From 4569cae57f127afd093794310ccd290d2d9fdf36 Mon Sep 17 00:00:00 2001 From: Marius Burkard <m.burkard@pixcept.de> Date: Wed, 20 Apr 2016 10:58:46 -0400 Subject: [PATCH] Merge branch 'stable-3.1' --- server/conf/nginx_vhost.conf.master | 40 +++++++++++++++++++++++++++++++++++----- 1 files changed, 35 insertions(+), 5 deletions(-) diff --git a/server/conf/nginx_vhost.conf.master b/server/conf/nginx_vhost.conf.master index 4a775ce..67f1ee0 100644 --- a/server/conf/nginx_vhost.conf.master +++ b/server/conf/nginx_vhost.conf.master @@ -1,14 +1,14 @@ server { - listen <tmpl_var name='ip_address'>:80; + listen <tmpl_var name='ip_address'>:<tmpl_var name='http_port'>; <tmpl_if name='ipv6_enabled'> - listen [<tmpl_var name='ipv6_address'>]:80; + listen [<tmpl_var name='ipv6_address'>]:<tmpl_var name='http_port'>; </tmpl_if> <tmpl_if name='ssl_enabled'> - listen <tmpl_var name='ip_address'>:443 ssl{tmpl_if name='enable_spdy' op='==' value='y'} spdy{/tmpl_if}; + listen <tmpl_var name='ip_address'>:<tmpl_var name='https_port'> ssl{tmpl_if name='enable_http2' op='==' value='y'} http2{/tmpl_if}{tmpl_if name='enable_spdy' op='==' value='y'} spdy{/tmpl_if}; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; <tmpl_if name='ipv6_enabled'> - listen [<tmpl_var name='ipv6_address'>]:443 ssl{tmpl_if name='enable_spdy' op='==' value='y'} spdy{/tmpl_if}; + listen [<tmpl_var name='ipv6_address'>]:<tmpl_var name='https_port'> ssl{tmpl_if name='enable_http2' op='==' value='y'} http2{/tmpl_if}{tmpl_if name='enable_spdy' op='==' value='y'} spdy{/tmpl_if}; </tmpl_if> ssl_certificate <tmpl_var name='document_root'>/ssl/<tmpl_var name='ssl_domain'>.crt; ssl_certificate_key <tmpl_var name='document_root'>/ssl/<tmpl_var name='ssl_domain'>.key; @@ -112,7 +112,7 @@ access_log /var/log/ispconfig/httpd/<tmpl_var name='domain'>/access.log combined; ## Disable .htaccess and other hidden files - location ~ /\. { + location ~ /\.(?!well-known/acme-challenge/) { deny all; access_log off; log_not_found off; @@ -165,6 +165,22 @@ try_files $uri =404; include /etc/nginx/fastcgi_params; fastcgi_pass unix:/var/run/hhvm/hhvm.<tmpl_var name='system_user'>.sock; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + #fastcgi_param PATH_INFO $fastcgi_script_name; + fastcgi_intercept_errors on; + error_page 500 501 502 503 = @phpfallback; + } + + location @phpfallback { + try_files $uri =404; + include /etc/nginx/fastcgi_params; +<tmpl_if name='use_tcp'> + fastcgi_pass 127.0.0.1:<tmpl_var name='fpm_port'>; +</tmpl_if> +<tmpl_if name='use_socket'> + fastcgi_pass unix:<tmpl_var name='fpm_socket'>; +</tmpl_if> fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; #fastcgi_param PATH_INFO $fastcgi_script_name; @@ -247,6 +263,13 @@ } </tmpl_if> +location /\.well-known/acme-challenge { + root /usr/local/ispconfig/interface/acme/.well-known/acme-challenge; + index index.html index.htm; + try_files $uri =404; +} + + <tmpl_loop name="basic_auth_locations"> location <tmpl_var name='htpasswd_location'> { ##merge## auth_basic "Members Only"; @@ -277,6 +300,13 @@ </tmpl_if> server_name <tmpl_var name='rewrite_domain'>; + +location /\.well-known/acme-challenge { + root /usr/local/ispconfig/interface/acme-challenge; + index index.html index.htm; + try_files $uri =404; +} + <tmpl_if name='alias_seo_redirects2'> <tmpl_loop name="alias_seo_redirects2"> if ($http_host <tmpl_var name='alias_seo_redirect_operator'> "<tmpl_var name='alias_seo_redirect_origin_domain'>") { -- Gitblit v1.9.1