# Verify that the requested reverse proxy destination is valid: # - protocol is http(s):// or unix: for socket file # - plaintext http is only allowed to localhost (to avoid leaking credentials on the network) # - http(s) destination is webroot, no additional component allowed (eg. http://localhost:1234/test is invalid) rp_validate_proxy_path() { if [[ "$proxy_path" == unix:/* ]]; then # Final nginx config is http://unix:/path/to.socket proxy_path="http://$proxy_path" elif [[ ! "$proxy_path" == http://unix:/* ]]; then # Not unix domain socket... check URL is localhost url_regex='^(http://(127\.[0-9]+\.[0-9]+\.[0-9]+|localhost)|https://.*)(:[0-9]+)?(/.*)?$' [[ ! "$proxy_path" =~ $url_regex ]] && ynh_die \ "For secure reason, you can't use an unencrypted http remote destination couple with ssowat for your reverse proxy: $proxy_path" 1 # Don't allow trailing slash or additional URI components in proxy_path if not unix domain socket if [[ "$proxy_path" =~ ^https?:// ]]; then res="${proxy_path//[^\/]}" if [[ "${#res}" != "2" ]]; then if [[ "${#res}" = "3" ]] && [[ "$proxy_path" =~ /$ ]]; then # If it's only one trailing slash (no more components), just remove it proxy_path="${proxy_path::-1}" else ynh_die "Reverse proxy URL cannot contain additional slashes or components: $proxy_path" 1 fi fi fi fi } # Verify that the requested assets path is valid # - is a local folder # - ends with a / # Sets the alias line for serving static files, # and the try_files line for trying those static files first rp_validate_assets_path() { if [[ "$assets_path" = "" ]]; then assets_alias="# No static files to serve" try_files="try_files /dev/null @${app}--proxy;" else if [ ! -d "$assets_path" ]; then ynh_die "Requested assets path "$assets_path" does not exist" 1 fi if [[ ! "$assets_path" =~ /$ ]]; then # Append missing trailing / assets_path=""${assets_path}"/" fi assets_alias="alias $assets_path;" try_files="try_files \$uri \$uri/ @${app}--proxy;" fi } # When the app is not in the webroot (path = /), need to add a redirect block # to app/ so relative URLs work rp_handle_webroot() { if [[ "$path" = "/" ]]; then path_slash="/" redirect_block="# Not needed for webroot" else path_slash=""$path"/" redirect_block="location = "$path" { return 302 "$path_slash"; }" fi }