jasima/majuna
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

portal: update for jinja2 >= 3.0.1

Browse source
This commit is contained in:
Iain Learmonth 2022-08-12 11:55:14 +01:00
parent 8fde297fb5
commit 9341f7c6a5
1 changed files with 23 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

24
app/terraform/proxy/__init__.py
View file

@ -1,3 +1,4 @@
import os.path
from abc import abstractmethod from abc import abstractmethod
from collections import defaultdict from collections import defaultdict
import datetime import datetime
@ -6,6 +7,7 @@ import string
import random import random
from typing import Dict, Optional, Any, List from typing import Dict, Optional, Any, List
import requests
from sqlalchemy import text from sqlalchemy import text
from tldextract import tldextract from tldextract import tldextract
@ -13,6 +15,7 @@ from app import app
from app.extensions import db from app.extensions import db
from app.models.base import Group from app.models.base import Group
from app.models.mirrors import Proxy, Origin, SmartProxy from app.models.mirrors import Proxy, Origin, SmartProxy
from app.terraform.proxy.lib import all_cdn_prefixes
from app.terraform.terraform import TerraformAutomation from app.terraform.terraform import TerraformAutomation
@ -151,11 +154,15 @@ class ProxyAutomation(TerraformAutomation):
proxies=Proxy.query.filter( proxies=Proxy.query.filter(
Proxy.provider == self.provider, Proxy.destroyed.is_(None)).all(), subgroups=self.get_subgroups(), Proxy.provider == self.provider, Proxy.destroyed.is_(None)).all(), subgroups=self.get_subgroups(),
global_namespace=app.config['GLOBAL_NAMESPACE'], bypass_token=app.config['BYPASS_TOKEN'], global_namespace=app.config['GLOBAL_NAMESPACE'], bypass_token=app.config['BYPASS_TOKEN'],
terraform_modules_path=os.path.join(*list(os.path.split(app.root_path))[:-1], 'terraform-modules'),
**{k: app.config[k.upper()] for k in self.template_parameters}) **{k: app.config[k.upper()] for k in self.template_parameters})
if self.smart_proxies: if self.smart_proxies:
for group in groups: for group in groups:
self.sp_config(group) self.sp_config(group)
def sp_trusted_prefixes(self):
return "\n".join([f"geoip2_proxy {p};" for p in all_cdn_prefixes()])
def sp_config(self, group: Group) -> None: def sp_config(self, group: Group) -> None:
group_origins: List[Origin] = Origin.query.filter( group_origins: List[Origin] = Origin.query.filter(
Origin.group_id == group.id, Origin.group_id == group.id,
@ -163,17 +170,32 @@ class ProxyAutomation(TerraformAutomation):
Origin.smart.is_(True) Origin.smart.is_(True)
).all() ).all()
self.tmpl_write(f"smart_proxy.{group.id}.conf", """ self.tmpl_write(f"smart_proxy.{group.id}.conf", """
geoip2 /usr/share/GeoIP/GeoIP2-City.mmdb {
auto_reload 5m;
$geoip2_metadata_country_build metadata build_epoch;
$geoip2_data_country_code default=US country iso_code;
}
""" + self.sp_trusted_prefixes() + """
geoip2_proxy_recursive on;
map $geoip2_data_country_code $redirect_country {
default yes;
""" + "\n".join([f" {cc} no;" for cc in app.config['CENSORED_COUNTRIES']]) + """
}
{% for origin in origins %} {% for origin in origins %}
server { server {
listen 443 ssl; listen 443 ssl;
server_name origin-{{ origin.id }}.{{ provider }}.smart.{{ smart_zone[:-1] }}; server_name origin-{{ origin.id }}.{{ provider }}.smart.{{ smart_zone[:-1] }};
if ($redirect_country = no) {
rewrite ^ https://{{ origin.domain_name }}$request_uri break;
}
location / { location / {
proxy_set_header Accept-Encoding ""; proxy_set_header Accept-Encoding "";
proxy_ssl_server_name on; proxy_ssl_server_name on;
proxy_pass https://{{ origin.domain_name }}/; proxy_pass https://{{ origin.domain_name }}/;
subs_filter_types text/html text/css text/xml; subs_filter_types text/html text/css text/xml;
subs_filter https://{{ origin.domain_name }}/ /; subs_filter https://{{ origin.domain_name }}/ /;
subs_filter "\\\"https://{{ origin.domain_name }}\\\"" /; subs_filter "([^:]|)\\\"https://{{ origin.domain_name }}\\\"" \\1\\\"/\\\";
{%- for asset_origin in origin.group.origins | selectattr("assets") -%} {%- for asset_origin in origin.group.origins | selectattr("assets") -%}
{%- for asset_proxy in asset_origin.proxies | selectattr("provider", "equalto", provider) | selectattr("deprecated", "none") | selectattr("destroyed", "none") -%} {%- for asset_proxy in asset_origin.proxies | selectattr("provider", "equalto", provider) | selectattr("deprecated", "none") | selectattr("destroyed", "none") -%}
{%- if loop.first %} {%- if loop.first %}