ansible-role-wordpress/templates/nginx_wordpress.conf.j2

133 lines
3.6 KiB
Plaintext
Raw Normal View History

2020-02-04 11:29:02 +01:00
upstream php {
server {{ item.listen }};
}
server {
listen {{ http_port }};
## Your website name goes here.
server_name {{ item.virthost }};
## Your only path reference.
root {{ item.doc_root }};
{% if nginx_block_dotfiles %}
location ~ /\.(?!well-known).* {
deny all;
access_log off;
log_not_found off;
return 404;
}
{% endif %}
2020-02-04 11:29:02 +01:00
{% if letsencrypt_acme_install %}
include /etc/nginx/snippets/letsencrypt-proxy.conf;
{% endif %}
## This should be in your http block and if it is, it's not needed here.
index index.php;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# don't send the nginx version number in error pages and Server header
server_tokens off;
{% if nginx_client_body_temp_dir is defined %}
client_body_temp_path {{ nginx_client_body_temp_dir }} 1 2;
{% endif %}
location / {
return 301 https://{{ item.virthost }}$request_uri;
}
}
server {
listen {{ https_port }} ssl http2;
2020-02-04 11:29:02 +01:00
## Your website name goes here.
server_name {{ item.virthost }} {{ item.virthost_aliases }};
2020-02-04 11:29:02 +01:00
## Your only path reference.
root {{ item.doc_root }};
{% if letsencrypt_acme_install %}
include /etc/nginx/snippets/nginx-server-ssl.conf;
{% endif %}
## This should be in your http block and if it is, it's not needed here.
index index.php;
{% if nginx_block_dotfiles %}
location ~ /\. {
deny all;
access_log off;
log_not_found off;
return 404;
}
{% endif %}
{% if haproxy_ips is defined %}
# We are behind haproxy
{% for ip in haproxy_ips %}
set_real_ip_from {{ ip }};
{% endfor %}
real_ip_header X-Forwarded-For;
{% endif %}
2020-02-04 11:29:02 +01:00
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# don't send the nginx version number in error pages and Server header
server_tokens off;
{% if nginx_client_body_temp_dir is defined %}
client_body_temp_path {{ nginx_client_body_temp_dir }} 1 2;
{% endif %}
location / {
# This is cool because no php is touched for static content.
# include the "?$args" part so non-default permalinks doesn't break when using query string
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
include fastcgi.conf;
2020-02-04 11:29:02 +01:00
fastcgi_intercept_errors on;
fastcgi_pass php;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
}
}