From 4569cae57f127afd093794310ccd290d2d9fdf36 Mon Sep 17 00:00:00 2001
From: Marius Burkard <m.burkard@pixcept.de>
Date: Wed, 20 Apr 2016 10:58:46 -0400
Subject: [PATCH] Merge branch 'stable-3.1'

---
 server/conf/nginx_vhost.conf.master |   40 +++++++++++++++++++++++++++++++++++-----
 1 files changed, 35 insertions(+), 5 deletions(-)

diff --git a/server/conf/nginx_vhost.conf.master b/server/conf/nginx_vhost.conf.master
index 4a775ce..67f1ee0 100644
--- a/server/conf/nginx_vhost.conf.master
+++ b/server/conf/nginx_vhost.conf.master
@@ -1,14 +1,14 @@
 server {
-        listen <tmpl_var name='ip_address'>:80;
+        listen <tmpl_var name='ip_address'>:<tmpl_var name='http_port'>;
 <tmpl_if name='ipv6_enabled'>
-        listen [<tmpl_var name='ipv6_address'>]:80;
+        listen [<tmpl_var name='ipv6_address'>]:<tmpl_var name='http_port'>;
 </tmpl_if>
 		
 <tmpl_if name='ssl_enabled'>
-        listen <tmpl_var name='ip_address'>:443 ssl{tmpl_if name='enable_spdy' op='==' value='y'} spdy{/tmpl_if};
+        listen <tmpl_var name='ip_address'>:<tmpl_var name='https_port'> ssl{tmpl_if name='enable_http2' op='==' value='y'} http2{/tmpl_if}{tmpl_if name='enable_spdy' op='==' value='y'} spdy{/tmpl_if};
 		ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 <tmpl_if name='ipv6_enabled'>
-        listen [<tmpl_var name='ipv6_address'>]:443 ssl{tmpl_if name='enable_spdy' op='==' value='y'} spdy{/tmpl_if};
+        listen [<tmpl_var name='ipv6_address'>]:<tmpl_var name='https_port'> ssl{tmpl_if name='enable_http2' op='==' value='y'} http2{/tmpl_if}{tmpl_if name='enable_spdy' op='==' value='y'} spdy{/tmpl_if};
 </tmpl_if>
         ssl_certificate <tmpl_var name='document_root'>/ssl/<tmpl_var name='ssl_domain'>.crt;
         ssl_certificate_key <tmpl_var name='document_root'>/ssl/<tmpl_var name='ssl_domain'>.key;
@@ -112,7 +112,7 @@
         access_log /var/log/ispconfig/httpd/<tmpl_var name='domain'>/access.log combined;
 
         ## Disable .htaccess and other hidden files
-        location ~ /\. {
+        location ~ /\.(?!well-known/acme-challenge/) {
             deny all;
             access_log off;
             log_not_found off;
@@ -165,6 +165,22 @@
 				try_files $uri =404;
 				include /etc/nginx/fastcgi_params;
 				fastcgi_pass unix:/var/run/hhvm/hhvm.<tmpl_var name='system_user'>.sock;
+				fastcgi_index index.php;
+				fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+				#fastcgi_param PATH_INFO $fastcgi_script_name;
+				fastcgi_intercept_errors on;
+				error_page 500 501 502 503 = @phpfallback;
+			}
+			
+			location @phpfallback {
+				try_files $uri =404;
+				include /etc/nginx/fastcgi_params;
+<tmpl_if name='use_tcp'>
+				fastcgi_pass 127.0.0.1:<tmpl_var name='fpm_port'>;
+</tmpl_if>
+<tmpl_if name='use_socket'>
+				fastcgi_pass unix:<tmpl_var name='fpm_socket'>;
+</tmpl_if>
 				fastcgi_index index.php;
 				fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
 				#fastcgi_param PATH_INFO $fastcgi_script_name;
@@ -247,6 +263,13 @@
         }
 </tmpl_if>
 
+location /\.well-known/acme-challenge {
+	   root /usr/local/ispconfig/interface/acme/.well-known/acme-challenge;
+	   index index.html index.htm;
+	   try_files $uri =404;
+}
+
+
 <tmpl_loop name="basic_auth_locations">
         location <tmpl_var name='htpasswd_location'> { ##merge##
                 auth_basic "Members Only";
@@ -277,6 +300,13 @@
 </tmpl_if>
         
         server_name <tmpl_var name='rewrite_domain'>;
+
+location /\.well-known/acme-challenge {
+	   root /usr/local/ispconfig/interface/acme-challenge;
+	   index index.html index.htm;
+	   try_files $uri =404;
+}
+
 <tmpl_if name='alias_seo_redirects2'>
 <tmpl_loop name="alias_seo_redirects2">
         if ($http_host <tmpl_var name='alias_seo_redirect_operator'> "<tmpl_var name='alias_seo_redirect_origin_domain'>") {

--
Gitblit v1.9.1