bunkerweb 1.4.0

core/reverseproxy/confs/http/reverse-proxy.conf

@@ -0,0 +1,8 @@
+{% if has_variable(all, "USE_PROXY_CACHE", "yes") +%}
+proxy_cache_path /opt/bunkerweb/tmp/proxy_cache levels={{ PROXY_CACHE_PATH_LEVELS }} keys_zone=proxycache:{{ PROXY_CACHE_PATH_ZONE_SIZE }} {{ PROXY_CACHE_PATH_PARAMS }};
+{% endif %}
+
+map $http_upgrade $connection_upgrade {
+  default upgrade;
+  '' close;
+}

core/reverseproxy/confs/server-http/reverse-proxy.conf

@@ -0,0 +1,64 @@
+{% if USE_REVERSE_PROXY == "yes" +%}
+
+	{% if REVERSE_PROXY_INTERCEPT_ERRORS == "yes" +%}
+proxy_intercept_errors on;
+	{% else +%}
+proxy_intercept_errors off;
+	{% endif +%}
+
+    {% if USE_PROXY_CACHE == "yes" +%}
+proxy_cache proxycache;
+proxy_cache_methods {{ PROXY_CACHE_METHODS }};
+proxy_cache_min_uses {{ PROXY_CACHE_MIN_USES }};
+proxy_cache_key {{ PROXY_CACHE_KEY }};
+proxy_no_cache {{ PROXY_NO_CACHE }};
+proxy_cache_bypass {{ PROXY_CACHE_BYPASS }};
+        {% if PROXY_CACHE_VALID != "" +%}
+            {% for element in PROXY_CACHE_VALID.split(" ") +%}
+proxy_cache_valid {{ element.split("=")[0] }} {{ element.split("=")[1] }};
+            {% endfor %}
+add_header X-Proxy-Cache $upstream_cache_status;
+        {% endif %}
+
+    {% endif %}
+
+	{% for k, v in all.items() %}
+		{% if k.startswith("REVERSE_PROXY_URL") and v != "" +%}
+			{% set url = v %}
+			{% set host = all[k.replace("URL", "HOST")] if k.replace("URL", "HOST") in all else "" %}
+			{% set ws = all[k.replace("URL", "WS")] if k.replace("URL", "WS") in all else "" %}
+			{% set headers = all[k.replace("URL", "HEADERS")] if k.replace("URL", "HEADERS") in all else "" %}
+			{% set buffering = all[k.replace("URL", "BUFFERING")] if k.replace("URL", "BUFFERING") in all else "yes" %}
+			{% set keepalive = all[k.replace("URL", "KEEPALIVE")] if k.replace("URL", "KEEPALIVE") in all else "yes" %}
+location {{ url }} {% raw %}{{% endraw +%}
+	etag off;
+	set $backend "{{ host }}";
+	proxy_pass $backend;
+	proxy_set_header Host $host;
+	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+	proxy_set_header X-Real-IP $remote_addr;
+	proxy_set_header X-Forwarded-Proto $scheme;
+	proxy_set_header X-Forwarded-Protocol $scheme;
+	proxy_set_header X-Forwarded-Host $http_host;
+	{% if buffering == "yes" +%}
+	proxy_buffering on;
+	{% else +%}
+	proxy_buffering off;
+	{% endif %}
+			{% if ws == "yes" +%}
+	proxy_http_version 1.1;
+	proxy_set_header Upgrade $http_upgrade;
+	proxy_set_header Connection $connection_upgrade;
+			{% elif keepalive == "yes" +%}
+	proxy_http_version 1.1;
+	proxy_set_header Connection "";
+			{% endif %}
+			{% if headers != "" %}
+				{% for header in headers.split(";") +%}
+	proxy_set_header {{ header }};
+				{% endfor %}
+			{% endif %}
+{% raw %}}{% endraw %}
+		{% endif %}
+	{% endfor %}
+{% endif %}

core/reverseproxy/plugin.json

@@ -0,0 +1,177 @@
+{
+	"id": "reverseproxy",
+	"order": 999,
+	"name": "Reverse proxy",
+	"description": "Manage reverse proxy configurations.",
+	"version": "0.1",
+	"settings": {
+		"USE_REVERSE_PROXY": {
+			"context": "multisite",
+			"default": "no",
+			"help": "Activate reverse proxy mode.",
+			"id": "use-reverse-proxy",
+			"label": "Use reverse proxy",
+			"regex": "^(yes|no)$",
+			"type": "check"
+		},
+		"REVERSE_PROXY_INTERCEPT_ERRORS": {
+			"context": "multisite",
+			"default": "yes",
+			"help": "Intercept and rewrite errors.",
+			"id": "reverse-proxy-intercept-errors",
+			"label": "Intercept errors",
+			"regex": "^(yes|no)$",
+			"type": "check"
+		},
+		"REVERSE_PROXY_HOST": {
+			"context": "multisite",
+			"default": "",
+			"help": "Full URL of the proxied resource (proxy_pass).",
+			"id": "reverse-proxy-host",
+			"label": "Reverse proxy host",
+			"regex": "^.*$",
+			"type": "text",
+			"multiple": "reverse-proxy"
+		},
+		"REVERSE_PROXY_URL": {
+			"context": "multisite",
+			"default": "",
+			"help": "Location URL that will be proxied.",
+			"id": "reverse-proxy-url",
+			"label": "Reverse proxy url",
+			"regex": "^.*$",
+			"type": "text",
+			"multiple": "reverse-proxy"
+		},
+		"REVERSE_PROXY_WS": {
+			"context": "multisite",
+			"default": "no",
+			"help": "Enable websocket on the proxied resource.",
+			"id": "reverse-proxy-ws",
+			"label": "Reverse proxy WS",
+			"regex": "^(yes|no)$",
+			"type": "check",
+			"multiple": "reverse-proxy"
+		},
+		"REVERSE_PROXY_HEADERS": {
+			"context": "multisite",
+			"default": "",
+			"help": "List of HTTP headers to send to proxied resource.",
+			"id": "reverse-proxy-headers",
+			"label": "Reverse proxy headers",
+			"regex": "^.*$",
+			"type": "text",
+			"multiple": "reverse-proxy"
+		},
+		"REVERSE_PROXY_BUFFERING": {
+			"context": "multisite",
+			"default": "yes",
+			"help": "Enable or disable buffering of responses from proxied resource.",
+			"id": "reverse-proxy-buffering",
+			"label": "Reverse proxy buffering",
+			"regex": "^(yes|no)$",
+			"type": "check",
+			"multiple": "reverse-proxy"
+		},
+		"REVERSE_PROXY_KEEPALIVE": {
+			"context": "multisite",
+			"default": "no",
+			"help": "Enable or disable keepalive connections with the proxied resource.",
+			"id": "reverse-proxy-keepalive",
+			"label": "Reverse proxy keepalive",
+			"regex": "^(yes|no)$",
+			"type": "check",
+			"multiple": "reverse-proxy"
+		},
+		"USE_PROXY_CACHE": {
+			"context": "multisite",
+			"default": "no",
+			"help": "Enable or disable caching of the proxied resources.",
+			"id": "use-proxy-cache",
+			"label": "Reverse proxy cache",
+			"regex": "^(yes|no)$",
+			"type": "check"
+		},
+		"PROXY_CACHE_PATH_LEVELS": {
+			"context": "global",
+			"default": "1:2",
+			"help": "Hierarchy levels of the cache.",
+			"id": "proxy-cache-path-levels",
+			"label": "Hierarchy levels",
+			"regex": "^.*$",
+			"type": "text"
+		},
+		"PROXY_CACHE_PATH_ZONE_SIZE": {
+			"context": "global",
+			"default": "10m",
+			"help": "Maximum size of cached metadata when caching proxied resources.",
+			"id": "proxy-cache-path-zone-size",
+			"label": "Reverse proxy cache zone size",
+			"regex": "^.*$",
+			"type": "text"
+		},
+		"PROXY_CACHE_PATH_PARAMS": {
+			"context": "global",
+			"default": "max_size=100m",
+			"help": "Additional parameters to add to the proxy_cache directive.",
+			"id": "proxy-cache-path-params",
+			"label": "Reverse proxy cache params",
+			"regex": "^.*$",
+			"type": "text"
+		},
+		"PROXY_CACHE_METHODS": {
+			"context": "multisite",
+			"default": "GET HEAD",
+			"help": "HTTP methods that should trigger a cache operation.",
+			"id": "proxy-cache-methods",
+			"label": "Reverse proxy cache methods",
+			"regex": "^.*$",
+			"type": "text"
+		},
+		"PROXY_CACHE_MIN_USES": {
+			"context": "multisite",
+			"default": "2",
+			"help": "The minimimum number of requests before a response is cached.",
+			"id": "proxy-cache-min-uses",
+			"label": "Reverse proxy cache minimum uses",
+			"regex": "^.*$",
+			"type": "text"
+		},
+		"PROXY_CACHE_KEY": {
+			"context": "multisite",
+			"default": "$scheme$host$request_uri",
+			"help": "The key used to uniquely identify a cached response.",
+			"id": "proxy-cache-key",
+			"label": "Reverse proxy cache key",
+			"regex": "^.*$",
+			"type": "text"
+		},
+		"PROXY_CACHE_VALID": {
+			"context": "multisite",
+			"default": "200=24h 301=1h 302=24h",
+			"help": "Define the caching time dependending on the HTTP status code (list of status=time).",
+			"id": "proxy-cache-valid",
+			"label": "Reverse proxy cache valid",
+			"regex": "^.*$",
+			"type": "text"
+		},
+		"PROXY_NO_CACHE": {
+			"context": "multisite",
+			"default": "$http_pragma $http_authorization",
+			"help": "Conditions to disable caching of responses.",
+			"id": "proxy-no-cache",
+			"label": "Reverse proxy no cache",
+			"regex": "^.*$",
+			"type": "text"
+		},
+		"PROXY_CACHE_BYPASS": {
+			"context": "multisite",
+			"default": "0",
+			"help": "Conditions to bypass caching of responses.",
+			"id": "proxy-cache-bypass",
+			"label": "Reverse proxy bypass",
+			"regex": "^.*$",
+			"type": "text"
+		}
+	}
+}