3 server_name <%=$domain%>;
7 fastcgi_param QUERY_STRING $query_string;
8 fastcgi_param REQUEST_METHOD $request_method;
9 fastcgi_param CONTENT_TYPE $content_type;
10 fastcgi_param CONTENT_LENGTH $content_length;
11 fastcgi_param REQUEST_URI $request_uri;
12 fastcgi_param PATH_INFO $document_uri;
13 fastcgi_param REMOTE_ADDR $remote_addr;
14 fastcgi_param REMOTE_PORT $remote_port;
15 fastcgi_param SERVER_NAME $host;
16 fastcgi_param SERVER_PORT '80';
17 fastcgi_param SERVER_PROTOCOL 'http';
18 fastcgi_param USER_ROLES 'anonymous/void:*';
19 fastcgi_pass <%=$socket%>;
21 location ~* /.well-known/someca-challenge/.* {
25 <%=inline_epp(file('motion/user_map.epp', 'motion/user_map.template.epp'), {container => $container})%>
26 log_format <%=$container%>-cert '$date_gmt $ssl_client_serial:$ssl_client_i_dn;$<%=$container%>_user_role';
28 listen 0.0.0.0:443 ssl;
29 server_name <%=$domain%>;
31 ssl_certificate <%=$cert_stem%>.crt;
32 ssl_certificate_key <%=$cert_stem%>.key;
34 ssl_client_certificate /etc/ssl/<%=$container%>-roots.pem;
37 access_log /tmp/<%=$container%>-certs.log <%=$container%>-cert;
40 fastcgi_param QUERY_STRING $query_string;
41 fastcgi_param REQUEST_METHOD $request_method;
42 fastcgi_param CONTENT_TYPE $content_type;
43 fastcgi_param CONTENT_LENGTH $content_length;
44 fastcgi_param REQUEST_URI $request_uri;
45 fastcgi_param PATH_INFO $document_uri;
46 fastcgi_param REMOTE_ADDR $remote_addr;
47 fastcgi_param REMOTE_PORT $remote_port;
48 fastcgi_param SERVER_NAME $host;
49 fastcgi_param SERVER_PORT '443';
50 fastcgi_param SERVER_PROTOCOL 'https';
51 fastcgi_param USER_ROLES $<%=$container%>_user_role;
52 fastcgi_pass <%=$socket%>;
54 <% if($protected != 'no') { %>
55 auth_basic "closed site";
56 auth_basic_user_file /etc/nginx/access.txt;
59 location ~* /.well-known/someca-challenge/.* {
projects / infra.git / blob