templating - added missing features in site templates

2021-05-25 17:07:06 +02:00
parent 23aa053003
commit ec19f93081
8 changed files with 119 additions and 30 deletions
--- a/confs2/site/error.conf
+++ b/confs2/site/error.conf
@@ -1,7 +1,13 @@
-error_page {{ CODE }} {{ PAGE }};
+{% if ERRORS != "" %}
+	{% for element in ERRORS.split(" ") %}
+		{% set code = element.split("=")[0] %}
+		{% set page = element.split("=")[1] %}
+error_page {{ code }} {{ page }};

-location = {{ PAGE }} {
+location = {{ page }} {
    root {{ ROOT_FOLDER }};
    modsecurity off;
    internal;
 }
+	{% endfor %}
+{% endif %}
--- a/confs2/site/main-lua.conf
+++ b/confs2/site/main-lua.conf
@@ -1,4 +1,8 @@
+{% if ANTIBOT_SESSION_SECRET == "random" %}
+set $session_secret {{ random(32) }} ;
+{% else %}
 set $session_secret {{ ANTIBOT_SESSION_SECRET }};
+{% endif %}
 set $session_check_addr on;

 access_by_lua_block {
--- a/confs2/site/modsecurity-rules.conf
+++ b/confs2/site/modsecurity-rules.conf
@@ -58,13 +58,26 @@ SecAuditLog /var/log/nginx/modsec_audit.log
 include {{ NGINX_PREFIX }}modsecurity-clamav.conf
 {% endif %}

-# include OWASP CRS rules
+# include OWASP CRS configuration
 {% if USE_MODSECURITY_CRS == "yes" %}
 include /opt/owasp/crs.conf
-# TODO : include without errors ?
-#{{ MODSECURITY_INCLUDE_CUSTOM_CRS }}
+
+# custom CRS configurations before loading rules (exclusions) 
+{% if is_custom_conf("/modsec-crs-confs") %}
+include /modsec-crs-confs/*.conf
+{% endif %}
+{% if MULTISITE == "yes" and is_custom_conf("/modsec-crs-confs/" + FIRST_SERVER) %}
+include /modsec-crs-confs/{{ FIRST_SERVER }}/*.conf
+{% endif %}
+
+# include OWASP CRS rules
 include /opt/owasp/crs/*.conf
 {% endif %}

-# TODO : include custom rules
-# {{ MODSECURITY_INCLUDE_CUSTOM_RULES }}
+# custom rules after loading the CRS
+{% if is_custom_conf("/modsec-confs") %}
+include /modsec-confs/*.conf
+{% endif %}
+{% if MULTISITE == "yes" and is_custom_conf("/modsec-confs/" + FIRST_SERVER) %}
+include /modsec-confs/{{ FIRST_SERVER }}/*.conf
+{% endif %}
--- a/confs2/site/reverse-proxy.conf
+++ b/confs2/site/reverse-proxy.conf
@@ -1,7 +1,25 @@
-location {{ REVERSE_PROXY_URL }} {
+{% if USE_REVERSE_PROXY == "yes" %}
+	{% for k, v in all.items() %}
+		{% if k.startswith("REVERSE_PROXY_URL") %}
+			{% set url = v %}
+			{% set host = all[k.replace("URL", "HOST")] if k.replace("URL", "HOST") in all else "" %}
+			{% set ws = all[k.replace("URL", "WS")] if k.replace("URL", "WS") in all else "" %}
+			{% set headers = all[k.replace("URL", "HEADERS")] if k.replace("URL", "HEADERS") in all else "" %}
+location {{ url }} {% raw %}{{% endraw %}
 	etag off;
-	proxy_pass {{ REVERSE_PROXY_HOST }};
-	{{ REVERSE_PROXY_HEADERS }}
-	{{ REVERSE_PROXY_WS }}
-	{{ REVERSE_PROXY_CUSTOM_HEADERS }}
-}
+	proxy_pass {{ host }};
+	include {{ NGINX_PREFIX }}reverse-proxy-headers.conf;
+			{% if ws == "yes" %}
+	proxy_http_version 1.1;
+	proxy_set_header Upgrade $http_upgrade;
+	proxy_set_header Connection "Upgrade";
+			{% endif %}
+			{% if headers != "" %}
+				{% for header in headers.split(";") %}
+	proxy_set_header {{ header }};
+				{% endfor %}
+			{% endif %}
+{% raw %}}{% endraw %}
+		{% endif %}
+	{% endfor %}
+{% endif %}
--- a/confs2/site/server.conf
+++ b/confs2/site/server.conf
@@ -130,7 +130,8 @@ server {
 	include {{ NGINX_PREFIX }}cookie-flags.conf;
 {% endif %}

-	# TODO : ERRORS
+	# custom errors
+	include {{ NGINX_PREFIX }}error.conf;

 	# client caching
 {% if USE_CLIENT_CACHE == "yes" %}
@@ -165,7 +166,7 @@ server {

 	# reverse proxy
 {% if USE_REVERSE_PROXY == "yes" %}
-	include {{ NGINX_PREFIX }}reverse-proxy-*.conf;
+	include {{ NGINX_PREFIX }}reverse-proxy.conf;
 {% endif %}

 	# remote PHP