nginx_vhost.conf.master 10.2 KB
Newer Older
1
server {
Falko Timme's avatar
Falko Timme committed
2
        listen <tmpl_var name='ip_address'>:80;
Falko Timme's avatar
Falko Timme committed
3
<tmpl_if name='ipv6_enabled'>
4
        listen [<tmpl_var name='ipv6_address'>]:80;
Falko Timme's avatar
Falko Timme committed
5
</tmpl_if>
Falko Timme's avatar
Falko Timme committed
6
		
Falko Timme's avatar
Falko Timme committed
7
<tmpl_if name='ssl_enabled'>
Patrick Anders's avatar
Patrick Anders committed
8
        listen <tmpl_var name='ip_address'>:443 ssl{tmpl_if name='enable_spdy' op='==' value='y'} spdy{/tmpl_if};
9
		ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
Falko Timme's avatar
Falko Timme committed
10
<tmpl_if name='ipv6_enabled'>
Marius Cramer's avatar
Marius Cramer committed
11
        listen [<tmpl_var name='ipv6_address'>]:443 ssl{tmpl_if name='enable_spdy' op='==' value='y'} spdy{/tmpl_if};
Falko Timme's avatar
Falko Timme committed
12
</tmpl_if>
Falko Timme's avatar
Falko Timme committed
13 14
        ssl_certificate <tmpl_var name='document_root'>/ssl/<tmpl_var name='ssl_domain'>.crt;
        ssl_certificate_key <tmpl_var name='document_root'>/ssl/<tmpl_var name='ssl_domain'>.key;
Falko Timme's avatar
Falko Timme committed
15
</tmpl_if>
Falko Timme's avatar
Falko Timme committed
16 17
        
        server_name <tmpl_var name='domain'> <tmpl_var name='alias'>;
18

Falko Timme's avatar
Falko Timme committed
19
        root   <tmpl_var name='web_document_root_www'>;
20
		
Falko Timme's avatar
Falko Timme committed
21
<tmpl_if name='seo_redirect_enabled'>
22
        if ($http_host <tmpl_var name='seo_redirect_operator'> "<tmpl_var name='seo_redirect_origin_domain'>") {
23
            rewrite ^ $scheme://<tmpl_var name='seo_redirect_target_domain'>$request_uri? permanent;
Falko Timme's avatar
Falko Timme committed
24
        }
Falko Timme's avatar
Falko Timme committed
25
</tmpl_if>
26 27 28
<tmpl_loop name="alias_seo_redirects">
        if ($http_host <tmpl_var name='alias_seo_redirect_operator'> "<tmpl_var name='alias_seo_redirect_origin_domain'>") {
            rewrite ^ $scheme://<tmpl_var name='alias_seo_redirect_target_domain'>$request_uri? permanent;
29
        }
Falko Timme's avatar
Falko Timme committed
30
</tmpl_loop>
31 32 33 34 35
<tmpl_loop name="local_redirects">
        if ($http_host <tmpl_var name='local_redirect_operator'> "<tmpl_var name='local_redirect_origin_domain'>") {
            rewrite ^<tmpl_var name='local_redirect_exclude'>(.*)$ <tmpl_var name='local_redirect_target'>$2 <tmpl_var name='local_redirect_type'>;
        }
</tmpl_loop>
36 37 38 39 40 41 42
<tmpl_if name='ssl_enabled'>
<tmpl_if name='rewrite_to_https' op='==' value='y'>
        if ($scheme != "https") {
            rewrite ^ https://$http_host$request_uri? permanent;
        }
</tmpl_if>
</tmpl_if>
43 44 45

<tmpl_loop name="own_redirects">
<tmpl_if name='use_rewrite'>
46
        <tmpl_if name='exclude_own_hostname'>if ($http_host != "<tmpl_var name='exclude_own_hostname'>") { </tmpl_if>rewrite ^<tmpl_var name='rewrite_exclude'>(.*)$ <tmpl_var name='rewrite_target'>$2 <tmpl_var name='rewrite_type'>;<tmpl_if name='exclude_own_hostname'> }</tmpl_if>
47 48 49 50
</tmpl_if>
<tmpl_if name='use_proxy'>
        location / {
            proxy_pass <tmpl_var name='rewrite_target'>;
51
            <tmpl_if name='rewrite_subdir'>rewrite ^/<tmpl_var name='rewrite_subdir'>(.*) /$1;</tmpl_if>
52 53 54 55 56 57 58
<tmpl_loop name="proxy_directives">
        <tmpl_var name='proxy_directive'>
</tmpl_loop>
        }
</tmpl_if>
</tmpl_loop>
<tmpl_if name='use_proxy' op='!=' value='y'>		
59
        index index.html index.htm index.php index.cgi index.pl index.xhtml;
Falko Timme's avatar
Falko Timme committed
60
		
Falko Timme's avatar
Falko Timme committed
61
<tmpl_if name='ssi' op='==' value='y'>		
Falko Timme's avatar
Falko Timme committed
62 63
        location ~ \.shtml$ {
            ssi on;
64
        }
Falko Timme's avatar
Falko Timme committed
65
</tmpl_if>
66

Falko Timme's avatar
Falko Timme committed
67
<tmpl_if name='errordocs'>		
Falko Timme's avatar
Falko Timme committed
68 69 70 71 72 73
        error_page 400 /error/400.html;
        error_page 401 /error/401.html;
        error_page 403 /error/403.html;
        error_page 404 /error/404.html;
        error_page 405 /error/405.html;
        error_page 500 /error/500.html;
74
        error_page 502 /error/502.html;
Falko Timme's avatar
Falko Timme committed
75
        error_page 503 /error/503.html;
76 77
        recursive_error_pages on;
        location = /error/400.html {
78
            <tmpl_var name='web_document_root_www_proxy'>
79 80 81
            internal;
        }
        location = /error/401.html {
82
            <tmpl_var name='web_document_root_www_proxy'>
83 84 85
            internal;
        }
        location = /error/403.html {
86
            <tmpl_var name='web_document_root_www_proxy'>
87 88 89
            internal;
        }
        location = /error/404.html {
90
            <tmpl_var name='web_document_root_www_proxy'>
91 92 93
            internal;
        }
        location = /error/405.html {
94
            <tmpl_var name='web_document_root_www_proxy'>
95 96 97
            internal;
        }
        location = /error/500.html {
98
            <tmpl_var name='web_document_root_www_proxy'>
99 100 101
            internal;
        }
        location = /error/502.html {
102
            <tmpl_var name='web_document_root_www_proxy'>
103 104 105
            internal;
        }
        location = /error/503.html {
106
            <tmpl_var name='web_document_root_www_proxy'>
107 108
            internal;
        }
Falko Timme's avatar
Falko Timme committed
109
</tmpl_if>
Falko Timme's avatar
Falko Timme committed
110 111
		
        error_log /var/log/ispconfig/httpd/<tmpl_var name='domain'>/error.log;
112
        access_log /var/log/ispconfig/httpd/<tmpl_var name='domain'>/access.log combined;
113

Falko Timme's avatar
Falko Timme committed
114 115 116 117 118 119 120
        ## Disable .htaccess and other hidden files
        location ~ /\. {
            deny all;
            access_log off;
            log_not_found off;
        }
		
121
        location = /favicon.ico {
Falko Timme's avatar
Falko Timme committed
122 123 124
            log_not_found off;
            access_log off;
        }
125

Falko Timme's avatar
Falko Timme committed
126 127 128 129 130 131
        location = /robots.txt {
            allow all;
            log_not_found off;
            access_log off;
        }
		
132
        location /stats/ {
133
            <tmpl_var name='web_document_root_www_proxy'>
Falko Timme's avatar
Falko Timme committed
134 135 136 137
            index index.html index.php;
            auth_basic "Members Only";
            auth_basic_user_file <tmpl_var name='stats_auth_passwd_file'>;
        }
138

139
        location ^~ /awstats-icon {
140 141 142
            alias /usr/share/awstats/icon;
        }

Falko Timme's avatar
Falko Timme committed
143
        location ~ \.php$ {
144
            try_files <tmpl_var name='rnd_php_dummy_file'> @php;
Falko Timme's avatar
Falko Timme committed
145 146 147 148
        }

<tmpl_if name='php' op='==' value='php-fpm'>
        location @php {
149
            try_files $uri =404;
150
            include /etc/nginx/fastcgi_params;
Falko Timme's avatar
Falko Timme committed
151 152 153 154 155 156
<tmpl_if name='use_tcp'>
            fastcgi_pass 127.0.0.1:<tmpl_var name='fpm_port'>;
</tmpl_if>
<tmpl_if name='use_socket'>
            fastcgi_pass unix:<tmpl_var name='fpm_socket'>;
</tmpl_if>
Falko Timme's avatar
Falko Timme committed
157 158
            fastcgi_index index.php;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
159
            #fastcgi_param PATH_INFO $fastcgi_script_name;
160
            fastcgi_intercept_errors on;
Falko Timme's avatar
Falko Timme committed
161
        }
Falko Timme's avatar
Falko Timme committed
162
</tmpl_else>
163 164 165 166 167 168 169 170 171 172 173 174
	<tmpl_if name='php' op='==' value='hhvm'>
			location @php {
				try_files $uri =404;
				include /etc/nginx/fastcgi_params;
				fastcgi_pass unix:/var/run/hhvm/hhvm.<tmpl_var name='system_user'>.sock;
				fastcgi_index index.php;
				fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
				#fastcgi_param PATH_INFO $fastcgi_script_name;
				fastcgi_intercept_errors on;
			}
	</tmpl_else>

Falko Timme's avatar
Falko Timme committed
175
        location @php {
Falko Timme's avatar
Falko Timme committed
176 177
            deny all;
        }
178
	</tmpl_if>
Falko Timme's avatar
Falko Timme committed
179
</tmpl_if>
Falko Timme's avatar
Falko Timme committed
180
		
Falko Timme's avatar
Falko Timme committed
181
<tmpl_if name='cgi' op='==' value='y'>
Falko Timme's avatar
Falko Timme committed
182
        location /cgi-bin/ {
183
            try_files $uri =404;
184
            include /etc/nginx/fastcgi_params;
Falko Timme's avatar
Falko Timme committed
185 186 187 188 189
            root <tmpl_var name='document_root'>;
            gzip off;
            fastcgi_pass  unix:/var/run/fcgiwrap.socket;
            fastcgi_index index.cgi;
            fastcgi_param SCRIPT_FILENAME  $document_root$fastcgi_script_name;
190
            fastcgi_intercept_errors on;
191
        }
Falko Timme's avatar
Falko Timme committed
192
</tmpl_if>
Falko Timme's avatar
Falko Timme committed
193

194 195 196 197
<tmpl_loop name="rewrite_rules">
        <tmpl_var name='rewrite_rule'>
</tmpl_loop>

Falko Timme's avatar
Falko Timme committed
198
<tmpl_loop name="nginx_directives">
199
        <tmpl_var name='nginx_directive'>
200 201
</tmpl_loop>

Marius Cramer's avatar
Marius Cramer committed
202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249
<tmpl_if name='enable_pagespeed' op='==' value='y'>
        pagespeed on;
        pagespeed FileCachePath /var/ngx_pagespeed_cache;
        <tmpl_if name='ssl_enabled'>pagespeed FetchHttps enable,allow_self_signed;</tmpl_if>


        # let's speed up PageSpeed by storing it in the super duper fast memcached
        pagespeed MemcachedThreads 1;
        pagespeed MemcachedServers "localhost:11211";

        # Filter settings
        pagespeed RewriteLevel CoreFilters;
        pagespeed EnableFilters collapse_whitespace,remove_comments;

        #  Ensure requests for pagespeed optimized resources go to the pagespeed
        #  handler and no extraneous headers get set.
        location ~ "\.pagespeed\.([a-z]\.)?[a-z]{2}\.[^.]{10}\.[^.]+" {
                add_header "" "";
                access_log off;
        }
        location ~ "^/ngx_pagespeed_static/" {
                access_log off;
        }
        location ~ "^/ngx_pagespeed_beacon$" {
                access_log off;
        }
        location /ngx_pagespeed_statistics {
                allow 127.0.0.1;
                deny all;
                access_log off;
        }
        location /ngx_pagespeed_global_statistics {
                allow 127.0.0.1;
                deny all;
                access_log off;
        }
        location /ngx_pagespeed_message {
                allow 127.0.0.1;
                deny all;
                access_log off;
        }
        location /pagespeed_console {
                allow 127.0.0.1;
                deny all;
                access_log off;
        }
</tmpl_if>

250
<tmpl_loop name="basic_auth_locations">
251
        location <tmpl_var name='htpasswd_location'> { ##merge##
252 253
                auth_basic "Members Only";
                auth_basic_user_file <tmpl_var name='htpasswd_path'>.htpasswd;
Falko Timme's avatar
Falko Timme committed
254 255
				
                location ~ \.php$ {
256
                    try_files <tmpl_var name='rnd_php_dummy_file'> @php;
Falko Timme's avatar
Falko Timme committed
257
                }
258 259
        }
</tmpl_loop>
260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292
</tmpl_if>	
}

<tmpl_loop name="redirects">
server {
        listen <tmpl_var name='ip_address'>:80;
<tmpl_if name='ipv6_enabled'>
        listen [<tmpl_var name='ipv6_address'>]:80;
</tmpl_if>
		
<tmpl_if name='ssl_enabled'>
        listen <tmpl_var name='ip_address'>:443 ssl;
<tmpl_if name='ipv6_enabled'>
        listen [<tmpl_var name='ipv6_address'>]:443 ssl;
</tmpl_if>
        ssl_certificate <tmpl_var name='document_root'>/ssl/<tmpl_var name='ssl_domain'>.crt;
        ssl_certificate_key <tmpl_var name='document_root'>/ssl/<tmpl_var name='ssl_domain'>.key;
</tmpl_if>
        
        server_name <tmpl_var name='rewrite_domain'>;
<tmpl_if name='alias_seo_redirects2'>
<tmpl_loop name="alias_seo_redirects2">
        if ($http_host <tmpl_var name='alias_seo_redirect_operator'> "<tmpl_var name='alias_seo_redirect_origin_domain'>") {
            rewrite ^ $scheme://<tmpl_var name='alias_seo_redirect_target_domain'>$request_uri? permanent;
        }
</tmpl_loop>
</tmpl_if>
<tmpl_if name='use_rewrite'>
        rewrite ^ <tmpl_var name='rewrite_target'>$request_uri? <tmpl_var name='rewrite_type'>;
</tmpl_if>
<tmpl_if name='use_proxy'>
        location / {
            proxy_pass <tmpl_var name='rewrite_target'>;
293
            <tmpl_if name='rewrite_subdir'>rewrite ^/<tmpl_var name='rewrite_subdir'>(.*) /$1;</tmpl_if>
294 295 296 297 298 299
<tmpl_loop name="proxy_directives">
        <tmpl_var name='proxy_directive'>
</tmpl_loop>
        }
</tmpl_if>
}
Patrick Anders's avatar
Patrick Anders committed
300
</tmpl_loop>