ISPConfig3 devel
view | history | commit | commitdiff
Marius Burkard
2016-04-20 4569cae57f127afd093794310ccd290d2d9fdf36
commit | author | age
181529 1 server {
d22277 2         listen <tmpl_var name='ip_address'>:<tmpl_var name='http_port'>;
8e2c2e 3 <tmpl_if name='ipv6_enabled'>
d22277 4         listen [<tmpl_var name='ipv6_address'>]:<tmpl_var name='http_port'>;
8e2c2e 5 </tmpl_if>
0ae8da 6         
8e2c2e 7 <tmpl_if name='ssl_enabled'>
d22277 8         listen <tmpl_var name='ip_address'>:<tmpl_var name='https_port'> ssl{tmpl_if name='enable_http2' op='==' value='y'} http2{/tmpl_if}{tmpl_if name='enable_spdy' op='==' value='y'} spdy{/tmpl_if};
53124e 9         ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
8e2c2e 10 <tmpl_if name='ipv6_enabled'>
d22277 11         listen [<tmpl_var name='ipv6_address'>]:<tmpl_var name='https_port'> ssl{tmpl_if name='enable_http2' op='==' value='y'} http2{/tmpl_if}{tmpl_if name='enable_spdy' op='==' value='y'} spdy{/tmpl_if};
8e2c2e 12 </tmpl_if>
0ae8da 13         ssl_certificate <tmpl_var name='document_root'>/ssl/<tmpl_var name='ssl_domain'>.crt;
F 14         ssl_certificate_key <tmpl_var name='document_root'>/ssl/<tmpl_var name='ssl_domain'>.key;
8e2c2e 15 </tmpl_if>
0ae8da 16         
F 17         server_name <tmpl_var name='domain'> <tmpl_var name='alias'>;
181529 18
0ae8da 19         root   <tmpl_var name='web_document_root_www'>;
f92749 20         
8e2c2e 21 <tmpl_if name='seo_redirect_enabled'>
bfcdef 22         if ($http_host <tmpl_var name='seo_redirect_operator'> "<tmpl_var name='seo_redirect_origin_domain'>") {
a00888 23             rewrite ^ $scheme://<tmpl_var name='seo_redirect_target_domain'>$request_uri? permanent;
e64fbb 24         }
8e2c2e 25 </tmpl_if>
bfcdef 26 <tmpl_loop name="alias_seo_redirects">
T 27         if ($http_host <tmpl_var name='alias_seo_redirect_operator'> "<tmpl_var name='alias_seo_redirect_origin_domain'>") {
28             rewrite ^ $scheme://<tmpl_var name='alias_seo_redirect_target_domain'>$request_uri? permanent;
f92749 29         }
8e2c2e 30 </tmpl_loop>
43b345 31 <tmpl_loop name="local_redirects">
T 32         if ($http_host <tmpl_var name='local_redirect_operator'> "<tmpl_var name='local_redirect_origin_domain'>") {
33             rewrite ^<tmpl_var name='local_redirect_exclude'>(.*)$ <tmpl_var name='local_redirect_target'>$2 <tmpl_var name='local_redirect_type'>;
34         }
35 </tmpl_loop>
f0dfa9 36 <tmpl_if name='ssl_enabled'>
MC 37 <tmpl_if name='rewrite_to_https' op='==' value='y'>
38         if ($scheme != "https") {
39             rewrite ^ https://$http_host$request_uri? permanent;
40         }
41 </tmpl_if>
42 </tmpl_if>
bfcdef 43
T 44 <tmpl_loop name="own_redirects">
45 <tmpl_if name='use_rewrite'>
43b345 46         <tmpl_if name='exclude_own_hostname'>if ($http_host != "<tmpl_var name='exclude_own_hostname'>") { </tmpl_if>rewrite ^<tmpl_var name='rewrite_exclude'>(.*)$ <tmpl_var name='rewrite_target'>$2 <tmpl_var name='rewrite_type'>;<tmpl_if name='exclude_own_hostname'> }</tmpl_if>
bfcdef 47 </tmpl_if>
T 48 <tmpl_if name='use_proxy'>
49         location / {
50             proxy_pass <tmpl_var name='rewrite_target'>;
43b345 51             <tmpl_if name='rewrite_subdir'>rewrite ^/<tmpl_var name='rewrite_subdir'>(.*) /$1;</tmpl_if>
bfcdef 52 <tmpl_loop name="proxy_directives">
T 53         <tmpl_var name='proxy_directive'>
54 </tmpl_loop>
55         }
56 </tmpl_if>
57 </tmpl_loop>
58 <tmpl_if name='use_proxy' op='!=' value='y'>        
3c12a4 59         index index.html index.htm index.php index.cgi index.pl index.xhtml;
0ae8da 60         
8e2c2e 61 <tmpl_if name='ssi' op='==' value='y'>        
0ae8da 62         location ~ \.shtml$ {
F 63             ssi on;
64         }
8e2c2e 65 </tmpl_if>
0ae8da 66
8e2c2e 67 <tmpl_if name='errordocs'>        
0ae8da 68         error_page 400 /error/400.html;
F 69         error_page 401 /error/401.html;
70         error_page 403 /error/403.html;
71         error_page 404 /error/404.html;
72         error_page 405 /error/405.html;
73         error_page 500 /error/500.html;
445513 74         error_page 502 /error/502.html;
0ae8da 75         error_page 503 /error/503.html;
b67344 76         recursive_error_pages on;
T 77         location = /error/400.html {
bfcdef 78             <tmpl_var name='web_document_root_www_proxy'>
b67344 79             internal;
T 80         }
81         location = /error/401.html {
bfcdef 82             <tmpl_var name='web_document_root_www_proxy'>
b67344 83             internal;
T 84         }
85         location = /error/403.html {
bfcdef 86             <tmpl_var name='web_document_root_www_proxy'>
b67344 87             internal;
T 88         }
89         location = /error/404.html {
bfcdef 90             <tmpl_var name='web_document_root_www_proxy'>
b67344 91             internal;
T 92         }
93         location = /error/405.html {
bfcdef 94             <tmpl_var name='web_document_root_www_proxy'>
b67344 95             internal;
T 96         }
97         location = /error/500.html {
bfcdef 98             <tmpl_var name='web_document_root_www_proxy'>
b67344 99             internal;
T 100         }
101         location = /error/502.html {
bfcdef 102             <tmpl_var name='web_document_root_www_proxy'>
b67344 103             internal;
T 104         }
105         location = /error/503.html {
bfcdef 106             <tmpl_var name='web_document_root_www_proxy'>
b67344 107             internal;
T 108         }
8e2c2e 109 </tmpl_if>
0ae8da 110         
F 111         error_log /var/log/ispconfig/httpd/<tmpl_var name='domain'>/error.log;
b6a10a 112         access_log /var/log/ispconfig/httpd/<tmpl_var name='domain'>/access.log combined;
0ae8da 113
F 114         ## Disable .htaccess and other hidden files
c9b5ed 115         location ~ /\.(?!well-known/acme-challenge/) {
0ae8da 116             deny all;
F 117             access_log off;
118             log_not_found off;
181529 119         }
0ae8da 120         
3c12a4 121         location = /favicon.ico {
0ae8da 122             log_not_found off;
F 123             access_log off;
124         }
125
126         location = /robots.txt {
127             allow all;
128             log_not_found off;
129             access_log off;
130         }
131         
992797 132         location /stats/ {
bfcdef 133             <tmpl_var name='web_document_root_www_proxy'>
0ae8da 134             index index.html index.php;
F 135             auth_basic "Members Only";
136             auth_basic_user_file <tmpl_var name='stats_auth_passwd_file'>;
137         }
138
b67344 139         location ^~ /awstats-icon {
8cf78b 140             alias /usr/share/awstats/icon;
T 141         }
142
0ae8da 143         location ~ \.php$ {
c8c13a 144             try_files <tmpl_var name='rnd_php_dummy_file'> @php;
e19c2e 145         }
F 146
147 <tmpl_if name='php' op='==' value='php-fpm'>
148         location @php {
f92749 149             try_files $uri =404;
ad9986 150             include /etc/nginx/fastcgi_params;
8e2c2e 151 <tmpl_if name='use_tcp'>
F 152             fastcgi_pass 127.0.0.1:<tmpl_var name='fpm_port'>;
153 </tmpl_if>
154 <tmpl_if name='use_socket'>
155             fastcgi_pass unix:<tmpl_var name='fpm_socket'>;
156 </tmpl_if>
0ae8da 157             fastcgi_index index.php;
F 158             fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
43b345 159             #fastcgi_param PATH_INFO $fastcgi_script_name;
ad9986 160             fastcgi_intercept_errors on;
0ae8da 161         }
8e2c2e 162 </tmpl_else>
1c6da3 163     <tmpl_if name='php' op='==' value='hhvm'>
MC 164             location @php {
165                 try_files $uri =404;
166                 include /etc/nginx/fastcgi_params;
167                 fastcgi_pass unix:/var/run/hhvm/hhvm.<tmpl_var name='system_user'>.sock;
168                 fastcgi_index index.php;
169                 fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
170                 #fastcgi_param PATH_INFO $fastcgi_script_name;
171                 fastcgi_intercept_errors on;
d22277 172                 error_page 500 501 502 503 = @phpfallback;
MB 173             }
174             
175             location @phpfallback {
176                 try_files $uri =404;
177                 include /etc/nginx/fastcgi_params;
178 <tmpl_if name='use_tcp'>
179                 fastcgi_pass 127.0.0.1:<tmpl_var name='fpm_port'>;
180 </tmpl_if>
181 <tmpl_if name='use_socket'>
182                 fastcgi_pass unix:<tmpl_var name='fpm_socket'>;
183 </tmpl_if>
184                 fastcgi_index index.php;
185                 fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
186                 #fastcgi_param PATH_INFO $fastcgi_script_name;
187                 fastcgi_intercept_errors on;
1c6da3 188             }
MC 189     </tmpl_else>
190
e19c2e 191         location @php {
0ae8da 192             deny all;
F 193         }
1c6da3 194     </tmpl_if>
8e2c2e 195 </tmpl_if>
0ae8da 196         
8e2c2e 197 <tmpl_if name='cgi' op='==' value='y'>
0ae8da 198         location /cgi-bin/ {
f92749 199             try_files $uri =404;
ad9986 200             include /etc/nginx/fastcgi_params;
0ae8da 201             root <tmpl_var name='document_root'>;
F 202             gzip off;
203             fastcgi_pass  unix:/var/run/fcgiwrap.socket;
204             fastcgi_index index.cgi;
205             fastcgi_param SCRIPT_FILENAME  $document_root$fastcgi_script_name;
ad9986 206             fastcgi_intercept_errors on;
0ae8da 207         }
8e2c2e 208 </tmpl_if>
181529 209
615a0a 210 <tmpl_loop name="rewrite_rules">
T 211         <tmpl_var name='rewrite_rule'>
212 </tmpl_loop>
213
8e2c2e 214 <tmpl_loop name="nginx_directives">
3c12a4 215         <tmpl_var name='nginx_directive'>
8ab3cd 216 </tmpl_loop>
T 217
86bc65 218 <tmpl_if name='enable_pagespeed' op='==' value='y'>
MC 219         pagespeed on;
220         pagespeed FileCachePath /var/ngx_pagespeed_cache;
221         <tmpl_if name='ssl_enabled'>pagespeed FetchHttps enable,allow_self_signed;</tmpl_if>
222
223
224         # let's speed up PageSpeed by storing it in the super duper fast memcached
225         pagespeed MemcachedThreads 1;
226         pagespeed MemcachedServers "localhost:11211";
227
228         # Filter settings
229         pagespeed RewriteLevel CoreFilters;
230         pagespeed EnableFilters collapse_whitespace,remove_comments;
231
232         #  Ensure requests for pagespeed optimized resources go to the pagespeed
233         #  handler and no extraneous headers get set.
234         location ~ "\.pagespeed\.([a-z]\.)?[a-z]{2}\.[^.]{10}\.[^.]+" {
235                 add_header "" "";
236                 access_log off;
237         }
238         location ~ "^/ngx_pagespeed_static/" {
239                 access_log off;
240         }
241         location ~ "^/ngx_pagespeed_beacon$" {
242                 access_log off;
243         }
244         location /ngx_pagespeed_statistics {
245                 allow 127.0.0.1;
246                 deny all;
247                 access_log off;
248         }
249         location /ngx_pagespeed_global_statistics {
250                 allow 127.0.0.1;
251                 deny all;
252                 access_log off;
253         }
254         location /ngx_pagespeed_message {
255                 allow 127.0.0.1;
256                 deny all;
257                 access_log off;
258         }
259         location /pagespeed_console {
260                 allow 127.0.0.1;
261                 deny all;
262                 access_log off;
263         }
264 </tmpl_if>
265
7456a4 266 location /\.well-known/acme-challenge {
c2d5bc 267        root /usr/local/ispconfig/interface/acme/.well-known/acme-challenge;
7456a4 268        index index.html index.htm;
MB 269        try_files $uri =404;
270 }
271
272
8ab3cd 273 <tmpl_loop name="basic_auth_locations">
9b16a3 274         location <tmpl_var name='htpasswd_location'> { ##merge##
8ab3cd 275                 auth_basic "Members Only";
T 276                 auth_basic_user_file <tmpl_var name='htpasswd_path'>.htpasswd;
e19c2e 277                 
F 278                 location ~ \.php$ {
53f048 279                     try_files <tmpl_var name='rnd_php_dummy_file'> @php;
e19c2e 280                 }
8ab3cd 281         }
T 282 </tmpl_loop>
bfcdef 283 </tmpl_if>    
T 284 }
285
286 <tmpl_loop name="redirects">
287 server {
288         listen <tmpl_var name='ip_address'>:80;
289 <tmpl_if name='ipv6_enabled'>
290         listen [<tmpl_var name='ipv6_address'>]:80;
291 </tmpl_if>
292         
293 <tmpl_if name='ssl_enabled'>
294         listen <tmpl_var name='ip_address'>:443 ssl;
295 <tmpl_if name='ipv6_enabled'>
296         listen [<tmpl_var name='ipv6_address'>]:443 ssl;
297 </tmpl_if>
298         ssl_certificate <tmpl_var name='document_root'>/ssl/<tmpl_var name='ssl_domain'>.crt;
299         ssl_certificate_key <tmpl_var name='document_root'>/ssl/<tmpl_var name='ssl_domain'>.key;
300 </tmpl_if>
301         
302         server_name <tmpl_var name='rewrite_domain'>;
7456a4 303
MB 304 location /\.well-known/acme-challenge {
305        root /usr/local/ispconfig/interface/acme-challenge;
306        index index.html index.htm;
307        try_files $uri =404;
308 }
309
bfcdef 310 <tmpl_if name='alias_seo_redirects2'>
T 311 <tmpl_loop name="alias_seo_redirects2">
312         if ($http_host <tmpl_var name='alias_seo_redirect_operator'> "<tmpl_var name='alias_seo_redirect_origin_domain'>") {
313             rewrite ^ $scheme://<tmpl_var name='alias_seo_redirect_target_domain'>$request_uri? permanent;
314         }
315 </tmpl_loop>
316 </tmpl_if>
317 <tmpl_if name='use_rewrite'>
318         rewrite ^ <tmpl_var name='rewrite_target'>$request_uri? <tmpl_var name='rewrite_type'>;
319 </tmpl_if>
320 <tmpl_if name='use_proxy'>
321         location / {
322             proxy_pass <tmpl_var name='rewrite_target'>;
43b345 323             <tmpl_if name='rewrite_subdir'>rewrite ^/<tmpl_var name='rewrite_subdir'>(.*) /$1;</tmpl_if>
bfcdef 324 <tmpl_loop name="proxy_directives">
T 325         <tmpl_var name='proxy_directive'>
326 </tmpl_loop>
327         }
328 </tmpl_if>
329 }
f7ec00 330 </tmpl_loop>