entrouvert
/
publik-devinst
16
0
Fork 0
Code Issues Pull Requests 2 Releases Activity

sanitize nginx templates inheritance (#58346)
gitea/publik-devinst/pipeline/head This commit looks good Details

This commit is contained in:
Emmanuel Cazenave 2023-03-14 16:41:32 +01:00
parent 5c3db6a691
commit 631c0ca59a
14 changed files with 53 additions and 73 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
roles/authentic/vars/main.yml
View File

@ -4,7 +4,7 @@ compile_translations: true
db_name: "{{apps['authentic']['db_name']}}"
manage_cmd: "{{venv_py3_python}} {{src_dir}}/authentic/manage.py"
nginx_host_pattern: "{{apps['authentic']['nginx_host_pattern']}}"
nginx_template_name: "std-nginx-server.j2"
nginx_template_name: "base-nginx-server.j2"
project_name: "{{apps['authentic']['project_name']}}"
server_port: "{{apps['authentic']['server_port']}}"
settings_env_var: AUTHENTIC2_SETTINGS_FILE

2
roles/bijoe/vars/main.yml
View File

@ -4,7 +4,7 @@ compile_translations: true
db_name: "{{apps['bijoe']['db_name']}}"
manage_cmd: "{{venv_py3_python}} {{src_dir}}/bijoe/manage.py"
nginx_host_pattern: "{{apps['bijoe']['nginx_host_pattern']}}"
nginx_template_name: "std-nginx-server.j2"
nginx_template_name: "base-nginx-server.j2"
project_name: "{{apps['bijoe']['project_name']}}"
server_port: "{{apps['bijoe']['server_port']}}"
settings_env_var: BIJOE_SETTINGS_FILE

2
roles/chrono/vars/main.yml
View File

@ -4,7 +4,7 @@ compile_translations: true
db_name: "{{apps['chrono']['db_name']}}"
manage_cmd: "{{venv_py3_python}} {{src_dir}}/chrono/manage.py"
nginx_host_pattern: "{{apps['chrono']['nginx_host_pattern']}}"
nginx_template_name: "chrono-nginx-server.j2"
nginx_template_name: "base-nginx-server.j2"
project_name: "{{apps['chrono']['project_name']}}"
server_port: "{{apps['chrono']['server_port']}}"
settings_env_var: CHRONO_SETTINGS_FILE

2
roles/fargo/vars/main.yml
View File

@ -4,7 +4,7 @@ compile_translations: true
db_name: "{{apps['fargo']['db_name']}}"
manage_cmd: "{{venv_py3_python}} {{src_dir}}/fargo/manage.py"
nginx_host_pattern: "{{apps['fargo']['nginx_host_pattern']}}"
nginx_template_name: "fargo-nginx-server.j2"
nginx_template_name: "base-nginx-server.j2"
project_name: "{{apps['fargo']['project_name']}}"
server_port: "{{apps['fargo']['server_port']}}"
settings_env_var: FARGO_SETTINGS_FILE

2
roles/hobo/vars/main.yml
View File

@ -4,7 +4,7 @@ compile_translations: true
db_name: "{{apps['hobo']['db_name']}}"
manage_cmd: "{{venv_py3_python}} {{src_dir}}/hobo/manage.py"
nginx_host_pattern: "{{apps['hobo']['nginx_host_pattern']}}"
nginx_template_name: "std-nginx-server.j2"
nginx_template_name: "base-nginx-server.j2"
project_name: "{{apps['hobo']['project_name']}}"
server_port: "{{apps['hobo']['server_port']}}"
settings_env_var: HOBO_SETTINGS_FILE

2
roles/lingo/vars/main.yml
View File

@ -4,7 +4,7 @@ compile_translations: true
db_name: "{{apps['lingo']['db_name']}}"
manage_cmd: "{{venv_py3_python}} {{src_dir}}/lingo/manage.py"
nginx_host_pattern: "{{apps['lingo']['nginx_host_pattern']}}"
nginx_template_name: "std-nginx-server.j2"
nginx_template_name: "base-nginx-server.j2"
project_name: "{{apps['lingo']['project_name']}}"
server_port: "{{apps['lingo']['server_port']}}"
settings_env_var: LINGO_SETTINGS_FILE

20
roles/nginx-setup/templates/base-nginx-server.j2
View File

@ -10,7 +10,25 @@ server {
client_max_body_size 50M;
{% block middle %}{% endblock %}
{% block static %}
location ~ ^/static/(.+)$ {
root /;
try_files {{tenants_dir}}/$host/static/$1
{{tenants_dir}}/$host/theme/static/$1
{{state_dir}}/collectstatic/$1
=404;
add_header Access-Control-Allow-Origin *;
add_header 'Service-Worker-Allowed' '/';
}
{% endblock %}
{% block media %}
location ~ ^/media/(.+)$ {
alias {{tenants_dir}}/$host/media/$1;
}
{% endblock %}
{% block extra %}{% endblock %}
location / {
proxy_pass http://127.0.0.1:{{server_port}};

12
roles/nginx-setup/templates/chrono-nginx-server.j2
View File

@ -1,12 +0,0 @@
{% extends "base-nginx-server.j2" %}
{% block middle %}
location ~ ^/static/(.+)$ {
root /;
try_files {{tenants_dir}}/$host/static/$1
{{tenants_dir}}/$host/theme/static/$1
{{state_dir}}/collectstatic/$1
=404;
add_header Access-Control-Allow-Origin *;
}
{% endblock %}

7
roles/nginx-setup/templates/combo-nginx-server.j2
View File

@ -1,8 +1,6 @@
{% extends "std-nginx-server.j2" %}
{% block middle %}
{{ super() }}
{% extends "base-nginx-server.j2" %}
{% block extra %}
location /livereload {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
@ -12,5 +10,4 @@
location /livereload/ {
proxy_pass http://127.0.0.1:35729/;
}
{% endblock %}

12
roles/nginx-setup/templates/fargo-nginx-server.j2
View File

@ -1,12 +0,0 @@
{% extends "base-nginx-server.j2" %}
{% block middle %}
location ~ ^/static/(.+)$ {
root /;
try_files {{tenants_dir}}/$host/static/$1
{{tenants_dir}}/$host/theme/static/$1
{{state_dir}}/collectstatic/$1
=404;
add_header Access-Control-Allow-Origin *;
}
{% endblock %}

17
roles/nginx-setup/templates/std-nginx-server.j2
View File

@ -1,17 +0,0 @@
{% extends "base-nginx-server.j2" %}
{% block middle %}
location ~ ^/static/(.+)$ {
root /;
try_files {{tenants_dir}}/$host/static/$1
{{tenants_dir}}/$host/theme/static/$1
{{state_dir}}/collectstatic/$1
=404;
add_header Access-Control-Allow-Origin *;
add_header 'Service-Worker-Allowed' '/';
}
location ~ ^/media/(.+)$ {
alias {{tenants_dir}}/$host/media/$1;
}
{% endblock %}

36
roles/nginx-setup/templates/wcs-nginx-server.j2
View File

@ -1,22 +1,32 @@
{% extends "base-nginx-server.j2" %}
{% block middle %}
{% block static %}
location ~ ^/static/(.+)$ {
root /;
try_files {{state_dir}}/tenants/$host/static/$1
{{state_dir}}/tenants/$host/theme/static/$1
try_files {{tenants_dir}}/$host/static/$1
{{tenants_dir}}/$host/theme/static/$1
{{state_dir}}/$host/static/$1
{{state_dir}}/$host/theme/static/$1
{{state_dir}}/collectstatic/$1
=404;
}
}
{% endblock %}
location /static { alias {{state_dir}}/collectstatic/; }
location /qo { alias {{app_src_dir}}/wcs/qommon/static/; }
location /themes {
root /;
try_files {{state_dir}}/$host$uri
{{app_src_dir}}/data/themes/$uri
=404;
}
{% endblock %}
{% block media %}
location ~ ^/media/(.+)$ {
root /;
try_files {{tenants_dir}}/$host/media/$1
{{state_dir}}/$host/media/$1
=404;
}
{% endblock %}
{% block extra %}
location /qo { alias {{app_src_dir}}/wcs/qommon/static/; }
location /themes {
root /;
try_files {{state_dir}}/$host$uri
{{app_src_dir}}/data/themes/$uri
=404;
}
{% endblock %}

8
roles/nginx-setup/templates/welco-nginx-server.j2
View File

@ -1,11 +1,7 @@
{% extends "std-nginx-server.j2" %}
{% block middle %}
{% extends "base-nginx-server.j2" %}
{% block extra %}
location ~ ^/static/pdf/(.+)$ {
alias /usr/share/javascript/pdf/$1; # libjs-pdf
}
{{ super() }}
{% endblock %}

2
roles/passerelle/vars/main.yml
View File

@ -4,7 +4,7 @@ compile_translations: true
db_name: "{{apps['passerelle']['db_name']}}"
manage_cmd: "{{venv_py3_python}} {{src_dir}}/passerelle/manage.py"
nginx_host_pattern: "{{apps['passerelle']['nginx_host_pattern']}}"
nginx_template_name: "std-nginx-server.j2"
nginx_template_name: "base-nginx-server.j2"
project_name: "{{apps['passerelle']['project_name']}}"
server_port: "{{apps['passerelle']['server_port']}}"
settings_env_var: PASSERELLE_SETTINGS_FILE