://$host$request_uri;
-  }
+  {http_location}
 }

 server {
@ -411,6 +432,8 @@ server {
                  '{domain_key}', server['domain_key'],
              ).replace(
                  '{ssl_port}', '%d' % ssl_port,
+              ).replace(
+                  '{http_location}', http_location
              )
        )