"Fossies" - the Fresh Open Source Software Archive

Member "ispconfig3_install/server/conf/nginx_vhost.conf.master" (8 Jun 2021, 14972 Bytes) of package /linux/privat/ISPConfig-3.2.5.tar.gz:


As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. See also the latest Fossies "Diffs" side-by-side code changes report for "nginx_vhost.conf.master": 3.2.4_vs_3.2.5.

    1 server {
    2         listen <tmpl_var name='ip_address'>:<tmpl_var name='http_port'>;
    3 <tmpl_if name='use_proxy_protocol' op='==' value='y'>
    4 <tmpl_if name='proxy_protocol_http' op='>' value='0'>
    5         listen <tmpl_var name='ip_address'>:<tmpl_var name='proxy_protocol_http'> proxy_protocol;
    6 </tmpl_if>
    7 </tmpl_if>
    8 <tmpl_if name='ipv6_enabled'>
    9         listen [<tmpl_var name='ipv6_address'>]:<tmpl_var name='http_port'>;
   10 </tmpl_if>
   11 <tmpl_if name='ipv6_wildcard'>
   12         listen [::]:<tmpl_var name='http_port'>;
   13 </tmpl_if>
   14 <tmpl_if name='ssl_enabled'>
   15         listen <tmpl_var name='ip_address'>:<tmpl_var name='https_port'> ssl http2;
   16 <tmpl_if name='use_proxy_protocol' op='==' value='y'>
   17 <tmpl_if name='proxy_protocol_https' op='>' value='0'>
   18         listen <tmpl_var name='ip_address'>:<tmpl_var name='proxy_protocol_https'> ssl http2 proxy_protocol;
   19 </tmpl_if>
   20 </tmpl_if>
   21 
   22 <tmpl_if name='tls13_supported' op='==' value='y'>
   23 	ssl_protocols TLSv1.3 TLSv1.2;
   24 <tmpl_else>
   25 	ssl_protocols TLSv1.2;
   26 </tmpl_if>
   27 		# ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
   28 		# ssl_prefer_server_ciphers on;
   29 <tmpl_if name='ipv6_enabled'>
   30         listen [<tmpl_var name='ipv6_address'>]:<tmpl_var name='https_port'> ssl http2;
   31 </tmpl_if>
   32 <tmpl_if name='ipv6_wildcard'>
   33         listen [::]:<tmpl_var name='https_port'> ssl http2;
   34 </tmpl_if>
   35         ssl_certificate <tmpl_var name='ssl_crt_file'>;
   36         ssl_certificate_key <tmpl_var name='ssl_key_file'>;
   37 </tmpl_if>
   38 
   39         server_name <tmpl_var name='domain'> <tmpl_var name='alias'>;
   40 
   41         root   <tmpl_var name='web_document_root_www'>;
   42 		disable_symlinks if_not_owner from=$document_root;
   43 
   44 <tmpl_if name='ssl_enabled'>
   45 <tmpl_if name='rewrite_to_https' op='==' value='y'>
   46         if ($scheme != "https") {
   47             rewrite ^(?!/\.well-known/acme-challenge)/ https://$http_host$request_uri? permanent;
   48         }
   49 </tmpl_if>
   50 </tmpl_if>
   51 <tmpl_if name='seo_redirect_enabled'>
   52         if ($http_host <tmpl_var name='seo_redirect_operator'> "<tmpl_var name='seo_redirect_origin_domain'>") {
   53             rewrite ^(?!/\.well-known/acme-challenge)/ $scheme://<tmpl_var name='seo_redirect_target_domain'>$request_uri? permanent;
   54         }
   55 </tmpl_if>
   56 <tmpl_loop name="alias_seo_redirects">
   57         if ($http_host <tmpl_var name='alias_seo_redirect_operator'> "<tmpl_var name='alias_seo_redirect_origin_domain'>") {
   58             rewrite ^(?!/\.well-known/acme-challenge)/ $scheme://<tmpl_var name='alias_seo_redirect_target_domain'>$request_uri? permanent;
   59         }
   60 </tmpl_loop>
   61 <tmpl_loop name="local_redirects">
   62         if ($http_host <tmpl_var name='local_redirect_operator'> "<tmpl_var name='local_redirect_origin_domain'>") {
   63             rewrite ^<tmpl_var name='local_redirect_exclude'>(.*)$ <tmpl_var name='local_redirect_target'>$2 <tmpl_var name='local_redirect_type'>;
   64         }
   65 </tmpl_loop>
   66 
   67 <tmpl_loop name="own_redirects">
   68 <tmpl_if name='use_rewrite'>
   69         <tmpl_if name='exclude_own_hostname'>if ($http_host != "<tmpl_var name='exclude_own_hostname'>") { </tmpl_if>rewrite ^<tmpl_var name='rewrite_exclude'>(.*)$ <tmpl_var name='rewrite_target'>$2 <tmpl_var name='rewrite_type'>;<tmpl_if name='exclude_own_hostname'> }</tmpl_if>
   70 </tmpl_if>
   71 <tmpl_if name='use_proxy'>
   72         location / {
   73             proxy_pass <tmpl_var name='rewrite_target'>;
   74             <tmpl_if name='rewrite_subdir'>rewrite ^/<tmpl_var name='rewrite_subdir'>(.*) /$1;</tmpl_if>
   75 <tmpl_loop name="proxy_directives">
   76         <tmpl_var name='proxy_directive'>
   77 </tmpl_loop>
   78         }
   79 </tmpl_if>
   80 </tmpl_loop>
   81 <tmpl_if name='use_proxy' op='!=' value='y'>
   82         index index.html index.htm index.php index.cgi index.pl index.xhtml standard_index.html;
   83 
   84 <tmpl_if name='ssi' op='==' value='y'>
   85         location ~ \.shtml$ {
   86             ssi on;
   87         }
   88 </tmpl_if>
   89 
   90 <tmpl_if name='errordocs'>
   91         error_page 400 /error/400.html;
   92         error_page 401 /error/401.html;
   93         error_page 403 /error/403.html;
   94         error_page 404 /error/404.html;
   95         error_page 405 /error/405.html;
   96         error_page 500 /error/500.html;
   97         error_page 502 /error/502.html;
   98         error_page 503 /error/503.html;
   99         recursive_error_pages on;
  100         location = /error/400.html {
  101             <tmpl_var name='web_document_root_www_proxy'>
  102             internal;
  103             auth_basic off;
  104         }
  105         location = /error/401.html {
  106             <tmpl_var name='web_document_root_www_proxy'>
  107             internal;
  108             auth_basic off;
  109         }
  110         location = /error/403.html {
  111             <tmpl_var name='web_document_root_www_proxy'>
  112             internal;
  113             auth_basic off;
  114         }
  115         location = /error/404.html {
  116             <tmpl_var name='web_document_root_www_proxy'>
  117             internal;
  118             auth_basic off;
  119         }
  120         location = /error/405.html {
  121             <tmpl_var name='web_document_root_www_proxy'>
  122             internal;
  123             auth_basic off;
  124         }
  125         location = /error/500.html {
  126             <tmpl_var name='web_document_root_www_proxy'>
  127             internal;
  128             auth_basic off;
  129         }
  130         location = /error/502.html {
  131             <tmpl_var name='web_document_root_www_proxy'>
  132             internal;
  133             auth_basic off;
  134         }
  135         location = /error/503.html {
  136             <tmpl_var name='web_document_root_www_proxy'>
  137             internal;
  138             auth_basic off;
  139         }
  140 </tmpl_if>
  141 
  142 <tmpl_if name='logging' op='==' value='yes'>
  143         error_log /var/log/ispconfig/httpd/<tmpl_var name='domain'>/error.log;
  144         access_log /var/log/ispconfig/httpd/<tmpl_var name='domain'>/access.log combined;
  145 </tmpl_var>
  146 <tmpl_if name='logging' op='==' value='anon'>
  147         error_log /var/log/ispconfig/httpd/<tmpl_var name='domain'>/error.log;
  148         access_log /var/log/ispconfig/httpd/<tmpl_var name='domain'>/access.log anonymized;
  149 </tmpl_var>
  150 
  151         ## Disable .htaccess and other hidden files
  152 		location ~ /\. {
  153 			deny all;
  154 		}
  155 
  156         ## Allow access for .well-known/acme-challenge
  157 		location ^~ /.well-known/acme-challenge/ {
  158 			access_log off;
  159 			log_not_found off;
  160 			auth_basic off;
  161 			root /usr/local/ispconfig/interface/acme/;
  162 			autoindex off;
  163 			index index.html;
  164 			try_files $uri $uri/ =404;
  165         }
  166 
  167         location = /favicon.ico {
  168             log_not_found off;
  169             access_log off;
  170             expires max;
  171             add_header Cache-Control "public, must-revalidate, proxy-revalidate";
  172         }
  173 
  174         location = /robots.txt {
  175             allow all;
  176             log_not_found off;
  177             access_log off;
  178         }
  179 
  180         location /stats/ {
  181             <tmpl_var name='web_document_root_www_proxy'>
  182             index index.html index.php;
  183             auth_basic "Members Only";
  184             auth_basic_user_file <tmpl_var name='stats_auth_passwd_file'>;
  185             add_header Content-Security-Policy "default-src * 'self' 'unsafe-inline' 'unsafe-eval' data:;";
  186         }
  187 
  188         location ^~ /awstats-icon {
  189             alias /usr/share/awstats/icon;
  190         }
  191 
  192         location ~ \.php$ {
  193             try_files <tmpl_var name='rnd_php_dummy_file'> @php;
  194         }
  195 
  196 <tmpl_if name='php' op='==' value='php-fpm'>
  197         location @php {
  198             try_files $uri =404;
  199             include /etc/nginx/fastcgi_params;
  200 <tmpl_if name='use_tcp'>
  201             fastcgi_pass 127.0.0.1:<tmpl_var name='fpm_port'>;
  202 </tmpl_if>
  203 <tmpl_if name='use_socket'>
  204             fastcgi_pass unix:<tmpl_var name='fpm_socket'>;
  205 </tmpl_if>
  206             fastcgi_index index.php;
  207 <tmpl_if name='php_fpm_chroot' op='==' value='y'>
  208             fastcgi_param DOCUMENT_ROOT <tmpl_var name='php_fpm_chroot_web_folder'>;
  209             fastcgi_param HOME <tmpl_var name='php_fpm_chroot_web_folder'>;
  210             fastcgi_param SCRIPT_FILENAME <tmpl_var name='php_fpm_chroot_web_folder'>$fastcgi_script_name;
  211 <tmpl_else>
  212             fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
  213 </tmpl_if>
  214             #fastcgi_param PATH_INFO $fastcgi_script_name;
  215             fastcgi_intercept_errors on;
  216         }
  217 </tmpl_else>
  218 	<tmpl_if name='php' op='==' value='hhvm'>
  219 			location @php {
  220 				try_files $uri =404;
  221 				include /etc/nginx/fastcgi_params;
  222 				fastcgi_pass unix:/var/run/hhvm/hhvm.<tmpl_var name='system_user'>.sock;
  223 				fastcgi_index index.php;
  224 <tmpl_if name='php_fpm_chroot'>
  225 				fastcgi_param DOCUMENT_ROOT <tmpl_var name='php_fpm_chroot_web_folder'>;
  226 				fastcgi_param HOME <tmpl_var name='php_fpm_chroot_web_folder'>;
  227 				fastcgi_param SCRIPT_FILENAME <tmpl_var name='php_fpm_chroot_web_folder'>$fastcgi_script_name;
  228 <tmpl_else>
  229 				fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
  230 </tmpl_if>
  231 				#fastcgi_param PATH_INFO $fastcgi_script_name;
  232 				fastcgi_intercept_errors on;
  233 				error_page 500 501 502 503 = @phpfallback;
  234 			}
  235 
  236 			location @phpfallback {
  237 				try_files $uri =404;
  238 				include /etc/nginx/fastcgi_params;
  239 <tmpl_if name='use_tcp'>
  240 				fastcgi_pass 127.0.0.1:<tmpl_var name='fpm_port'>;
  241 </tmpl_if>
  242 <tmpl_if name='use_socket'>
  243 				fastcgi_pass unix:<tmpl_var name='fpm_socket'>;
  244 </tmpl_if>
  245 				fastcgi_index index.php;
  246 <tmpl_if name='php_fpm_chroot'>
  247 				fastcgi_param DOCUMENT_ROOT <tmpl_var name='php_fpm_chroot_web_folder'>;
  248 				fastcgi_param HOME <tmpl_var name='php_fpm_chroot_web_folder'>;
  249 				fastcgi_param SCRIPT_FILENAME <tmpl_var name='php_fpm_chroot_web_folder'>$fastcgi_script_name;
  250 <tmpl_else>
  251 				fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
  252 </tmpl_if>
  253 				#fastcgi_param PATH_INFO $fastcgi_script_name;
  254 				fastcgi_intercept_errors on;
  255 			}
  256 	</tmpl_else>
  257 
  258         location @php {
  259             deny all;
  260         }
  261 	</tmpl_if>
  262 </tmpl_if>
  263 
  264 <tmpl_if name='cgi' op='==' value='y'>
  265         location /cgi-bin/ {
  266             try_files $uri =404;
  267             include /etc/nginx/fastcgi_params;
  268             root <tmpl_var name='document_root'>;
  269             gzip off;
  270             fastcgi_pass  unix:/var/run/fcgiwrap.socket;
  271             fastcgi_index index.cgi;
  272 <tmpl_if name='php_fpm_chroot'>
  273             fastcgi_param DOCUMENT_ROOT <tmpl_var name='php_fpm_chroot_web_folder'>;
  274             fastcgi_param HOME <tmpl_var name='php_fpm_chroot_web_folder'>;
  275             fastcgi_param SCRIPT_FILENAME <tmpl_var name='php_fpm_chroot_web_folder'>$fastcgi_script_name;
  276 <tmpl_else>
  277             fastcgi_param SCRIPT_FILENAME  $document_root$fastcgi_script_name;
  278 </tmpl_if>
  279             fastcgi_intercept_errors on;
  280         }
  281 </tmpl_if>
  282 
  283 <tmpl_loop name="rewrite_rules">
  284         <tmpl_var name='rewrite_rule'>
  285 </tmpl_loop>
  286 
  287 <tmpl_loop name="nginx_directives">
  288         <tmpl_var name='nginx_directive'>
  289 </tmpl_loop>
  290 
  291 <tmpl_if name='enable_pagespeed' op='==' value='y'>
  292         pagespeed on;
  293         pagespeed FileCachePath /var/ngx_pagespeed_cache;
  294         <tmpl_if name='ssl_enabled'>pagespeed FetchHttps enable,allow_self_signed;</tmpl_if>
  295 
  296 
  297         # let's speed up PageSpeed by storing it in the super duper fast memcached
  298         pagespeed MemcachedThreads 1;
  299         pagespeed MemcachedServers "localhost:11211";
  300 
  301         # Filter settings
  302         pagespeed RewriteLevel CoreFilters;
  303         pagespeed EnableFilters collapse_whitespace,remove_comments;
  304 
  305         #  Ensure requests for pagespeed optimized resources go to the pagespeed
  306         #  handler and no extraneous headers get set.
  307         location ~ "\.pagespeed\.([a-z]\.)?[a-z]{2}\.[^.]{10}\.[^.]+" {
  308                 add_header "" "";
  309                 access_log off;
  310         }
  311         location ~ "^/ngx_pagespeed_static/" {
  312                 access_log off;
  313         }
  314         location ~ "^/ngx_pagespeed_beacon$" {
  315                 access_log off;
  316         }
  317         location /ngx_pagespeed_statistics {
  318                 allow 127.0.0.1;
  319                 deny all;
  320                 access_log off;
  321         }
  322         location /ngx_pagespeed_global_statistics {
  323                 allow 127.0.0.1;
  324                 deny all;
  325                 access_log off;
  326         }
  327         location /ngx_pagespeed_message {
  328                 allow 127.0.0.1;
  329                 deny all;
  330                 access_log off;
  331         }
  332         location /pagespeed_console {
  333                 allow 127.0.0.1;
  334                 deny all;
  335                 access_log off;
  336         }
  337 </tmpl_if>
  338 
  339 <tmpl_loop name="basic_auth_locations">
  340         location <tmpl_var name='htpasswd_location'> { ##merge##
  341                 auth_basic "Members Only";
  342                 auth_basic_user_file <tmpl_var name='htpasswd_path'>.htpasswd;
  343 
  344                 location ~ \.php$ {
  345                     try_files <tmpl_var name='rnd_php_dummy_file'> @php;
  346                 }
  347         }
  348 </tmpl_loop>
  349 </tmpl_if>
  350 }
  351 
  352 <tmpl_loop name="redirects">
  353 server {
  354         listen <tmpl_var name='ip_address'>:<tmpl_var name='http_port'>;
  355 <tmpl_if name='ipv6_enabled'>
  356         listen [<tmpl_var name='ipv6_address'>]:<tmpl_var name='http_port'>;
  357 </tmpl_if>
  358 
  359 <tmpl_if name='ssl_enabled'>
  360         listen <tmpl_var name='ip_address'>:<tmpl_var name='https_port'> ssl;
  361 <tmpl_if name='ipv6_enabled'>
  362         listen [<tmpl_var name='ipv6_address'>]:<tmpl_var name='https_port'> ssl;
  363 </tmpl_if>
  364         ssl_certificate <tmpl_var name='ssl_crt_file'>;
  365         ssl_certificate_key <tmpl_var name='ssl_key_file'>;
  366 </tmpl_if>
  367 
  368         server_name <tmpl_var name='rewrite_domain'>;
  369 
  370 <tmpl_if name='alias_seo_redirects2'>
  371 <tmpl_loop name="alias_seo_redirects2">
  372         if ($http_host <tmpl_var name='alias_seo_redirect_operator'> "<tmpl_var name='alias_seo_redirect_origin_domain'>") {
  373             rewrite ^(?!/\.well-known/acme-challenge)/ $scheme://<tmpl_var name='alias_seo_redirect_target_domain'>$request_uri? permanent;
  374         }
  375 </tmpl_loop>
  376 </tmpl_if>
  377 		## no redirect for acme
  378 		location ^~ /.well-known/acme-challenge/ {
  379 			access_log off;
  380 			log_not_found off;
  381 			root /usr/local/ispconfig/interface/acme/;
  382 			autoindex off;
  383 			index index.html;
  384 			try_files $uri $uri/ =404;
  385         }
  386 <tmpl_if name='use_rewrite'>
  387 		location / {
  388 			rewrite ^ <tmpl_var name='rewrite_target'>$request_uri? <tmpl_var name='rewrite_type'>;
  389 		}
  390 </tmpl_if>
  391 <tmpl_if name='use_proxy'>
  392         location / {
  393             proxy_pass <tmpl_var name='rewrite_target'>;
  394             <tmpl_if name='rewrite_subdir'>rewrite ^/<tmpl_var name='rewrite_subdir'>(.*) /$1;</tmpl_if>
  395 <tmpl_loop name="proxy_directives">
  396         <tmpl_var name='proxy_directive'>
  397 </tmpl_loop>
  398         }
  399 </tmpl_if>
  400 }
  401 </tmpl_loop>