diff --git a/README.md b/README.md index 556cf5c..1c4ee27 100644 --- a/README.md +++ b/README.md @@ -174,8 +174,25 @@ If you would like to connect to FastCGI backend, set `VIRTUAL_PROTO=fastcgi` on ### FastCGI File Root Directory -If you use fastcgi,you can set `VIRTUAL_ROOT=xxx` for your root directory +If you use fastcgi, you can set `VIRTUAL_ROOT=xxx` for your root directory +### Sending only certain files upstream + +You can set `UPSTREAM_REGEXES=xxx` to only send certain requests upstream. +The rest of the files will be served locally. If you want to send multiple +regexes upstream, separate them like this: `UPSTREAM_REGEXES=/en|.*\.php|.*\.php5` + +Above example will send example.com/en and all .php and .php5 files upstream. + +When doing this, make sure the VIRTUAL_ROOT is also available to this container. +The easiest way to do this is defining the VOLUME in your upstream container and +using +[volumes_from](https://docs.docker.com/compose/compose-file/compose-file-v2/#volumes_from) +or equivalent. + +You likely also want to set `INDEX=xxx` to send non-matching URLs upstream. For +example, think of an url like /user/login, which won't resolve to a local file, +but which the upstream fastcgi will understand: `INDEX=index.php`. ### Default Host diff --git a/nginx.tmpl b/nginx.tmpl index 2414633..5d5f3b3 100644 --- a/nginx.tmpl +++ b/nginx.tmpl @@ -242,6 +242,11 @@ upstream {{ $upstream_name }} { {{/* Get the VIRTUAL_ROOT By containers w/ use fastcgi root */}} {{ $vhost_root := or (first (groupByKeys $containers "Env.VIRTUAL_ROOT")) "/var/www/public" }} +{{/* Which regexes when matching to send upstream when using fastcgi. If not defined, send everything upstream. Make sure the VIRTUAL_ROOT is available to this container when using this */}} +{{ $vhost_upstream_regexes := trim (or (first (groupByKeys $containers "Env.UPSTREAM_REGEXES")) "") }} + +{{/* Which filename to use as index file */}} +{{ $vhost_index := or (first (groupByKeys $containers "Env.INDEX")) "" }} {{/* Get the first cert name defined by containers w/ the same vhost */}} {{ $certName := (first (groupByKeys $containers "Env.CERT_NAME")) }} @@ -337,13 +342,17 @@ server { include /etc/nginx/vhost.d/default; {{ end }} - location / { + {{ if $vhost_upstream_regexes }} + root {{ trim $vhost_root }}; + location ~* "^({{ $vhost_upstream_regexes }})$" { {{ if eq $proto "uwsgi" }} include uwsgi_params; uwsgi_pass {{ trim $proto }}://{{ trim $upstream_name }}; {{ else if eq $proto "fastcgi" }} - root {{ trim $vhost_root }}; include fastcgi_params; + {{ if $vhost_index }} + fastcgi_param SCRIPT_FILENAME $document_root/{{ $vhost_index }}; + {{ end }} fastcgi_pass {{ trim $upstream_name }}; {{ else if eq $proto "grpc" }} grpc_pass {{ trim $proto }}://{{ trim $upstream_name }}; @@ -351,6 +360,36 @@ server { proxy_pass {{ trim $proto }}://{{ trim $upstream_name }}; {{ end }} + {{ if (exists (printf "/etc/nginx/htpasswd/%s" $host)) }} + auth_basic "Restricted {{ $host }}"; + auth_basic_user_file {{ (printf "/etc/nginx/htpasswd/%s" $host) }}; + {{ end }} + {{ if (exists (printf "/etc/nginx/vhost.d/%s_location" $host)) }} + include {{ printf "/etc/nginx/vhost.d/%s_location" $host}}; + {{ else if (exists "/etc/nginx/vhost.d/default_location") }} + include /etc/nginx/vhost.d/default_location; + {{ end }} + } + {{ end }} + location / { + {{ if not $vhost_upstream_regexes }} + {{ if eq $proto "uwsgi" }} + include uwsgi_params; + uwsgi_pass {{ trim $proto }}://{{ trim $upstream_name }}; + {{ else if eq $proto "fastcgi" }} + include fastcgi_params; + {{ if $vhost_index }} + fastcgi_param SCRIPT_FILENAME $document_root/{{ $vhost_index }}; + {{ end }} + fastcgi_pass {{ trim $upstream_name }}; + {{ else }} + proxy_pass {{ trim $proto }}://{{ trim $upstream_name }}; + {{ end }} + {{ else if $vhost_index }} + index {{ $vhost_index }}; + try_files $uri $uri/ /{{ $vhost_index }}?$query_string; + {{ end }} + {{ if (exists (printf "/etc/nginx/htpasswd/%s" $host)) }} auth_basic "Restricted {{ $host }}"; auth_basic_user_file {{ (printf "/etc/nginx/htpasswd/%s" $host) }}; @@ -389,19 +428,54 @@ server { include /etc/nginx/vhost.d/default; {{ end }} - location / { + {{ if $vhost_upstream_regexes }} + root {{ trim $vhost_root }}; + location ~* "^({{ $vhost_upstream_regexes }})$" { {{ if eq $proto "uwsgi" }} include uwsgi_params; uwsgi_pass {{ trim $proto }}://{{ trim $upstream_name }}; {{ else if eq $proto "fastcgi" }} - root {{ trim $vhost_root }}; include fastcgi_params; + {{ if $vhost_index }} + fastcgi_param SCRIPT_FILENAME $document_root/{{ $vhost_index }}; + {{ end }} fastcgi_pass {{ trim $upstream_name }}; {{ else if eq $proto "grpc" }} grpc_pass {{ trim $proto }}://{{ trim $upstream_name }}; {{ else }} proxy_pass {{ trim $proto }}://{{ trim $upstream_name }}; {{ end }} + + {{ if (exists (printf "/etc/nginx/htpasswd/%s" $host)) }} + auth_basic "Restricted {{ $host }}"; + auth_basic_user_file {{ (printf "/etc/nginx/htpasswd/%s" $host) }}; + {{ end }} + {{ if (exists (printf "/etc/nginx/vhost.d/%s_location" $host)) }} + include {{ printf "/etc/nginx/vhost.d/%s_location" $host}}; + {{ else if (exists "/etc/nginx/vhost.d/default_location") }} + include /etc/nginx/vhost.d/default_location; + {{ end }} + } + {{ end }} + location / { + {{ if not $vhost_upstream_regexes }} + {{ if eq $proto "uwsgi" }} + include uwsgi_params; + uwsgi_pass {{ trim $proto }}://{{ trim $upstream_name }}; + {{ else if eq $proto "fastcgi" }} + include fastcgi_params; + {{ if $vhost_index }} + fastcgi_param SCRIPT_FILENAME $document_root/{{ $vhost_index }}; + {{ end }} + fastcgi_pass {{ trim $upstream_name }}; + {{ else }} + proxy_pass {{ trim $proto }}://{{ trim $upstream_name }}; + {{ end }} + {{ else if $vhost_index }} + index {{ $vhost_index }}; + try_files $uri $uri/ /{{ $vhost_index }}?$query_string; + {{ end }} + {{ if (exists (printf "/etc/nginx/htpasswd/%s" $host)) }} auth_basic "Restricted {{ $host }}"; auth_basic_user_file {{ (printf "/etc/nginx/htpasswd/%s" $host) }};