2020-02-04 11:29:02 +01:00
|
|
|
upstream php {
|
|
|
|
server {{ item.listen }};
|
|
|
|
}
|
|
|
|
|
|
|
|
server {
|
|
|
|
listen {{ http_port }};
|
|
|
|
## Your website name goes here.
|
|
|
|
server_name {{ item.virthost }};
|
|
|
|
## Your only path reference.
|
|
|
|
root {{ item.doc_root }};
|
|
|
|
|
2020-02-07 17:59:51 +01:00
|
|
|
{% if nginx_block_dotfiles %}
|
|
|
|
location ~ /\.(?!well-known).* {
|
|
|
|
deny all;
|
|
|
|
access_log off;
|
|
|
|
log_not_found off;
|
|
|
|
return 404;
|
|
|
|
}
|
|
|
|
{% endif %}
|
|
|
|
|
2020-02-04 11:29:02 +01:00
|
|
|
{% if letsencrypt_acme_install %}
|
|
|
|
include /etc/nginx/snippets/letsencrypt-proxy.conf;
|
|
|
|
{% endif %}
|
|
|
|
|
|
|
|
## This should be in your http block and if it is, it's not needed here.
|
|
|
|
index index.php;
|
|
|
|
|
|
|
|
|
|
|
|
# redirect server error pages to the static page /50x.html
|
|
|
|
#
|
|
|
|
error_page 500 502 503 504 /50x.html;
|
|
|
|
location = /50x.html {
|
|
|
|
root /usr/share/nginx/html;
|
|
|
|
}
|
|
|
|
|
|
|
|
location = /favicon.ico {
|
|
|
|
log_not_found off;
|
|
|
|
access_log off;
|
|
|
|
}
|
|
|
|
|
|
|
|
location = /robots.txt {
|
|
|
|
allow all;
|
|
|
|
log_not_found off;
|
|
|
|
access_log off;
|
|
|
|
}
|
|
|
|
|
|
|
|
# don't send the nginx version number in error pages and Server header
|
|
|
|
server_tokens off;
|
|
|
|
|
|
|
|
{% if nginx_client_body_temp_dir is defined %}
|
|
|
|
client_body_temp_path {{ nginx_client_body_temp_dir }} 1 2;
|
|
|
|
{% endif %}
|
|
|
|
|
|
|
|
location / {
|
|
|
|
return 301 https://{{ item.virthost }}$request_uri;
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
server {
|
2020-02-07 17:59:51 +01:00
|
|
|
listen {{ https_port }} ssl http2;
|
2020-02-04 11:29:02 +01:00
|
|
|
## Your website name goes here.
|
2020-02-07 17:59:51 +01:00
|
|
|
server_name {{ item.virthost }} {{ item.virthost_aliases }};
|
2020-02-04 11:29:02 +01:00
|
|
|
## Your only path reference.
|
|
|
|
root {{ item.doc_root }};
|
|
|
|
|
|
|
|
{% if letsencrypt_acme_install %}
|
|
|
|
include /etc/nginx/snippets/nginx-server-ssl.conf;
|
|
|
|
{% endif %}
|
|
|
|
|
|
|
|
## This should be in your http block and if it is, it's not needed here.
|
|
|
|
index index.php;
|
|
|
|
|
2020-02-07 17:59:51 +01:00
|
|
|
{% if nginx_block_dotfiles %}
|
|
|
|
location ~ /\. {
|
|
|
|
deny all;
|
|
|
|
access_log off;
|
|
|
|
log_not_found off;
|
|
|
|
return 404;
|
|
|
|
}
|
|
|
|
{% endif %}
|
|
|
|
|
|
|
|
{% if haproxy_ips is defined %}
|
|
|
|
# We are behind haproxy
|
|
|
|
{% for ip in haproxy_ips %}
|
|
|
|
set_real_ip_from {{ ip }};
|
|
|
|
{% endfor %}
|
|
|
|
real_ip_header X-Forwarded-For;
|
|
|
|
{% endif %}
|
2020-02-04 11:29:02 +01:00
|
|
|
|
|
|
|
# redirect server error pages to the static page /50x.html
|
|
|
|
#
|
|
|
|
error_page 500 502 503 504 /50x.html;
|
|
|
|
location = /50x.html {
|
|
|
|
root /usr/share/nginx/html;
|
|
|
|
}
|
|
|
|
|
|
|
|
location = /favicon.ico {
|
|
|
|
log_not_found off;
|
|
|
|
access_log off;
|
|
|
|
}
|
|
|
|
|
|
|
|
location = /robots.txt {
|
|
|
|
allow all;
|
|
|
|
log_not_found off;
|
|
|
|
access_log off;
|
|
|
|
}
|
|
|
|
|
|
|
|
# don't send the nginx version number in error pages and Server header
|
|
|
|
server_tokens off;
|
|
|
|
|
|
|
|
{% if nginx_client_body_temp_dir is defined %}
|
|
|
|
client_body_temp_path {{ nginx_client_body_temp_dir }} 1 2;
|
|
|
|
{% endif %}
|
|
|
|
|
|
|
|
location / {
|
|
|
|
# This is cool because no php is touched for static content.
|
|
|
|
# include the "?$args" part so non-default permalinks doesn't break when using query string
|
|
|
|
try_files $uri $uri/ /index.php?$args;
|
|
|
|
}
|
|
|
|
|
|
|
|
location ~ \.php$ {
|
2020-02-10 15:29:10 +01:00
|
|
|
include fastcgi.conf;
|
2020-02-04 11:29:02 +01:00
|
|
|
fastcgi_intercept_errors on;
|
|
|
|
fastcgi_pass php;
|
|
|
|
}
|
|
|
|
|
|
|
|
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
|
|
|
|
expires max;
|
|
|
|
log_not_found off;
|
|
|
|
}
|
|
|
|
}
|