ansible-role-wordpress/templates/nginx_wordpress.conf.j2

144 lines
3.9 KiB
Django/Jinja

upstream wp {
{% if wordpress_phpfpm_listen_on_socket %}
server unix:{{ item.listen }};
{% else %}
server {{ item.listen }};
{% endif %}
}
server {
listen {{ http_port }};
## Your website name goes here.
server_name {{ item.virthost }} {{ item.virthost_aliases }};
## Your only path reference.
root {{ item.doc_root }};
{% if nginx_block_dotfiles %}
location ~ /\.(?!well-known).* {
deny all;
access_log off;
log_not_found off;
return 404;
}
{% endif %}
{% if letsencrypt_acme_install %}
include /etc/nginx/snippets/letsencrypt-proxy.conf;
{% endif %}
## This should be in your http block and if it is, it's not needed here.
index index.php;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# don't send the nginx version number in error pages and Server header
server_tokens off;
{% if nginx_client_body_temp_dir is defined %}
client_body_temp_path {{ nginx_client_body_temp_dir }} 1 2;
{% endif %}
location / {
return 301 https://$host$request_uri;
}
}
server {
listen {{ https_port }} ssl http2;
## Your website name goes here.
server_name {{ item.virthost }} {{ item.virthost_aliases }};
## Your only path reference.
root {{ item.doc_root }};
{% if letsencrypt_acme_install %}
include /etc/nginx/snippets/nginx-server-ssl.conf;
{% endif %}
## This should be in your http block and if it is, it's not needed here.
index index.php;
{% if nginx_block_dotfiles %}
location ~ /\. {
deny all;
access_log off;
log_not_found off;
return 404;
}
{% endif %}
{% if haproxy_ips is defined %}
# We are behind haproxy
{% for ip in haproxy_ips %}
set_real_ip_from {{ ip }};
{% endfor %}
real_ip_header X-Forwarded-For;
{% endif %}
{% if item.max_body is defined %}
client_max_body_size {{ item.max_body }};
{% else %}
client_max_body_size {{ nginx_client_max_body_size }};
{% endif %}
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# don't send the nginx version number in error pages and Server header
server_tokens off;
{% if nginx_client_body_temp_dir is defined %}
client_body_temp_path {{ nginx_client_body_temp_dir }} 1 2;
{% endif %}
location / {
# This is cool because no php is touched for static content.
# include the "?$args" part so non-default permalinks doesn't break when using query string
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
include fastcgi.conf;
fastcgi_intercept_errors on;
fastcgi_pass wp;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
}
}