sheppy/athq-vm-management
1
0
Fork 0
mirror of https://github.com/FAUSheppy/athq-vm-management synced 2026-04-26 22:02:29 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

feat: support multi stream map & better errors

Browse Source
This commit is contained in:
Johnathen Sheppard
2026-03-21 22:26:58 +00:00
parent 1dc46606a0
commit e79b8de175
2 changed files with 16 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
nginx.py
View File

@@ -34,8 +34,10 @@ def dump_config(vmList, masterAddress):
for vmo in vmList: for vmo in vmList:
relevant_subdomains = filter(lambda x: x.get("no-terminate-ssl"), vmo.subdomains) relevant_subdomains = filter(lambda x: x.get("no-terminate-ssl"), vmo.subdomains)
for s in relevant_subdomains: for s in relevant_subdomains:
# print(s, "ssl_target_port", s.get("ssl_target_port")) # print(s, "ssl_target_port", s.get("ssl_target_port"))
# build the map contents # # build the map contents #
if s.get("include-subdomains"): if s.get("include-subdomains"):
match = "~.*{}".format(s.get("name")) match = "~.*{}".format(s.get("name"))
else: else:
@@ -44,6 +46,14 @@ def dump_config(vmList, masterAddress):
geo_restriction = s.get("network-restriction") geo_restriction = s.get("network-restriction")
if geo_restriction: if geo_restriction:
network_restrictions.update({ match: geo_restriction }) network_restrictions.update({ match: geo_restriction })
with open("templates/nginx_stream_ssl_map.conf.j2") as test:
test_string = f"geo ${geo_restriction}"
if test_string not in test.read():
msg = f"{test_string} not defined in stream map."
msg += "\nYou need to define it in "
msg += "'templates/nginx_stream_ssl_map.conf.j2' first.\n"
msg += "See geo \"$priviledged_networks {{...}}\" as an example"
raise ValueError(msg)
ssl_target_port = s.get("ssl_target_port") or 443 ssl_target_port = s.get("ssl_target_port") or 443

6
templates/nginx_stream_ssl_map.conf.j2
View File

@@ -32,10 +32,16 @@ map $block_connection $proxy_target {
map $ssl_preread_server_name $is_restricted { map $ssl_preread_server_name $is_restricted {
default 0; default 0;
{% for pattern, selected_network in network_restrictions.items() %}
{{ pattern }} 1;
{% endfor %}
~^immich-ml\.services\.atlantishq\.de$ 1; ~^immich-ml\.services\.atlantishq\.de$ 1;
} }
map $ssl_preread_server_name $selected_network { map $ssl_preread_server_name $selected_network {
{% for pattern, selected_network in network_restrictions.items() %}
{{ pattern }} ${{ selected_network}};
{% endfor %}
~^immich-ml\.services\.atlantishq\.de$ $priviledged_networks; ~^immich-ml\.services\.atlantishq\.de$ $priviledged_networks;
} }