Merge 458cccd854 into 9cdb8047bf

README.md

@@ -174,8 +174,25 @@ If you would like to connect to FastCGI backend, set `VIRTUAL_PROTO=fastcgi` on
  
 ### FastCGI File Root Directory
 
-If you use fastcgi,you can set `VIRTUAL_ROOT=xxx`  for your root directory
+If you use fastcgi, you can set `VIRTUAL_ROOT=xxx` for your root directory
 
+### Sending only certain files upstream
+
+You can set `UPSTREAM_REGEXES=xxx` to only send certain requests upstream.
+The rest of the files will be served locally. If you want to send multiple
+regexes upstream, separate them like this: `UPSTREAM_REGEXES=/en|.*\.php|.*\.php5`
+
+Above example will send example.com/en and all .php and .php5 files upstream.
+
+When doing this, make sure the VIRTUAL_ROOT is also available to this container.
+The easiest way to do this is defining the VOLUME in your upstream container and
+using
+[volumes_from](https://docs.docker.com/compose/compose-file/compose-file-v2/#volumes_from)
+or equivalent.
+
+You likely also want to set `INDEX=xxx` to send non-matching URLs upstream. For
+example, think of an url like /user/login, which won't resolve to a local file,
+but which the upstream fastcgi will understand: `INDEX=index.php`.
 
 ### Default Host
 

nginx.tmpl

@@ -242,6 +242,11 @@ upstream {{ $upstream_name }} {
 {{/* Get the VIRTUAL_ROOT By containers w/ use fastcgi root */}}
 {{ $vhost_root := or (first (groupByKeys $containers "Env.VIRTUAL_ROOT")) "/var/www/public" }}
 
+{{/* Which regexes when matching to send upstream when using fastcgi. If not defined, send everything upstream. Make sure the VIRTUAL_ROOT is available to this container when using this */}}
+{{ $vhost_upstream_regexes := trim (or (first (groupByKeys $containers "Env.UPSTREAM_REGEXES")) "") }}
+
+{{/* Which filename to use as index file */}}
+{{ $vhost_index := or (first (groupByKeys $containers "Env.INDEX")) "" }}
 
 {{/* Get the first cert name defined by containers w/ the same vhost */}}
 {{ $certName := (first (groupByKeys $containers "Env.CERT_NAME")) }}
@@ -337,13 +342,17 @@ server {
 	include /etc/nginx/vhost.d/default;
 	{{ end }}
 
-	location / {
+	{{ if $vhost_upstream_regexes }}
+	root {{ trim $vhost_root }};
+	location ~* "^({{ $vhost_upstream_regexes }})$" {
 		{{ if eq $proto "uwsgi" }}
 		include uwsgi_params;
 		uwsgi_pass {{ trim $proto }}://{{ trim $upstream_name }};
 		{{ else if eq $proto "fastcgi" }}
-		root   {{ trim $vhost_root }};
 		include fastcgi_params;
+		{{ if $vhost_index }}
+		fastcgi_param SCRIPT_FILENAME $document_root/{{ $vhost_index }};
+		{{ end }}
 		fastcgi_pass {{ trim $upstream_name }};
 		{{ else if eq $proto "grpc" }}
 		grpc_pass {{ trim $proto }}://{{ trim $upstream_name }};
@@ -351,6 +360,36 @@ server {
 		proxy_pass {{ trim $proto }}://{{ trim $upstream_name }};
 		{{ end }}
 
+		{{ if (exists (printf "/etc/nginx/htpasswd/%s" $host)) }}
+		auth_basic	"Restricted {{ $host }}";
+		auth_basic_user_file	{{ (printf "/etc/nginx/htpasswd/%s" $host) }};
+		{{ end }}
+		{{ if (exists (printf "/etc/nginx/vhost.d/%s_location" $host)) }}
+		include {{ printf "/etc/nginx/vhost.d/%s_location" $host}};
+		{{ else if (exists "/etc/nginx/vhost.d/default_location") }}
+		include /etc/nginx/vhost.d/default_location;
+		{{ end }}
+	}
+	{{ end }}
+	location / {
+		{{ if not $vhost_upstream_regexes }}
+			{{ if eq $proto "uwsgi" }}
+			include uwsgi_params;
+			uwsgi_pass {{ trim $proto }}://{{ trim $upstream_name }};
+			{{ else if eq $proto "fastcgi" }}
+			include fastcgi_params;
+			{{ if $vhost_index }}
+			fastcgi_param SCRIPT_FILENAME $document_root/{{ $vhost_index }};
+			{{ end }}
+			fastcgi_pass {{ trim $upstream_name }};
+			{{ else }}
+			proxy_pass {{ trim $proto }}://{{ trim $upstream_name }};
+			{{ end }}
+		{{ else if $vhost_index }}
+			index {{ $vhost_index }};
+			try_files $uri $uri/ /{{ $vhost_index }}?$query_string;
+		{{ end }}
+
 		{{ if (exists (printf "/etc/nginx/htpasswd/%s" $host)) }}
 		auth_basic	"Restricted {{ $host }}";
 		auth_basic_user_file	{{ (printf "/etc/nginx/htpasswd/%s" $host) }};
@@ -389,19 +428,54 @@ server {
 	include /etc/nginx/vhost.d/default;
 	{{ end }}
 
-	location / {
+	{{ if $vhost_upstream_regexes }}
+	root {{ trim $vhost_root }};
+	location ~* "^({{ $vhost_upstream_regexes }})$" {
 		{{ if eq $proto "uwsgi" }}
 		include uwsgi_params;
 		uwsgi_pass {{ trim $proto }}://{{ trim $upstream_name }};
 		{{ else if eq $proto "fastcgi" }}
-		root   {{ trim $vhost_root }};
 		include fastcgi_params;
+		{{ if $vhost_index }}
+		fastcgi_param SCRIPT_FILENAME $document_root/{{ $vhost_index }};
+		{{ end }}
 		fastcgi_pass {{ trim $upstream_name }};
 		{{ else if eq $proto "grpc" }}
 		grpc_pass {{ trim $proto }}://{{ trim $upstream_name }};
 		{{ else }}
 		proxy_pass {{ trim $proto }}://{{ trim $upstream_name }};
 		{{ end }}
+
+		{{ if (exists (printf "/etc/nginx/htpasswd/%s" $host)) }}
+		auth_basic	"Restricted {{ $host }}";
+		auth_basic_user_file	{{ (printf "/etc/nginx/htpasswd/%s" $host) }};
+		{{ end }}
+		{{ if (exists (printf "/etc/nginx/vhost.d/%s_location" $host)) }}
+		include {{ printf "/etc/nginx/vhost.d/%s_location" $host}};
+		{{ else if (exists "/etc/nginx/vhost.d/default_location") }}
+		include /etc/nginx/vhost.d/default_location;
+		{{ end }}
+	}
+	{{ end }}
+	location / {
+		{{ if not $vhost_upstream_regexes }}
+			{{ if eq $proto "uwsgi" }}
+			include uwsgi_params;
+			uwsgi_pass {{ trim $proto }}://{{ trim $upstream_name }};
+			{{ else if eq $proto "fastcgi" }}
+			include fastcgi_params;
+			{{ if $vhost_index }}
+			fastcgi_param SCRIPT_FILENAME $document_root/{{ $vhost_index }};
+			{{ end }}
+			fastcgi_pass {{ trim $upstream_name }};
+			{{ else }}
+			proxy_pass {{ trim $proto }}://{{ trim $upstream_name }};
+			{{ end }}
+		{{ else if $vhost_index }}
+			index {{ $vhost_index }};
+			try_files $uri $uri/ /{{ $vhost_index }}?$query_string;
+		{{ end }}
+
 		{{ if (exists (printf "/etc/nginx/htpasswd/%s" $host)) }}
 		auth_basic	"Restricted {{ $host }}";
 		auth_basic_user_file	{{ (printf "/etc/nginx/htpasswd/%s" $host) }};