From fd61f28cd5b50e737c5b97635a8e77e7ad656a0e Mon Sep 17 00:00:00 2001
From: Sheppy <sheppy@atlantishq.de>
Date: Tue, 21 May 2024 19:00:05 +0000
Subject: [PATCH] fix: add http-passthrough for non-acme domains

---
 templates/nginx_server_block.conf.j2 | 17 +++++++++++++++--
 vm.py                                |  9 +++++++--
 2 files changed, 22 insertions(+), 4 deletions(-)

diff --git a/templates/nginx_server_block.conf.j2 b/templates/nginx_server_block.conf.j2
index b023785..3c5ffbb 100644
--- a/templates/nginx_server_block.conf.j2
+++ b/templates/nginx_server_block.conf.j2
@@ -1,3 +1,4 @@
+{% if terminate_ssl %}
 server{
 
     # {{ comment }}
@@ -49,8 +50,8 @@ server{
         {% endif %}
     }
 }
+{% endif %}
 
-{% if acme %}
 server{
 
     # {{ comment }}
@@ -58,11 +59,23 @@ server{
     listen 80;
     listen [::]:80;
 
+    {% if include_subdomains %}
+        {% if servernames %}
+            server_name{% for s in servernames %} ~^.*{{ s.replace(".","\\.") }}{% endfor %};
+        {% endif %}
+    {% else %}
     {% if servernames %}server_name{% for s in servernames %} {{ s }}{% endfor %};{% endif %}
+    {% endif %}
 
 
+    {% if acme %}
     include acme-challenge.conf;
     return 301 https://$host$request_uri;
+    {% else %}
+    location / {
+        {{ proxy_pass_blob }}
+        proxy_pass http://{{ targetip }}:80;
+    }
+    {% endif %}
 
 }
-{% endif %}
diff --git a/vm.py b/vm.py
index 49b512a..2e6ec07 100644
--- a/vm.py
+++ b/vm.py
@@ -131,7 +131,6 @@ class VM:
 
             if subdomain.get("no-terminate-ssl"):
                 print("Not terminating TLS for: {}".format(subdomain))
-                continue
 
             if type(subdomain) != dict:
                 raise ValueError("Subdomain must be object containing 'name' ")
@@ -150,11 +149,17 @@ class VM:
 
             cert_non_optional = subdomain.get("cert-non-optional") or False
 
+            if subdomain.get("include-subdomains") and not subdomain.get("no-terminate-ssl"):
+                raise ValueError("Wildcard Subdomain not supported with SSL Termination")
+
             component = template.render(targetip=self.ip, targetport=targetport, 
                             servernames=[subdomain["name"]], comment=compositeName,
-                            proxy_pass_blob=self.proxy_pass_blob, acme=not self.noTerminateACME,
+                            proxy_pass_blob=self.proxy_pass_blob,
+                            acme=not self.noTerminateACME,
+                            terminate_ssl=not subdomain.get("no-terminate-ssl"),
                             basicauth=subdomain.get("basicauth"),
                             extra_location=subdomain.get("extra-location"),
+                            include_subdomains=subdomain.get("include-subdomains"),
                             cert_optional=cert_optional,
                             cert_non_optional=cert_non_optional,
                             cert_header_line=header_line)