diff options
| author | mia <mia@mia.jetzt> | 2024-11-23 18:52:51 -0800 |
|---|---|---|
| committer | mia <mia@mia.jetzt> | 2024-11-23 18:52:51 -0800 |
| commit | 233e2c655cc64627a021c6baabe25e0ab7a4e134 (patch) | |
| tree | 69ac40d2b815f5f28a69598e4c88ea1c41cec0ab /nginx/sync.py | |
| parent | d1522b9a71c08977a00a9e0ed03048509e91e4bf (diff) | |
| download | asylum-233e2c655cc64627a021c6baabe25e0ab7a4e134.tar.gz asylum-233e2c655cc64627a021c6baabe25e0ab7a4e134.zip | |
terminate tls on asylum for secure local connections
Diffstat (limited to 'nginx/sync.py')
| -rw-r--r-- | nginx/sync.py | 22 |
1 files changed, 21 insertions, 1 deletions
diff --git a/nginx/sync.py b/nginx/sync.py index 9d81a39..2b36c2c 100644 --- a/nginx/sync.py +++ b/nginx/sync.py @@ -1,9 +1,11 @@ import re +from commia.bearer import get_key, keys from commia.prelude import * from commia.ssh import scp, ssh_args, ssh_prewarm from commia.util import with_written +ssh_prewarm("asylum", "secrets@bearer") spacing_pattern = re.compile(r"([;,{}])$") handoff = Path("nginx/handoff.html").read_text().splitlines() @@ -39,14 +41,32 @@ auth_locations = ( }""" ) +proxy = ( + """proxy_http_version 1.1; + proxy_redirect off; + proxy_set_header Host $http_host; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade;""" +) + +domains = get_key(keys.domains).splitlines() +terminate_tmpl = Path("nginx/terminate.conf").read_text() +terminate = [] +for domain in domains: + terminate.append(terminate_tmpl.replace("%HOST%", domain)) +terminate_indented = "\n".join( + map(lambda line: f"\t{line}", "\n".join(terminate).splitlines()) +).strip() + nginx_conf = ( Path("nginx/nginx.conf") .read_text() .replace("%AUTH_CHECK%", auth_check) .replace("%AUTH_LOCATIONS%", auth_locations) + .replace("%PROXY%", proxy) + .replace("%TERMINATE%", terminate_indented) ) -ssh_prewarm("asylum", "secrets@bearer") with_written( nginx_conf, lambda path: scp(path, "asylum:/etc/nginx/nginx.conf"), |