add: motion system from source

[infra.git] / modules / motion / templates / nginx.epp
diff --git a/modules/motion/templates/nginx.epp b/modules/motion/templates/nginx.epp

new file mode 100644 (file)

index 0000000..36dbfa6
--- /dev/null
+++ b/modules/motion/templates/nginx.epp
@@ -0,0 +1,62 @@
+server {
+    listen       0.0.0.0:80;
+    server_name  <%=$domain%>;
+    gzip         on;
+
+    location / {
+        fastcgi_param  QUERY_STRING       $query_string;
+        fastcgi_param  REQUEST_METHOD     $request_method;
+        fastcgi_param  CONTENT_TYPE       $content_type;
+        fastcgi_param  CONTENT_LENGTH     $content_length;
+        fastcgi_param  REQUEST_URI        $request_uri;
+        fastcgi_param  PATH_INFO          $document_uri;
+        fastcgi_param  REMOTE_ADDR        $remote_addr;
+        fastcgi_param  REMOTE_PORT        $remote_port;
+        fastcgi_param  SERVER_NAME        $host;
+        fastcgi_param  SERVER_PORT        '80';
+        fastcgi_param  SERVER_PROTOCOL    'http';
+        fastcgi_param  USER_ROLES         'anonymous/void:*';
+        fastcgi_pass  <%=$socket%>;
+    }
+    location ~* /.well-known/someca-challenge/.* {
+        root /data/challenge;
+    }
+}
+<%=inline_epp(file('motion/user_map.epp', 'motion/user_map.template.epp'), {container => $container})%>
+log_format <%=$container%>-cert '$date_gmt $ssl_client_serial:$ssl_client_i_dn;$<%=$container%>_user_role';
+server {
+    listen       0.0.0.0:443 ssl;
+    server_name  <%=$domain%>;
+    gzip         on;
+    ssl_certificate <%=$cert_stem%>.crt;
+    ssl_certificate_key <%=$cert_stem%>.key;
+
+    ssl_client_certificate /etc/ssl/<%=$container%>-roots.pem;
+    ssl_verify_client on;
+    ssl_verify_depth 4;
+    access_log /tmp/<%=$container%>-certs.log <%=$container%>-cert;
+
+    location / {
+        fastcgi_param  QUERY_STRING       $query_string;
+        fastcgi_param  REQUEST_METHOD     $request_method;
+        fastcgi_param  CONTENT_TYPE       $content_type;
+        fastcgi_param  CONTENT_LENGTH     $content_length;
+        fastcgi_param  REQUEST_URI        $request_uri;
+        fastcgi_param  PATH_INFO          $document_uri;
+        fastcgi_param  REMOTE_ADDR        $remote_addr;
+        fastcgi_param  REMOTE_PORT        $remote_port;
+        fastcgi_param  SERVER_NAME        $host;
+        fastcgi_param  SERVER_PORT        '443';
+        fastcgi_param  SERVER_PROTOCOL    'https';
+        fastcgi_param  USER_ROLES         $<%=$container%>_user_role;
+        fastcgi_pass  <%=$socket%>;
+
+    <% if($protected != 'no') { %>
+        auth_basic "closed site";
+        auth_basic_user_file /etc/nginx/access.txt;
+        <% } %>
+    }
+    location ~* /.well-known/someca-challenge/.* {
+        root /data/challenge;
+    }
+}