| | |
| | | </tmpl_if> |
| | | |
| | | <tmpl_if name='ssl_enabled'> |
| | | listen <tmpl_var name='ip_address'>:443 ssl; |
| | | listen <tmpl_var name='ip_address'>:443 ssl{tmpl_if name='enable_spdy' op='==' value='y'} spdy{/tmpl_if}; |
| | | ssl_protocols TLSv1 TLSv1.1 TLSv1.2; |
| | | <tmpl_if name='ipv6_enabled'> |
| | | listen [<tmpl_var name='ipv6_address'>]:443 ssl; |
| | | listen [<tmpl_var name='ipv6_address'>]:443 ssl{tmpl_if name='enable_spdy' op='==' value='y'} spdy{/tmpl_if}; |
| | | </tmpl_if> |
| | | ssl_certificate <tmpl_var name='document_root'>/ssl/<tmpl_var name='ssl_domain'>.crt; |
| | | ssl_certificate_key <tmpl_var name='document_root'>/ssl/<tmpl_var name='ssl_domain'>.key; |
| | |
| | | rewrite ^<tmpl_var name='local_redirect_exclude'>(.*)$ <tmpl_var name='local_redirect_target'>$2 <tmpl_var name='local_redirect_type'>; |
| | | } |
| | | </tmpl_loop> |
| | | <tmpl_if name='ssl_enabled'> |
| | | <tmpl_if name='rewrite_to_https' op='==' value='y'> |
| | | if ($scheme != "https") { |
| | | rewrite ^ https://$http_host$request_uri? permanent; |
| | | } |
| | | </tmpl_if> |
| | | </tmpl_if> |
| | | |
| | | <tmpl_loop name="own_redirects"> |
| | | <tmpl_if name='use_rewrite'> |
| | |
| | | access_log off; |
| | | } |
| | | |
| | | location /stats { |
| | | location /stats/ { |
| | | <tmpl_var name='web_document_root_www_proxy'> |
| | | index index.html index.php; |
| | | auth_basic "Members Only"; |
| | |
| | | fastcgi_intercept_errors on; |
| | | } |
| | | </tmpl_else> |
| | | <tmpl_if name='php' op='==' value='hhvm'> |
| | | location @php { |
| | | try_files $uri =404; |
| | | include /etc/nginx/fastcgi_params; |
| | | fastcgi_pass unix:/var/run/hhvm/hhvm.<tmpl_var name='system_user'>.sock; |
| | | fastcgi_index index.php; |
| | | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; |
| | | #fastcgi_param PATH_INFO $fastcgi_script_name; |
| | | fastcgi_intercept_errors on; |
| | | } |
| | | </tmpl_else> |
| | | |
| | | location @php { |
| | | deny all; |
| | | } |
| | | </tmpl_if> |
| | | </tmpl_if> |
| | | |
| | | <tmpl_if name='cgi' op='==' value='y'> |
| | |
| | | <tmpl_loop name="nginx_directives"> |
| | | <tmpl_var name='nginx_directive'> |
| | | </tmpl_loop> |
| | | |
| | | <tmpl_if name='enable_pagespeed' op='==' value='y'> |
| | | pagespeed on; |
| | | pagespeed FileCachePath /var/ngx_pagespeed_cache; |
| | | <tmpl_if name='ssl_enabled'>pagespeed FetchHttps enable,allow_self_signed;</tmpl_if> |
| | | |
| | | |
| | | # let's speed up PageSpeed by storing it in the super duper fast memcached |
| | | pagespeed MemcachedThreads 1; |
| | | pagespeed MemcachedServers "localhost:11211"; |
| | | |
| | | # Filter settings |
| | | pagespeed RewriteLevel CoreFilters; |
| | | pagespeed EnableFilters collapse_whitespace,remove_comments; |
| | | |
| | | # Ensure requests for pagespeed optimized resources go to the pagespeed |
| | | # handler and no extraneous headers get set. |
| | | location ~ "\.pagespeed\.([a-z]\.)?[a-z]{2}\.[^.]{10}\.[^.]+" { |
| | | add_header "" ""; |
| | | access_log off; |
| | | } |
| | | location ~ "^/ngx_pagespeed_static/" { |
| | | access_log off; |
| | | } |
| | | location ~ "^/ngx_pagespeed_beacon$" { |
| | | access_log off; |
| | | } |
| | | location /ngx_pagespeed_statistics { |
| | | allow 127.0.0.1; |
| | | deny all; |
| | | access_log off; |
| | | } |
| | | location /ngx_pagespeed_global_statistics { |
| | | allow 127.0.0.1; |
| | | deny all; |
| | | access_log off; |
| | | } |
| | | location /ngx_pagespeed_message { |
| | | allow 127.0.0.1; |
| | | deny all; |
| | | access_log off; |
| | | } |
| | | location /pagespeed_console { |
| | | allow 127.0.0.1; |
| | | deny all; |
| | | access_log off; |
| | | } |
| | | </tmpl_if> |
| | | |
| | | <tmpl_loop name="basic_auth_locations"> |
| | | location <tmpl_var name='htpasswd_location'> { ##merge## |
| | |
| | | } |
| | | </tmpl_if> |
| | | } |
| | | </tmpl_loop> |
| | | </tmpl_loop> |