fix: add http-passthrough for non-acme domains

2025-12-06 05:41:35 +01:00 · 2024-05-21 19:00:05 +00:00
parent ba86d5c482
commit fd61f28cd5
2 changed files with 22 additions and 4 deletions
--- a/templates/nginx_server_block.conf.j2
+++ b/templates/nginx_server_block.conf.j2
@@ -1,3 +1,4 @@
+{% if terminate_ssl %}
 server{

    # {{ comment }}
@@ -49,8 +50,8 @@ server{
        {% endif %}
    }
 }
+{% endif %}

-{% if acme %}
 server{

    # {{ comment }}
@@ -58,11 +59,23 @@ server{
    listen 80;
    listen [::]:80;

+    {% if include_subdomains %}
+        {% if servernames %}
+            server_name{% for s in servernames %} ~^.*{{ s.replace(".","\\.") }}{% endfor %};
+        {% endif %}
+    {% else %}
    {% if servernames %}server_name{% for s in servernames %} {{ s }}{% endfor %};{% endif %}
+    {% endif %}


+    {% if acme %}
    include acme-challenge.conf;
    return 301 https://$host$request_uri;
+    {% else %}
+    location / {
+        {{ proxy_pass_blob }}
+        proxy_pass http://{{ targetip }}:80;
+    }
+    {% endif %}

 }
-{% endif %}
--- a/vm.py
+++ b/vm.py
@@ -131,7 +131,6 @@ class VM:

            if subdomain.get("no-terminate-ssl"):
                print("Not terminating TLS for: {}".format(subdomain))
-                continue

            if type(subdomain) != dict:
                raise ValueError("Subdomain must be object containing 'name' ")
@@ -150,11 +149,17 @@ class VM:

            cert_non_optional = subdomain.get("cert-non-optional") or False

+            if subdomain.get("include-subdomains") and not subdomain.get("no-terminate-ssl"):
+                raise ValueError("Wildcard Subdomain not supported with SSL Termination")
+
            component = template.render(targetip=self.ip, targetport=targetport, 
                            servernames=[subdomain["name"]], comment=compositeName,
-                            proxy_pass_blob=self.proxy_pass_blob, acme=not self.noTerminateACME,
+                            proxy_pass_blob=self.proxy_pass_blob,
+                            acme=not self.noTerminateACME,
+                            terminate_ssl=not subdomain.get("no-terminate-ssl"),
                            basicauth=subdomain.get("basicauth"),
                            extra_location=subdomain.get("extra-location"),
+                            include_subdomains=subdomain.get("include-subdomains"),
                            cert_optional=cert_optional,
                            cert_non_optional=cert_non_optional,
                            cert_header_line=header_line)