Merge branch 'oc-main' into hsts_to_serverdef

backend/templates/_access.conf

@@ -0,0 +1,25 @@
+{% if access_list_id > 0 %}
+    {% if access_list.items.length > 0 %}
+    # Authorization
+    auth_basic            "Authorization required";
+    auth_basic_user_file  /data/access/{{ access_list_id }};
+
+    {% if access_list.pass_auth == 0 %}
+    proxy_set_header Authorization "";
+    {% endif %}
+
+    {% endif %}
+
+    # Access Rules: {{ access_list.clients | size }} total
+    {% for client in access_list.clients %}
+    {{client | nginxAccessRule}}
+    {% endfor %}
+    deny all;
+
+    # Access checks must...
+    {% if access_list.satisfy_any == 1 %}
+    satisfy any;
+    {% else %}
+    satisfy all;
+    {% endif %}
+{% endif %}

backend/templates/_location.conf

@@ -6,30 +6,9 @@
     proxy_set_header X-Real-IP		$remote_addr;
     proxy_pass       {{ forward_scheme }}://{{ forward_host }}:{{ forward_port }}{{ forward_path }};
 
-    {% if access_list_id > 0 %}
-    {% if access_list.items.length > 0 %}
-    # Authorization
-    auth_basic            "Authorization required";
-    auth_basic_user_file  /data/access/{{ access_list_id }};
- 
-    {{ access_list.passauth }}
-    {% endif %}
- 
-    # Access Rules
-    {% for client in access_list.clients %}
-    {{- client.rule -}};
-    {% endfor %}deny all;
- 
-    # Access checks must...
-    {% if access_list.satisfy %}
-    {{ access_list.satisfy }};
-    {% endif %}
- 
-    {% endif %}
-
+    {% include "_access.conf" %}
     {% include "_assets.conf" %}
     {% include "_exploits.conf" %}
-
     {% include "_forced_ssl.conf" %}
     {% include "_hsts.conf" %}
 

backend/templates/dead_host.conf

@@ -7,8 +7,9 @@ server {
 {% include "_hsts.conf" %}
 {% include "_forced_ssl.conf" %}
 
-  access_log /data/logs/dead-host-{{ id }}_access.log standard;
-  error_log /data/logs/dead-host-{{ id }}_error.log warn;
+  #disable individual logs
+  #access_log /data/logs/dead-host-{{ id }}_access.log standard;
+  #error_log /data/logs/dead-host-{{ id }}_error.log warn;
 
 {{ advanced_config }}
 
@@ -18,6 +19,8 @@ server {
     return 404;
   }
 {% endif %}
+  # Custom
+  include /data/nginx/custom/server_dead[.]conf;
 
 }
 {% endif %}

backend/templates/proxy_host.conf

@@ -4,6 +4,7 @@
 server {
   set $forward_scheme {{ forward_scheme }};
   set $server         "{{ forward_host }}";
+  set $path           "{{ forward_path }}";
   set $port           {{ forward_port }};
 
 {% include "_listen.conf" %}
@@ -19,37 +20,33 @@ proxy_set_header Connection $http_connection;
 proxy_http_version 1.1;
 {% endif %}
 
-  access_log /data/logs/proxy-host-{{ id }}_access.log proxy;
-  error_log /data/logs/proxy-host-{{ id }}_error.log warn;
+  #disabling individual logs
+  #access_log /data/logs/proxy-host-{{ id }}_access.log proxy;
+  #error_log /data/logs/proxy-host-{{ id }}_error.log warn;
 
 {{ advanced_config }}
 
+  # Proxy!
+  {% if forward_proxy_header == 1 or forward_proxy_header == true %}
+  proxy_set_header Host $host;
+  {% else %}
+  proxy_set_header Host $proxy_host;
+  {% endif %}
+  include conf.d/include/proxy.conf;
+
+  {% if allow_websocket_upgrade == 1 or allow_websocket_upgrade == true %}
+  proxy_set_header Upgrade $http_upgrade;
+  proxy_set_header Connection $http_connection;
+  proxy_http_version 1.1;
+  {% endif %}
+
 {{ locations }}
 
 {% if use_default_location %}
 
   location / {
 
-    {% if access_list_id > 0 %}
-    {% if access_list.items.length > 0 %}
-    # Authorization
-    auth_basic            "Authorization required";
-    auth_basic_user_file  /data/access/{{ access_list_id }};
-
-    {{ access_list.passauth }}
-    {% endif %}
-
-    # Access Rules
-    {% for client in access_list.clients %}
-    {{- client.rule -}};
-    {% endfor %}deny all;
-
-    # Access checks must...
-    {% if access_list.satisfy %}
-    {{ access_list.satisfy }};
-    {% endif %}
-
-    {% endif %}
+{% include "_access.conf" %}
 
     {% if allow_websocket_upgrade == 1 or allow_websocket_upgrade == true %}
     proxy_set_header Upgrade $http_upgrade;
@@ -59,7 +56,8 @@ proxy_http_version 1.1;
 
     # Proxy!
     include conf.d/include/proxy.conf;
-  }
+
+}
 {% endif %}
 
   # Custom

backend/templates/redirection_host.conf

@@ -9,8 +9,9 @@ server {
 {% include "_hsts.conf" %}
 {% include "_forced_ssl.conf" %}
 
-  access_log /data/logs/redirection-host-{{ id }}_access.log standard;
-  error_log /data/logs/redirection-host-{{ id }}_error.log warn;
+  #disabling individual logs
+  #access_log /data/logs/redirection-host-{{ id }}_access.log standard;
+  #error_log /data/logs/redirection-host-{{ id }}_error.log warn;
 
 {{ advanced_config }}