zanbaldwin/Makefile

## domains.json
{
  "domains": {
    "webapp.local": {
      "http": 7780,
      "https": 7743
    }
  }
}

## Makefile
SHELL := bash
.SHELLFLAGS := -eu -o pipefail -c
.ONESHELL:
.DELETE_ON_ERROR:
MAKEFLAGS += --warn-undefined-variables
MAKEFLAGS += --no-builtin-rules
ifeq ($(origin .RECIPEPREFIX), undefined)
  $(error This Make does not support .RECIPEPREFIX; Please use GNU Make 4.0 or later)
endif
.RECIPEPREFIX = >
THIS_MAKEFILE_PATH:=$(word $(words $(MAKEFILE_LIST)),$(MAKEFILE_LIST))
THIS_DIR:=$(shell cd $(dir $(THIS_MAKEFILE_PATH));pwd)
THIS_MAKEFILE:=$(notdir $(THIS_MAKEFILE_PATH))

usage:
> @grep -E '(^[a-zA-Z_-]+:\s*?##.*$$)|(^##)' $(MAKEFILE_LIST) | awk 'BEGIN {FS = ":.?## "}; {printf "\033[32m %-30s\033[0m%s\n", $$1, $$2}' | sed -e 's/\[32m ## /[33m/'
.PHONY: usage
.SILENT: usage

vars:
> @$(foreach V,$(sort $(.VARIABLES)), $(if $(filter-out environment% default automatic, $(origin $V)),$(warning $V = $(value $V))))
.PHONY: vars
.SILENT: vars

require-root:
> [ "$$(id -u)" == "0" ] || { echo "This command must be run as root. Please retry with sudo."; exit 1; }
.PHONY: require-root
.SILENT: require-root

gen: ## Generate Nginx server configuration for Proxy from domains.json
gen: require-root
> command -v "tera" >/dev/null 2>&1 || { echo >&2 "Please install TeraCLI (cargo install tera-cli)."; exit 1; }
> tera --file="$(THIS_DIR)/nginx-server-config.tmpl" --json="$(THIS_DIR)/domains.json" > "$(THIS_DIR)/proxy.conf"
.PHONY: gen
.SILENT: gen

DOMAIN := ""
cert: ## Generate Local Cert for DOMAIN
cert: require-root
> command -v "mkcert" >/dev/null 2>&1 || { echo >&2 "Please install MkCert (github.com/FiloSottile/mkcert)."; exit 1; }
> [ -z "$(DOMAIN)" ] && { echo >&2 "Domain not specified, please add named argument to command (make cert DOMAIN=)"; exit 1; }
> mkdir -p "$(THIS_DIR)/ssl" || { echo >&2 "Could not create SSL directory."; exit 1; }
> mkcert \
    -cert-file "$(THIS_DIR)/ssl/$(DOMAIN).crt" \
    -key-file "$(THIS_DIR)/ssl/$(DOMAIN).key" \
    "localhost" \
    "127.0.0.1" \
    "$(DOMAIN)"
> cp "$$(mkcert -CAROOT)/rootCA.pem" "$(THIS_DIR)/ssl/ca.pem"
.PHONY: cert
.SILENT: cert

## nginx-server-config.tmpl
map $http_x_forwarded_proto $fastcgi_https {
    default '';
    https on;
}
map $http_upgrade $connection_upgrade {
    default upgrade;
    ''      close;
}

{% for domain, ports in domains %}
    {% if domain is string and domain|length > 0 %}
        {% if ports.https is defined and ports.https is number %}
            server {
                listen 443 ssl http2;
                listen [::]:443 ssl http2;
                server_name {{ domain }};
                server_tokens off;
                charset utf-8;
                client_max_body_size 16m;
                client_body_buffer_size 128k;
                access_log off;

                ssl_certificate /etc/nginx/conf.d/ssl/{{ domain }}.crt;
                ssl_certificate_key /etc/nginx/conf.d/ssl/{{ domain }}.key;
                ssl_session_timeout 1d;
                ssl_session_cache shared:MozSSL:10m;
                ssl_session_tickets off;
                ssl_protocols TLSv1.3;
                ssl_prefer_server_ciphers off;

                location / {
                    http2_push_preload on;
                    proxy_pass_request_headers on;
                    proxy_set_header X-Real-IP $remote_addr;
                    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                    proxy_set_header X-Forwarded-Proto $scheme;
                    proxy_set_header Host $http_host;
                    proxy_set_header Connection $connection_upgrade;
                    proxy_set_header Upgrade $http_upgrade;
                    proxy_pass https://127.0.0.1:{{ ports.https }}/;
                }
            }
        {% endif %}
        {% if ports.http is defined and ports.http is number %}
            server {
                listen 80;
                listen [::]:80;
                server_name {{ domain }};
                server_tokens off;
                charset utf-8;
                client_max_body_size 16m;
                client_body_buffer_size 128k;
                access_log off;

                location / {
                    proxy_pass_request_headers on;
                    proxy_set_header X-Real-IP $remote_addr;
                    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                    proxy_set_header X-Forwarded-Proto $scheme;
                    proxy_set_header Host $http_host;
                    proxy_pass http://127.0.0.1:{{ ports.http }}/;
                }
            }
        {% endif %}
    {% endif %}
{% endfor %}
	SHELL := bash
	.SHELLFLAGS := -eu -o pipefail -c
	.ONESHELL:
	.DELETE_ON_ERROR:
	MAKEFLAGS += --warn-undefined-variables
	MAKEFLAGS += --no-builtin-rules
	ifeq ($(origin .RECIPEPREFIX), undefined)
	$(error This Make does not support .RECIPEPREFIX; Please use GNU Make 4.0 or later)
	endif
	.RECIPEPREFIX = >
	THIS_MAKEFILE_PATH:=$(word $(words $(MAKEFILE_LIST)),$(MAKEFILE_LIST))
	THIS_DIR:=$(shell cd $(dir $(THIS_MAKEFILE_PATH));pwd)
	THIS_MAKEFILE:=$(notdir $(THIS_MAKEFILE_PATH))

	usage:
	> @grep -E '(^[a-zA-Z_-]+:\s?##.$$)\|(^##)' $(MAKEFILE_LIST) \| awk 'BEGIN {FS = ":.?## "}; {printf "\033[32m %-30s\033[0m%s\n", $$1, $$2}' \| sed -e 's/\[32m ## /[33m/'
	.PHONY: usage
	.SILENT: usage

	vars:
	> @$(foreach V,$(sort $(.VARIABLES)), $(if $(filter-out environment% default automatic, $(origin $V)),$(warning $V = $(value $V))))
	.PHONY: vars
	.SILENT: vars

	require-root:
	> [ "$$(id -u)" == "0" ] \|\| { echo "This command must be run as root. Please retry with sudo."; exit 1; }
	.PHONY: require-root
	.SILENT: require-root

	gen: ## Generate Nginx server configuration for Proxy from domains.json
	gen: require-root
	> command -v "tera" >/dev/null 2>&1 \|\| { echo >&2 "Please install TeraCLI (cargo install tera-cli)."; exit 1; }
	> tera --file="$(THIS_DIR)/nginx-server-config.tmpl" --json="$(THIS_DIR)/domains.json" > "$(THIS_DIR)/proxy.conf"
	.PHONY: gen
	.SILENT: gen

	DOMAIN := ""
	cert: ## Generate Local Cert for DOMAIN
	cert: require-root
	> command -v "mkcert" >/dev/null 2>&1 \|\| { echo >&2 "Please install MkCert (github.com/FiloSottile/mkcert)."; exit 1; }
	> [ -z "$(DOMAIN)" ] && { echo >&2 "Domain not specified, please add named argument to command (make cert DOMAIN=)"; exit 1; }
	> mkdir -p "$(THIS_DIR)/ssl" \|\| { echo >&2 "Could not create SSL directory."; exit 1; }
	> mkcert \
	-cert-file "$(THIS_DIR)/ssl/$(DOMAIN).crt" \
	-key-file "$(THIS_DIR)/ssl/$(DOMAIN).key" \
	"localhost" \
	"127.0.0.1" \
	"$(DOMAIN)"
	> cp "$$(mkcert -CAROOT)/rootCA.pem" "$(THIS_DIR)/ssl/ca.pem"
	.PHONY: cert
	.SILENT: cert
	map $http_x_forwarded_proto $fastcgi_https {
	default '';
	https on;
	}
	map $http_upgrade $connection_upgrade {
	default upgrade;
	'' close;
	}

	{% for domain, ports in domains %}
	{% if domain is string and domain\|length > 0 %}
	{% if ports.https is defined and ports.https is number %}
	server {
	listen 443 ssl http2;
	listen [::]:443 ssl http2;
	server_name {{ domain }};
	server_tokens off;
	charset utf-8;
	client_max_body_size 16m;
	client_body_buffer_size 128k;
	access_log off;

	ssl_certificate /etc/nginx/conf.d/ssl/{{ domain }}.crt;
	ssl_certificate_key /etc/nginx/conf.d/ssl/{{ domain }}.key;
	ssl_session_timeout 1d;
	ssl_session_cache shared:MozSSL:10m;
	ssl_session_tickets off;
	ssl_protocols TLSv1.3;
	ssl_prefer_server_ciphers off;

	location / {
	http2_push_preload on;
	proxy_pass_request_headers on;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto $scheme;
	proxy_set_header Host $http_host;
	proxy_set_header Connection $connection_upgrade;
	proxy_set_header Upgrade $http_upgrade;
	proxy_pass https://127.0.0.1:{{ ports.https }}/;
	}
	}
	{% endif %}
	{% if ports.http is defined and ports.http is number %}
	server {
	listen 80;
	listen [::]:80;
	server_name {{ domain }};
	server_tokens off;
	charset utf-8;
	client_max_body_size 16m;
	client_body_buffer_size 128k;
	access_log off;

	location / {
	proxy_pass_request_headers on;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto $scheme;
	proxy_set_header Host $http_host;
	proxy_pass http://127.0.0.1:{{ ports.http }}/;
	}
	}
	{% endif %}
	{% endif %}
	{% endfor %}