aboutsummaryrefslogtreecommitdiffstats
path: root/src/server/conf
diff options
context:
space:
mode:
authorAlexandre Alouit <alexandre.alouit@gmail.com>2015-11-26 02:12:51 +0100
committerAlexandre Alouit <alexandre.alouit@gmail.com>2015-11-26 02:12:51 +0100
commit7508d70198192aba9678d7dedc446a1ecb127d8b (patch)
tree31a4f648824ebbacffef20ed6cc0953d04f0b9ce /src/server/conf
parent9ea9794d8b8babae7cb670f8d187f16fbf0ed848 (diff)
improvement & bugfix
use complete files instead patch fix subdomain auto-redirection
Diffstat (limited to 'src/server/conf')
-rwxr-xr-xsrc/server/conf/nginx_vhost.conf.master234
1 files changed, 234 insertions, 0 deletions
diff --git a/src/server/conf/nginx_vhost.conf.master b/src/server/conf/nginx_vhost.conf.master
new file mode 100755
index 0000000..5fce663
--- /dev/null
+++ b/src/server/conf/nginx_vhost.conf.master
@@ -0,0 +1,234 @@
+server {
+ listen <tmpl_var name='ip_address'>:80;
+<tmpl_if name='ipv6_enabled'>
+ listen [<tmpl_var name='ipv6_address'>]:80;
+</tmpl_if>
+
+<tmpl_if name='ssl_enabled'>
+ listen <tmpl_var name='ip_address'>:443 ssl;
+ ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+<tmpl_if name='ipv6_enabled'>
+ listen [<tmpl_var name='ipv6_address'>]:443 ssl;
+</tmpl_if>
+ ssl_certificate <tmpl_var name='document_root'>/ssl/<tmpl_var name='ssl_domain'>.crt;
+ ssl_certificate_key <tmpl_var name='document_root'>/ssl/<tmpl_var name='ssl_domain'>.key;
+</tmpl_if>
+
+ server_name <tmpl_var name='domain'> <tmpl_var name='alias'>;
+
+ root <tmpl_var name='web_document_root_www'>;
+
+<tmpl_if name='seo_redirect_enabled'>
+ if ($http_host <tmpl_var name='seo_redirect_operator'> "<tmpl_var name='seo_redirect_origin_domain'>") {
+ rewrite ^ $scheme://<tmpl_var name='seo_redirect_target_domain'>$request_uri? permanent;
+ }
+</tmpl_if>
+<tmpl_loop name="alias_seo_redirects">
+ if ($http_host <tmpl_var name='alias_seo_redirect_operator'> "<tmpl_var name='alias_seo_redirect_origin_domain'>") {
+ rewrite ^ $scheme://<tmpl_var name='alias_seo_redirect_target_domain'>$request_uri? permanent;
+ }
+</tmpl_loop>
+<tmpl_loop name="local_redirects">
+ if ($http_host <tmpl_var name='local_redirect_operator'> "<tmpl_var name='local_redirect_origin_domain'>") {
+ rewrite ^<tmpl_var name='local_redirect_exclude'>(.*)$ <tmpl_var name='local_redirect_target'>$2 <tmpl_var name='local_redirect_type'>;
+ }
+</tmpl_loop>
+
+<tmpl_loop name="own_redirects">
+<tmpl_if name='use_rewrite'>
+ <tmpl_if name='exclude_own_hostname'>if ($http_host != "<tmpl_var name='exclude_own_hostname'>") { </tmpl_if>rewrite ^<tmpl_var name='rewrite_exclude'>(.*)$ <tmpl_var name='rewrite_target'>$2 <tmpl_var name='rewrite_type'>;<tmpl_if name='exclude_own_hostname'> }</tmpl_if>
+</tmpl_if>
+<tmpl_if name='use_proxy'>
+ location / {
+ proxy_pass <tmpl_var name='rewrite_target'>;
+ <tmpl_if name='rewrite_subdir'>rewrite ^/<tmpl_var name='rewrite_subdir'>(.*) /$1;</tmpl_if>
+<tmpl_loop name="proxy_directives">
+ <tmpl_var name='proxy_directive'>
+</tmpl_loop>
+ }
+</tmpl_if>
+</tmpl_loop>
+<tmpl_if name='use_proxy' op='!=' value='y'>
+ index index.html index.htm index.php index.cgi index.pl index.xhtml;
+
+<tmpl_if name='ssi' op='==' value='y'>
+ location ~ \.shtml$ {
+ ssi on;
+ }
+</tmpl_if>
+
+<tmpl_if name='errordocs'>
+ error_page 400 /error/400.html;
+ error_page 401 /error/401.html;
+ error_page 403 /error/403.html;
+ error_page 404 /error/404.html;
+ error_page 405 /error/405.html;
+ error_page 500 /error/500.html;
+ error_page 502 /error/502.html;
+ error_page 503 /error/503.html;
+ recursive_error_pages on;
+ location = /error/400.html {
+ <tmpl_var name='web_document_root_www_proxy'>
+ internal;
+ }
+ location = /error/401.html {
+ <tmpl_var name='web_document_root_www_proxy'>
+ internal;
+ }
+ location = /error/403.html {
+ <tmpl_var name='web_document_root_www_proxy'>
+ internal;
+ }
+ location = /error/404.html {
+ <tmpl_var name='web_document_root_www_proxy'>
+ internal;
+ }
+ location = /error/405.html {
+ <tmpl_var name='web_document_root_www_proxy'>
+ internal;
+ }
+ location = /error/500.html {
+ <tmpl_var name='web_document_root_www_proxy'>
+ internal;
+ }
+ location = /error/502.html {
+ <tmpl_var name='web_document_root_www_proxy'>
+ internal;
+ }
+ location = /error/503.html {
+ <tmpl_var name='web_document_root_www_proxy'>
+ internal;
+ }
+</tmpl_if>
+
+ error_log /var/log/ispconfig/httpd/<tmpl_var name='domain'>/error.log;
+ access_log /var/log/ispconfig/httpd/<tmpl_var name='domain'>/access.log combined;
+
+ ## Disable .htaccess and other hidden files
+<tmpl_if name='ssl_letsencrypt' op='!=' value='y'>
+ location ~ /\. {
+ deny all;
+ access_log off;
+ log_not_found off;
+ }
+</tmpl_if>
+
+ location = /favicon.ico {
+ log_not_found off;
+ access_log off;
+ }
+
+ location = /robots.txt {
+ allow all;
+ log_not_found off;
+ access_log off;
+ }
+
+ location /stats/ {
+ <tmpl_var name='web_document_root_www_proxy'>
+ index index.html index.php;
+ auth_basic "Members Only";
+ auth_basic_user_file <tmpl_var name='stats_auth_passwd_file'>;
+ }
+
+ location ^~ /awstats-icon {
+ alias /usr/share/awstats/icon;
+ }
+
+ location ~ \.php$ {
+ try_files <tmpl_var name='rnd_php_dummy_file'> @php;
+ }
+
+<tmpl_if name='php' op='==' value='php-fpm'>
+ location @php {
+ try_files $uri =404;
+ include /etc/nginx/fastcgi_params;
+<tmpl_if name='use_tcp'>
+ fastcgi_pass 127.0.0.1:<tmpl_var name='fpm_port'>;
+</tmpl_if>
+<tmpl_if name='use_socket'>
+ fastcgi_pass unix:<tmpl_var name='fpm_socket'>;
+</tmpl_if>
+ fastcgi_index index.php;
+ fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+ #fastcgi_param PATH_INFO $fastcgi_script_name;
+ fastcgi_intercept_errors on;
+ }
+</tmpl_else>
+ location @php {
+ deny all;
+ }
+</tmpl_if>
+
+<tmpl_if name='cgi' op='==' value='y'>
+ location /cgi-bin/ {
+ try_files $uri =404;
+ include /etc/nginx/fastcgi_params;
+ root <tmpl_var name='document_root'>;
+ gzip off;
+ fastcgi_pass unix:/var/run/fcgiwrap.socket;
+ fastcgi_index index.cgi;
+ fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+ fastcgi_intercept_errors on;
+ }
+</tmpl_if>
+
+<tmpl_loop name="rewrite_rules">
+ <tmpl_var name='rewrite_rule'>
+</tmpl_loop>
+
+<tmpl_loop name="nginx_directives">
+ <tmpl_var name='nginx_directive'>
+</tmpl_loop>
+
+<tmpl_loop name="basic_auth_locations">
+ location <tmpl_var name='htpasswd_location'> { ##merge##
+ auth_basic "Members Only";
+ auth_basic_user_file <tmpl_var name='htpasswd_path'>.htpasswd;
+
+ location ~ \.php$ {
+ try_files <tmpl_var name='rnd_php_dummy_file'> @php;
+ }
+ }
+</tmpl_loop>
+</tmpl_if>
+}
+
+<tmpl_loop name="redirects">
+server {
+ listen <tmpl_var name='ip_address'>:80;
+<tmpl_if name='ipv6_enabled'>
+ listen [<tmpl_var name='ipv6_address'>]:80;
+</tmpl_if>
+
+<tmpl_if name='ssl_enabled'>
+ listen <tmpl_var name='ip_address'>:443 ssl;
+<tmpl_if name='ipv6_enabled'>
+ listen [<tmpl_var name='ipv6_address'>]:443 ssl;
+</tmpl_if>
+ ssl_certificate <tmpl_var name='document_root'>/ssl/<tmpl_var name='ssl_domain'>.crt;
+ ssl_certificate_key <tmpl_var name='document_root'>/ssl/<tmpl_var name='ssl_domain'>.key;
+</tmpl_if>
+
+ server_name <tmpl_var name='rewrite_domain'>;
+<tmpl_if name='alias_seo_redirects2'>
+<tmpl_loop name="alias_seo_redirects2">
+ if ($http_host <tmpl_var name='alias_seo_redirect_operator'> "<tmpl_var name='alias_seo_redirect_origin_domain'>") {
+ rewrite ^ $scheme://<tmpl_var name='alias_seo_redirect_target_domain'>$request_uri? permanent;
+ }
+</tmpl_loop>
+</tmpl_if>
+<tmpl_if name='use_rewrite'>
+ rewrite ^ <tmpl_var name='rewrite_target'>$request_uri? <tmpl_var name='rewrite_type'>;
+</tmpl_if>
+<tmpl_if name='use_proxy'>
+ location / {
+ proxy_pass <tmpl_var name='rewrite_target'>;
+ <tmpl_if name='rewrite_subdir'>rewrite ^/<tmpl_var name='rewrite_subdir'>(.*) /$1;</tmpl_if>
+<tmpl_loop name="proxy_directives">
+ <tmpl_var name='proxy_directive'>
+</tmpl_loop>
+ }
+</tmpl_if>
+}
+</tmpl_loop>