wmantly/vpn-p2p
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

removed chef vendor

Browse Source
This commit is contained in:
William Mantly
2020-04-11 22:44:33 -04:00
parent 94b21f7d4c
commit d39c423da0
33 changed files with 219 additions and 826 deletions
Download Patch File Download Diff File Expand all files Collapse all files

128
ops/cookbooks/vendor/t42-common/templates/openresty/010-proxy.conf.erb vendored
View File

@ -1,77 +1,93 @@
map $http_upgrade $connection_upgrade {
default Upgrade;
'' close;
}
server {
listen 80;
listen 443 ssl;
include autossl.conf;
set_real_ip_from 192.168.1.0/24;
real_ip_header X-Real-IP;
real_ip_recursive on;
location / {
set $target '';
set $target_scheme 'http';
set $target_port '';
access_by_lua '
local host = ngx.var.host
local uri = ngx.var.uri
local scheme = ngx.var.scheme
set $target '';
set $target_scheme 'http';
set $target_port '';
set $header_host $host;
if not host then
ngx.log(ngx.ERR, "no host header found")
return ngx.exit(499)
end
access_by_lua '
local host = ngx.var.host
local uri = ngx.var.uri
local scheme = ngx.var.scheme
local redis = require "resty.redis"
local red = redis:new()
if not host then
ngx.log(ngx.ERR, "no host header found")
return ngx.exit(499)
end
red:set_timeout(1000) -- 1 second
local redis = require "resty.redis"
local red = redis:new()
local ok, err = red:connect("127.0.0.1", 6379)
if not ok then
ngx.log(ngx.ERR, "failed to connect to redis: ", err)
return ngx.exit(598)
end
red:set_timeout(1000) -- 1 second
local res, err = red:hgetall("proxy_host_"..host)
local res = red:array_to_hash(res)
local ok, err = red:connect("127.0.0.1", 6379)
if not ok then
ngx.log(ngx.ERR, "failed to connect to redis: ", err)
return ngx.exit(598)
end
if not res["ip"] then
ngx.log(ngx.ERR, "no host found for key ", host)
return ngx.exit(406)
end
local res, err = red:hgetall("proxy_host_"..host)
local res = red:array_to_hash(res)
if scheme == "http" then
if res["forcessl"] == "true" then
return ngx.redirect("https://"..host..uri, 301)
end
end
if not res["ip"] then
ngx.log(ngx.ERR, "no host found for key ", host)
return ngx.exit(406)
end
if res["targetssl"] == "true" then
ngx.var.target_scheme = "https"
end
ngx.var.target = res["ip"]
ngx.var.target_port = res["targetPort"]
';
if scheme == "http" then
if res["forcessl"] == "true" then
return ngx.redirect("https://"..host..uri, 301)
end
end
if res["targetssl"] == "true" then
ngx.var.target_scheme = "https"
end
if res["host-pass-though"] == "false" then
ngx.var.header_host = res["ip"]
end
ngx.var.target = res["ip"]
ngx.var.target_port = res["targetPort"]
';
resolver 10.0.3.1; #8.8.4.4; # use Google's open DNS server
proxy_set_header Host $target;
proxy_set_header X-Forwarded-Proto $target_scheme;
proxy_set_header Upgrade-Insecure-Requests 0;
proxy_set_header User-Agent $http_user_agent;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Accept-Encoding "";
proxy_set_header Accept-Language $http_accept_language;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Referer $target_scheme://$target;
resolver 192.168.1.1 ipv6=off; #8.8.4.4; # use Google's open DNS server
proxy_pass $target_scheme://$target:$target_port;
proxy_ssl_session_reuse on;
proxy_pass_request_headers on;
proxy_intercept_errors on;
proxy_http_version 1.1;
proxy_pass_request_headers on;
proxy_pass $target_scheme://$target:$target_port;
sub_filter $target $host;
sub_filter_once off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_ssl_session_reuse on;
proxy_intercept_errors off;
proxy_set_header Host $header_host;
add_header X-Target-Host $target;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $target_scheme;
proxy_set_header Referer $target_scheme://$header_host;
proxy_set_header Accept-Language $http_accept_language;
proxy_set_header User-Agent $http_user_agent;
sub_filter $target $host;
sub_filter_once off;
}
}

24
ops/cookbooks/vendor/t42-common/templates/openresty/autossl.conf.erb vendored
View File

@ -1,17 +1,19 @@
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
listen 443 ssl http2;
listen 4443 ssl;
ssl_certificate_by_lua_block {
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_certificate_by_lua_block {
auto_ssl:ssl_certificate()
}
}
location /.well-known/acme-challenge/ {
location /.well-known/acme-challenge/ {
content_by_lua_block {
auto_ssl:challenge_server()
auto_ssl:challenge_server()
}
}
}
ssl_certificate /etc/ssl/resty-auto-ssl-fallback.crt;
ssl_certificate_key /etc/ssl/resty-auto-ssl-fallback.key;
ssl_certificate /etc/ssl/resty-auto-ssl-fallback.crt;
ssl_certificate_key /etc/ssl/resty-auto-ssl-fallback.key;

3
ops/cookbooks/vendor/t42-common/templates/openresty/simple-proxy.conf.erb vendored
View File

@ -1,8 +1,5 @@
server {
listen 80;
<% if node['web']['do_ssl'] %>
listen 443 ssl;
<% end %>
server_name <%= node['app']['domain'] %>;
<% if node['web']['do_ssl'] %>