diff --git a/templates/nginx_server_block.conf.j2 b/templates/nginx_server_block.conf.j2 index 7b90b37..7c19562 100644 --- a/templates/nginx_server_block.conf.j2 +++ b/templates/nginx_server_block.conf.j2 @@ -2,7 +2,7 @@ server{ # {{ comment }} - + listen 10443 ssl; listen [::]:10443 ssl; @@ -25,7 +25,7 @@ server{ {% endif %} ssl_verify_depth 1; {% endif %} - + {% if extra_location and not extra_location["location"] == "/" %} location {{ extra_location["location"] }} { {{ extra_location["content"] }} @@ -36,26 +36,34 @@ server{ } {% endif %} - location / { + {% if remote_url %} + location / { + proxy_pass {{ remote_url }}; + proxy_ssl_server_name on; + proxy_set_header Host $proxy_host; + } + {% else %} + location / { proxy_pass http://{{ targetip }}:{{ targetport }}; proxy_set_header Host $http_host; {% if extra_location["location"] == "/" %} {{ extra_location["content"] }} {% endif %} - {{ proxy_pass_blob }} {{ cert_header_line }} + {{ proxy_pass_blob }} {% if basicauth %} auth_basic "{{ basicauth }}"; auth_basic_user_file /etc/nginx/{{ basicauth }}.htpasswd; {% endif %} } + {% endif %} } {% endif %} server{ # {{ comment }} - + listen 80; listen [::]:80; diff --git a/vm.py b/vm.py index e8f6ee8..18cd3ef 100644 --- a/vm.py +++ b/vm.py @@ -172,10 +172,14 @@ class VM: print(json.dumps(subdomain, indent=2)) raise ValueError("'port' is not allowed with no-terminate-ssl subdomain, use http_target_port and ssl_target_port") + if "port" in subdomain and "remote_url" in subdomain: + raise ValueError("'port' is unsupported with 'remote_url', remote_url must container scheme://host:port all in one") + component = template.render(targetip=self.ip, targetport=targetport, servernames=[subdomain["name"]], comment=compositeName, proxy_pass_blob=self.proxy_pass_blob, acme=not self.noTerminateACME, + remote_url=subdomain.get("remote_url"), terminate_ssl=not subdomain.get("no-terminate-ssl"), basicauth=subdomain.get("basicauth"), extra_location=subdomain.get("extra-location"),