sheppy/athq-vm-management
1
0
Fork 0
mirror of https://github.com/FAUSheppy/athq-vm-management synced 2026-04-26 14:02:28 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

feat: support multi stream map & better errors

Browse Source
This commit is contained in:
Johnathen Sheppard
2026-03-21 22:26:58 +00:00
parent 1dc46606a0
commit e79b8de175
2 changed files with 16 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
nginx.py
View File

@@ -34,8 +34,10 @@ def dump_config(vmList, masterAddress):
for vmo in vmList:
relevant_subdomains = filter(lambda x: x.get("no-terminate-ssl"), vmo.subdomains)
for s in relevant_subdomains:
# print(s, "ssl_target_port", s.get("ssl_target_port"))
# build the map contents #
if s.get("include-subdomains"):
match = "~.*{}".format(s.get("name"))
else:
@@ -44,6 +46,14 @@ def dump_config(vmList, masterAddress):
geo_restriction = s.get("network-restriction")
if geo_restriction:
network_restrictions.update({ match: geo_restriction })
with open("templates/nginx_stream_ssl_map.conf.j2") as test:
test_string = f"geo ${geo_restriction}"
if test_string not in test.read():
msg = f"{test_string} not defined in stream map."
msg += "\nYou need to define it in "
msg += "'templates/nginx_stream_ssl_map.conf.j2' first.\n"
msg += "See geo \"$priviledged_networks {{...}}\" as an example"
raise ValueError(msg)
ssl_target_port = s.get("ssl_target_port") or 443

6
templates/nginx_stream_ssl_map.conf.j2
View File

@@ -32,10 +32,16 @@ map $block_connection $proxy_target {
map $ssl_preread_server_name $is_restricted {
default 0;
{% for pattern, selected_network in network_restrictions.items() %}
{{ pattern }} 1;
{% endfor %}
~^immich-ml\.services\.atlantishq\.de$ 1;
}
map $ssl_preread_server_name $selected_network {
{% for pattern, selected_network in network_restrictions.items() %}
{{ pattern }} ${{ selected_network}};
{% endfor %}
~^immich-ml\.services\.atlantishq\.de$ $priviledged_networks;
}