conf: minor formatting fixes

conf: add some missing escapes
conf: improve logging configuration
2025-06-06 11:40:09 +03:00 · 2025-06-06 11:39:23 +03:00 · 2025-06-06 11:36:17 +03:00 · 2025-06-06 11:31:38 +03:00
24 changed files with 115 additions and 84 deletions
--- a/angie/autoconf/core-error-log.conf.j2
+++ b/angie/autoconf/core-error-log.conf.j2
@@ -1,4 +1,3 @@
-{%- import 'snip/log.j2mod' as ngx_log -%}
+{%- import 'snip/log.j2mod' as _log -%}
-
+{#- {{ _log.error_log(dest='error.log', level=env.NGX_LOGLEVEL) }} -#}
-{# {{ ngx_log.error_log(dest='error.log', level=env.NGX_LOGLEVEL) }} #}
+{{ _log.error_log(level=env.NGX_LOGLEVEL) }}
 {{ ngx_log.error_log(level=env.NGX_LOGLEVEL) }}
--- a/angie/autoconf/http-access-log/default.conf.j2
+++ b/angie/autoconf/http-access-log/default.conf.j2
@@ -1,4 +1,3 @@
-{%- import 'snip/log.j2mod' as ngx_log -%}
+{%- import 'snip/log.j2mod' as _log -%}
-
+{#- {{ _log.access_log(dest='access.log', format='main') }} -#}
-{# {{ ngx_log.access_log(dest='access.log', format='main') }} #}
+{{ _log.access_log(format='main') }}
 {{ ngx_log.access_log(format='main') }}
--- a/angie/conf/brotli/types.conf.j2
+++ b/angie/conf/brotli/types.conf.j2
@@ -3,7 +3,7 @@
 {%- if mime_types -%}
 brotli_types
 {%- for t in mime_types %}
-    {{ t }}
+    {{ t | ngx_esc }}
 {%- endfor %}
 ;
 {%- endif -%}
--- a/angie/conf/gzip/types.conf.j2
+++ b/angie/conf/gzip/types.conf.j2
@@ -3,7 +3,7 @@
 {%- if mime_types -%}
 gzip_types
 {%- for t in mime_types %}
-    {{ t }}
+    {{ t | ngx_esc }}
 {%- endfor %}
 ;
 {%- endif -%}
--- a/angie/conf/http-ssl.conf.j2
+++ b/angie/conf/http-ssl.conf.j2
@@ -4,7 +4,7 @@ include conf/ssl/*.conf;
 ssl_buffer_size  4k;
 {%- if env.NGX_HTTP_SSL_PROFILE %}
-include snip/ssl-{{ env.NGX_HTTP_SSL_PROFILE }};
+include  {{ "snip/ssl-{}".format(env.NGX_HTTP_SSL_PROFILE) | ngx_esc }};
 {%- endif %}
 {%- if j2cfg.tls.stapling.enable %}
--- a/angie/conf/mail-ssl.conf.j2
+++ b/angie/conf/mail-ssl.conf.j2
@@ -1,5 +1,5 @@
 include conf/ssl/*.conf;
 {%- if env.NGX_MAIL_SSL_PROFILE %}
-include snip/ssl-{{ env.NGX_MAIL_SSL_PROFILE }};
+include  {{ "snip/ssl-{}".format(env.NGX_MAIL_SSL_PROFILE) | ngx_esc }};
 {%- endif %}
--- a/angie/conf/stream-ssl.conf.j2
+++ b/angie/conf/stream-ssl.conf.j2
@@ -1,5 +1,5 @@
 include conf/ssl/*.conf;
 {%- if env.NGX_STREAM_SSL_PROFILE %}
-include snip/ssl-{{ env.NGX_STREAM_SSL_PROFILE }};
+include  {{ "snip/ssl-{}".format(env.NGX_STREAM_SSL_PROFILE) | ngx_esc }};
 {%- endif %}
--- a/angie/conf/zstd/types.conf.j2
+++ b/angie/conf/zstd/types.conf.j2
@@ -3,7 +3,7 @@
 {%- if mime_types -%}
 zstd_types
 {%- for t in mime_types %}
-    {{ t }}
+    {{ t | ngx_esc }}
 {%- endfor %}
 ;
 {%- endif -%}
--- a/angie/j2cfg/00-headers.yml.j2
+++ b/angie/j2cfg/00-headers.yml.j2
@@ -1,6 +1,6 @@
 {%- set transparent = false -%}
 {%- if env.NGX_HTTP_TRANSPARENT_PROXY != None -%}
-  {%- set transparent = (env.NGX_HTTP_TRANSPARENT_PROXY | from_gobool) -%}
+  {%- set transparent = env.NGX_HTTP_TRANSPARENT_PROXY | from_gobool -%}
 {%- endif -%}
 ---
--- a/angie/snip/cache.j2mod
+++ b/angie/snip/cache.j2mod
@@ -1,55 +1,55 @@
-{%- macro proxy_cache_path(name, size='1m') %}
+{% macro proxy_cache_path(name, size='1m') %}
-{%- set path = '/run/ngx/cache'|join_prefix('proxy_' + name) -%}
+  {%- set path = join_prefix('/run/ngx/cache', 'proxy_' + name) -%}
-{%- set zone_file = '/run/ngx/lib'|join_prefix('proxy_' + name + '.keys') -%}
+  {%- set zone_file = join_prefix('/run/ngx/lib', 'proxy_' + name + '.keys') -%}
 proxy_cache_path  {{ path | ngx_esc }}
  {{ "keys_zone={}:{}:file={}".format(name, size, zone_file) | ngx_esc }}
-{%- for v in varargs %}
+  {%- for v in varargs %}
  {{ v | ngx_esc }}
-{%- endfor %}
+  {%- endfor %}
-{%- for k, v in kwargs|dictsort %}
+  {%- for k, v in kwargs|dictsort %}
  {{ "{}={}".format(k, v) | ngx_esc }}
-{%- endfor %}
+  {%- endfor %}
 ;
-{%- endmacro %}
+{% endmacro %}
-{%- macro fastcgi_cache_path(name, size='1m') %}
+{% macro fastcgi_cache_path(name, size='1m') %}
-{%- set path = '/run/ngx/cache'|join_prefix('fastcgi_' + name) -%}
+  {%- set path = join_prefix('/run/ngx/cache', 'fastcgi_' + name) -%}
 fastcgi_cache_path  {{ path | ngx_esc }}
  {{ "keys_zone={}:{}".format(name, size) | ngx_esc }}
-{%- for v in varargs %}
+  {%- for v in varargs %}
  {{ v | ngx_esc }}
-{%- endfor %}
+  {%- endfor %}
-{%- for k, v in kwargs|dictsort %}
+  {%- for k, v in kwargs|dictsort %}
  {{ "{}={}".format(k, v) | ngx_esc }}
-{%- endfor %}
+  {%- endfor %}
 ;
-{%- endmacro %}
+{% endmacro %}
-{%- macro scgi_cache(name, size='1m') %}
+{% macro scgi_cache(name, size='1m') %}
-{%- set path = '/run/ngx/cache'|join_prefix('scgi_' + name) -%}
+  {%- set path = join_prefix('/run/ngx/cache', 'scgi_' + name) -%}
 scgi_cache  {{ path | ngx_esc }}
  {{ "keys_zone={}:{}".format(name, size) | ngx_esc }}
-{%- for v in varargs %}
+  {%- for v in varargs %}
  {{ v | ngx_esc }}
-{%- endfor %}
+  {%- endfor %}
-{%- for k, v in kwargs|dictsort %}
+  {%- for k, v in kwargs|dictsort %}
  {{ "{}={}".format(k, v) | ngx_esc }}
-{%- endfor %}
+  {%- endfor %}
 ;
-{%- endmacro %}
+{% endmacro %}
-{%- macro uwsgi_cache(name, size='1m') %}
+{% macro uwsgi_cache(name, size='1m') %}
-{%- set path = '/run/ngx/cache'|join_prefix('uwsgi_' + name) -%}
+  {%- set path = join_prefix('/run/ngx/cache', 'uwsgi_' + name) -%}
 uwsgi_cache  {{ path | ngx_esc }}
  {{ "keys_zone={}:{}".format(name, size) | ngx_esc }}
-{%- for v in varargs %}
+  {%- for v in varargs %}
  {{ v | ngx_esc }}
-{%- endfor %}
+  {%- endfor %}
-{%- for k, v in kwargs|dictsort %}
+  {%- for k, v in kwargs|dictsort %}
  {{ "{}={}".format(k, v) | ngx_esc }}
-{%- endfor %}
+  {%- endfor %}
 ;
-{%- endmacro %}
+{% endmacro %}
--- a/angie/snip/fastcgi-response-headers.j2
+++ b/angie/snip/fastcgi-response-headers.j2
@@ -3,5 +3,5 @@
 {%- set resp_hdr_dict = j2cfg.response_headers or {} -%}
 {%- set resp_hdr_list = resp_hdr_dict | dict_keys -%}
 {%- for h in resp_hdr_list %}
-fastcgi_hide_header  {{ h }};
+fastcgi_hide_header  {{ h | ngx_esc }};
 {%- endfor %}
--- a/angie/snip/grpc-request-headers.j2
+++ b/angie/snip/grpc-request-headers.j2
@@ -2,5 +2,5 @@
 ## set/remove request headers
 {%- set req_hdr_dict = j2cfg.request_headers or {} -%}
 {%- for h, v in req_hdr_dict|dictsort %}
-grpc_set_header  {{ h }}  {{ v | ngx_esc }};
+grpc_set_header  {{ h | ngx_esc }}  {{ v | ngx_esc }};
 {%- endfor %}
--- a/angie/snip/grpc-response-headers.j2
+++ b/angie/snip/grpc-response-headers.j2
@@ -3,5 +3,5 @@
 {%- set resp_hdr_dict = j2cfg.response_headers or {} -%}
 {%- set resp_hdr_list = resp_hdr_dict | dict_keys -%}
 {%- for h in resp_hdr_list %}
-grpc_hide_header  {{ h }};
+grpc_hide_header  {{ h | ngx_esc }};
 {%- endfor %}
--- a/angie/snip/http-response-headers.j2
+++ b/angie/snip/http-response-headers.j2
@@ -2,5 +2,5 @@
 ## add response headers
 {%- set resp_hdr_dict = j2cfg.response_headers or {} -%}
 {%- for h, v in resp_hdr_dict|dictsort %}
-add_header  {{ h }}  {{ v | ngx_esc }};
+add_header  {{ h | ngx_esc }}  {{ v | ngx_esc }};
 {%- endfor %}
--- a/angie/snip/log.j2mod
+++ b/angie/snip/log.j2mod
@@ -1,12 +1,35 @@
-{%- macro error_log(dest='error.log', level='warn') %}
+{% macro error_log(dest='error.log', level='warn') %}
-error_log  {{ '/run/ngx/log'|join_prefix(dest) | ngx_esc }}  {{ level | ngx_esc }};
+  {%- if dest == 'off' %}
-{%- endmacro %}
+## not a really disabled log but quiet as less as possible
 error_log stderr emerg;
  {%- else %}
 error_log
    {%- if dest == 'stderr' %}
  {{ dest }}
    {%- elif dest.startswith('syslog:') %}
  {{ dest | ngx_esc }}
    {%- else %}
  {{ join_prefix('/run/ngx/log', dest) | ngx_esc }}
    {%- endif %}
  {{ level | ngx_esc }};
  {%- endif %}
 {% endmacro %}
-{%- macro access_log(dest='access.log', format='main') %}
+{% macro access_log(dest='access.log', format='main') %}
-access_log  {{ '/run/ngx/log'|join_prefix(dest) | ngx_esc }}  {{ format | ngx_esc }}
+  {%- if dest == 'off' %}
-{%- for k, v in kwargs|dictsort %}
+access_log off;
  {%- else %}
 access_log
    {%- if dest.startswith('syslog:') %}
  {{ dest | ngx_esc }}
    {%- else %}
  {{ join_prefix('/run/ngx/log', dest) | ngx_esc }}
    {%- endif %}
  {{ format | ngx_esc }}
    {%- for k, v in kwargs|dictsort %}
  {{ "{}={}".format(k, v) | ngx_esc }}
-{%- endfor %}
+    {%- endfor %}
 ;
-{%- endmacro %}
+  {%- endif %}
 {% endmacro %}
--- a/angie/snip/proxy-request-headers.j2
+++ b/angie/snip/proxy-request-headers.j2
@@ -2,5 +2,5 @@
 ## set/remove request headers
 {%- set req_hdr_dict = j2cfg.request_headers or {} -%}
 {%- for h, v in req_hdr_dict|dictsort %}
-proxy_set_header  {{ h }}  {{ v | ngx_esc }};
+proxy_set_header  {{ h | ngx_esc }}  {{ v | ngx_esc }};
 {%- endfor %}
--- a/angie/snip/proxy-response-headers.j2
+++ b/angie/snip/proxy-response-headers.j2
@@ -3,5 +3,5 @@
 {%- set resp_hdr_dict = j2cfg.response_headers or {} -%}
 {%- set resp_hdr_list = resp_hdr_dict | dict_keys -%}
 {%- for h in resp_hdr_list %}
-proxy_hide_header  {{ h }};
+proxy_hide_header  {{ h | ngx_esc }};
 {%- endfor %}
--- a/angie/snip/scgi-response-headers.j2
+++ b/angie/snip/scgi-response-headers.j2
@@ -3,5 +3,5 @@
 {%- set resp_hdr_dict = j2cfg.response_headers or {} -%}
 {%- set resp_hdr_list = resp_hdr_dict | dict_keys -%}
 {%- for h in resp_hdr_list %}
-scgi_hide_header  {{ h }};
+scgi_hide_header  {{ h | ngx_esc }};
 {%- endfor %}
--- a/angie/snip/ssl-profile.j2inc
+++ b/angie/snip/ssl-profile.j2inc
@@ -1,28 +1,28 @@
 {%- if ssl_profile.protocols %}
-ssl_protocols {{ ssl_profile.protocols }};
+ssl_protocols {{ ssl_profile.protocols | ngx_esc }};
 {%- endif %}
 {%- if ssl_profile.prefer_server_ciphers %}
-ssl_prefer_server_ciphers {{ ssl_profile.prefer_server_ciphers }};
+ssl_prefer_server_ciphers {{ ssl_profile.prefer_server_ciphers | ngx_esc }};
 {%- endif %}
 {%- if ssl_profile.ciphers %}
-ssl_ciphers {{ ssl_profile.ciphers }};
+ssl_ciphers {{ ssl_profile.ciphers | ngx_esc }};
 {%- endif %}
 {%- if ssl_profile.dhparam %}
-ssl_dhparam {{ ssl_profile.dhparam }};
+ssl_dhparam {{ ssl_profile.dhparam | ngx_esc }};
 {%- endif %}
 {%- if ssl_profile.ecdh_curve %}
-ssl_ecdh_curve {{ ssl_profile.ecdh_curve }};
+ssl_ecdh_curve {{ ssl_profile.ecdh_curve | ngx_esc }};
 {%- endif %}
 {%- if ssl_profile.session_cache %}
-ssl_session_cache {{ ssl_profile.session_cache }};
+ssl_session_cache {{ ssl_profile.session_cache | ngx_esc }};
 {%- endif %}
 {%- if ssl_profile.session_timeout %}
-ssl_session_timeout {{ ssl_profile.session_timeout }};
+ssl_session_timeout {{ ssl_profile.session_timeout | ngx_esc }};
 {%- endif %}
 {%- if ssl_profile.session_tickets %}
-ssl_session_tickets {{ ssl_profile.session_tickets }};
+ssl_session_tickets {{ ssl_profile.session_tickets | ngx_esc }};
 {%- endif %}
 {%- if ssl_profile.session_ticket_key %}
-ssl_session_ticket_key {{ ssl_profile.session_ticket_key }};
+ssl_session_ticket_key {{ ssl_profile.session_ticket_key | ngx_esc }};
 {%- endif %}
--- a/angie/snip/uwsgi-response-headers.j2
+++ b/angie/snip/uwsgi-response-headers.j2
@@ -3,5 +3,5 @@
 {%- set resp_hdr_dict = j2cfg.response_headers or {} -%}
 {%- set resp_hdr_list = resp_hdr_dict | dict_keys -%}
 {%- for h in resp_hdr_list %}
-uwsgi_hide_header  {{ h }};
+uwsgi_hide_header  {{ h | ngx_esc }};
 {%- endfor %}
--- a/doc/examples/config-template/README.md
+++ b/doc/examples/config-template/README.md
@@ -3,12 +3,12 @@
 configuration:
 ```nginx
-{%- import 'snip/cache.j2mod' as ngx_cache -%}
+{%- import 'snip/cache.j2mod' as _cache -%}
 {%- set my_caches = (j2cfg.my_caches or []) -%}
 {%- for h in my_caches %}
-{{ ngx_cache.proxy_cache_path(h.name, size='10m', levels='1:2', inactive=h.max_time) }}
+{{ _cache.proxy_cache_path(h.name, size='10m', levels='1:2', inactive=h.max_time) }}
 {%- endfor %}
 server {
--- a/doc/examples/config-template/conf/site/http-my-cache.conf.j2
+++ b/doc/examples/config-template/conf/site/http-my-cache.conf.j2
@@ -1,4 +1,4 @@
-{%- import 'snip/cache.j2mod' as ngx_cache -%}
+{%- import 'snip/cache.j2mod' as _cache -%}
 {%- set my_caches = (j2cfg.my_caches or []) -%}
 map $uri
@@ -34,7 +34,7 @@ proxy_cache_use_stale     error  timeout  invalid_header  updating  http_429  ht
 proxy_cache_revalidate    on;
 {%- for h in my_caches %}
-{{ ngx_cache.proxy_cache_path(h.name, size='10m', levels='1:2', inactive=h.max_time) }}
+{{ _cache.proxy_cache_path(h.name, size='10m', levels='1:2', inactive=h.max_time) }}
 {%- endfor %}
 server {
--- a/j2cfg/j2cfg/init.py
+++ b/j2cfg/j2cfg/init.py
@@ -8,8 +8,8 @@ import jinja2
 import wcmatch.wcmatch
 import yaml
 from .functions import *
 from .settings import *
 from .functions import *
 J2CFG_CONFIG_EXT = ['yml', 'yaml', 'json']
@@ -161,12 +161,6 @@ class J2cfg:
            'env_vars_preserve': J2CFG_PRESERVE_ENVS,
            'env_vars_passthrough': J2CFG_PASSTHROUGH_ENVS,
        })
        for m in self.modules:
            if m in self.kwargs:
                print(f'J2cfg: kwargs already has {m} key',
                      file=sys.stderr)
                continue
            self.kwargs[m] = importlib.import_module(m)
        self.j2fs_loaders = {
            d: jinja2.FileSystemLoader(
@@ -181,13 +175,26 @@ class J2cfg:
        )
        def init_env(e: jinja2.Environment):
            for m in self.modules:
                if m in e.globals:
                    print(f'J2cfg: globals already has {m} key, module will not be imported',
                          file=sys.stderr)
                    continue
                e.globals.update({m: importlib.import_module(m)})
            for s in J2CFG_FUNCTIONS:
                n = s.__name__
                if n in e.globals:
                    print(f'J2cfg: globals already has {n} key, function will not be imported',
                          file=sys.stderr)
                    continue
                e.globals.update({n: s})
            for s in J2CFG_FILTERS:
                n = s.__name__
                if n in e.filters:
-                    print(f'J2cfg: filters already has {n} key',
+                    print(f'J2cfg: filters already has {n} key, filter will not be imported',
                          file=sys.stderr)
                    continue
-                e.filters[n] = s
+                e.filters.update({n: s})
        init_env(self.j2env)
--- a/j2cfg/j2cfg/functions.py
+++ b/j2cfg/j2cfg/functions.py
@@ -354,7 +354,7 @@ def join_prefix(prefix: str, *paths) -> str:
    return rv
-J2CFG_FILTERS = [
+J2CFG_FUNCTIONS = [
    any_to_env_dict,
    any_to_str_list,
    as_cgi_hdr,
@@ -380,8 +380,11 @@ J2CFG_FILTERS = [
    re_sub,
    remove_empty_str,
    remove_non_str,
    sh_like_file_to_list,
    str_split_to_list,
    uniq,
    uniq_str_list,
 ]
 J2CFG_FILTERS = J2CFG_FUNCTIONS + [
    sh_like_file_to_list,
 ]
Author	SHA1	Message	Date
Konstantin Demin	34f0d4bb8e	conf: minor formatting fixes	2025-06-06 11:40:09 +03:00
Konstantin Demin	db627f7255	conf: add some missing escapes	2025-06-06 11:39:23 +03:00
Konstantin Demin	50d0bbeedf	conf: improve logging configuration - both "error_log()" and "access_log()" now support "syslog:" prefix - "error_log()" supports "stderr" destination - both "error_log()" and "access_log()" now support "off" destination (with minor notes for "error_log()")	2025-06-06 11:36:17 +03:00
Konstantin Demin	d0ae5d79c9	j2cfg: improve loading - provide almost all implemented helper functions as functions and filters (was: only filters) - improve diagnostic messages during load	2025-06-06 11:31:38 +03:00