nginx_vhost.conf.master 7.23 KB
Newer Older
1
server {
Falko Timme's avatar
Falko Timme committed
2
        listen <tmpl_var name='ip_address'>:80;
Falko Timme's avatar
Falko Timme committed
3
<tmpl_if name='ipv6_enabled'>
4
        listen [<tmpl_var name='ipv6_address'>]:80;
Falko Timme's avatar
Falko Timme committed
5
</tmpl_if>
Falko Timme's avatar
Falko Timme committed
6
		
Falko Timme's avatar
Falko Timme committed
7
<tmpl_if name='ssl_enabled'>
Falko Timme's avatar
Falko Timme committed
8
        listen <tmpl_var name='ip_address'>:443 ssl;
Falko Timme's avatar
Falko Timme committed
9
<tmpl_if name='ipv6_enabled'>
10
        listen [<tmpl_var name='ipv6_address'>]:443 ssl;
Falko Timme's avatar
Falko Timme committed
11
</tmpl_if>
Falko Timme's avatar
Falko Timme committed
12 13
        ssl_certificate <tmpl_var name='document_root'>/ssl/<tmpl_var name='ssl_domain'>.crt;
        ssl_certificate_key <tmpl_var name='document_root'>/ssl/<tmpl_var name='ssl_domain'>.key;
Falko Timme's avatar
Falko Timme committed
14
</tmpl_if>
Falko Timme's avatar
Falko Timme committed
15 16
        
        server_name <tmpl_var name='domain'> <tmpl_var name='alias'>;
17

Falko Timme's avatar
Falko Timme committed
18
        root   <tmpl_var name='web_document_root_www'>;
19
		
Falko Timme's avatar
Falko Timme committed
20
<tmpl_if name='seo_redirect_enabled'>
21
        if ($http_host <tmpl_var name='seo_redirect_operator'> "<tmpl_var name='seo_redirect_origin_domain'>") {
22
            rewrite ^ $scheme://<tmpl_var name='seo_redirect_target_domain'>$request_uri? permanent;
Falko Timme's avatar
Falko Timme committed
23
        }
Falko Timme's avatar
Falko Timme committed
24
</tmpl_if>
25 26 27
<tmpl_loop name="alias_seo_redirects">
        if ($http_host <tmpl_var name='alias_seo_redirect_operator'> "<tmpl_var name='alias_seo_redirect_origin_domain'>") {
            rewrite ^ $scheme://<tmpl_var name='alias_seo_redirect_target_domain'>$request_uri? permanent;
28
        }
Falko Timme's avatar
Falko Timme committed
29
</tmpl_loop>
30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45

<tmpl_loop name="own_redirects">
<tmpl_if name='use_rewrite'>
        rewrite ^<tmpl_var name='rewrite_exclude'>(.*)$ <tmpl_var name='rewrite_target'>$2 <tmpl_var name='rewrite_type'>;
</tmpl_if>
<tmpl_if name='use_proxy'>
        location / {
            proxy_pass <tmpl_var name='rewrite_target'>;
            rewrite ^/<tmpl_var name='rewrite_subdir'>/(.*) /$1;
<tmpl_loop name="proxy_directives">
        <tmpl_var name='proxy_directive'>
</tmpl_loop>
        }
</tmpl_if>
</tmpl_loop>
<tmpl_if name='use_proxy' op='!=' value='y'>		
46
        index index.html index.htm index.php index.cgi index.pl index.xhtml;
Falko Timme's avatar
Falko Timme committed
47
		
Falko Timme's avatar
Falko Timme committed
48
<tmpl_if name='ssi' op='==' value='y'>		
Falko Timme's avatar
Falko Timme committed
49 50
        location ~ \.shtml$ {
            ssi on;
51
        }
Falko Timme's avatar
Falko Timme committed
52
</tmpl_if>
53

Falko Timme's avatar
Falko Timme committed
54
<tmpl_if name='errordocs'>		
Falko Timme's avatar
Falko Timme committed
55 56 57 58 59 60
        error_page 400 /error/400.html;
        error_page 401 /error/401.html;
        error_page 403 /error/403.html;
        error_page 404 /error/404.html;
        error_page 405 /error/405.html;
        error_page 500 /error/500.html;
61
        error_page 502 /error/502.html;
Falko Timme's avatar
Falko Timme committed
62
        error_page 503 /error/503.html;
63 64
        recursive_error_pages on;
        location = /error/400.html {
65
            <tmpl_var name='web_document_root_www_proxy'>
66 67 68
            internal;
        }
        location = /error/401.html {
69
            <tmpl_var name='web_document_root_www_proxy'>
70 71 72
            internal;
        }
        location = /error/403.html {
73
            <tmpl_var name='web_document_root_www_proxy'>
74 75 76
            internal;
        }
        location = /error/404.html {
77
            <tmpl_var name='web_document_root_www_proxy'>
78 79 80
            internal;
        }
        location = /error/405.html {
81
            <tmpl_var name='web_document_root_www_proxy'>
82 83 84
            internal;
        }
        location = /error/500.html {
85
            <tmpl_var name='web_document_root_www_proxy'>
86 87 88
            internal;
        }
        location = /error/502.html {
89
            <tmpl_var name='web_document_root_www_proxy'>
90 91 92
            internal;
        }
        location = /error/503.html {
93
            <tmpl_var name='web_document_root_www_proxy'>
94 95
            internal;
        }
Falko Timme's avatar
Falko Timme committed
96
</tmpl_if>
Falko Timme's avatar
Falko Timme committed
97 98
		
        error_log /var/log/ispconfig/httpd/<tmpl_var name='domain'>/error.log;
99
        access_log /var/log/ispconfig/httpd/<tmpl_var name='domain'>/access.log combined;
100

Falko Timme's avatar
Falko Timme committed
101 102 103 104 105 106 107
        ## Disable .htaccess and other hidden files
        location ~ /\. {
            deny all;
            access_log off;
            log_not_found off;
        }
		
108
        location = /favicon.ico {
Falko Timme's avatar
Falko Timme committed
109 110 111
            log_not_found off;
            access_log off;
        }
112

Falko Timme's avatar
Falko Timme committed
113 114 115 116 117 118 119
        location = /robots.txt {
            allow all;
            log_not_found off;
            access_log off;
        }
		
        location /stats {
120
            <tmpl_var name='web_document_root_www_proxy'>
Falko Timme's avatar
Falko Timme committed
121 122 123 124
            index index.html index.php;
            auth_basic "Members Only";
            auth_basic_user_file <tmpl_var name='stats_auth_passwd_file'>;
        }
125

126
        location ^~ /awstats-icon {
127 128 129
            alias /usr/share/awstats/icon;
        }

Falko Timme's avatar
Falko Timme committed
130
        location ~ \.php$ {
131
            try_files <tmpl_var name='rnd_php_dummy_file'> @php;
Falko Timme's avatar
Falko Timme committed
132 133 134 135
        }

<tmpl_if name='php' op='==' value='php-fpm'>
        location @php {
136
            try_files $uri =404;
137
            include /etc/nginx/fastcgi_params;
Falko Timme's avatar
Falko Timme committed
138 139 140 141 142 143
<tmpl_if name='use_tcp'>
            fastcgi_pass 127.0.0.1:<tmpl_var name='fpm_port'>;
</tmpl_if>
<tmpl_if name='use_socket'>
            fastcgi_pass unix:<tmpl_var name='fpm_socket'>;
</tmpl_if>
Falko Timme's avatar
Falko Timme committed
144 145 146
            fastcgi_index index.php;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            fastcgi_param PATH_INFO $fastcgi_script_name;
147
            fastcgi_intercept_errors on;
Falko Timme's avatar
Falko Timme committed
148
        }
Falko Timme's avatar
Falko Timme committed
149
</tmpl_else>
Falko Timme's avatar
Falko Timme committed
150
        location @php {
Falko Timme's avatar
Falko Timme committed
151 152
            deny all;
        }
Falko Timme's avatar
Falko Timme committed
153
</tmpl_if>
Falko Timme's avatar
Falko Timme committed
154
		
Falko Timme's avatar
Falko Timme committed
155
<tmpl_if name='cgi' op='==' value='y'>
Falko Timme's avatar
Falko Timme committed
156
        location /cgi-bin/ {
157
            try_files $uri =404;
158
            include /etc/nginx/fastcgi_params;
Falko Timme's avatar
Falko Timme committed
159 160 161 162 163
            root <tmpl_var name='document_root'>;
            gzip off;
            fastcgi_pass  unix:/var/run/fcgiwrap.socket;
            fastcgi_index index.cgi;
            fastcgi_param SCRIPT_FILENAME  $document_root$fastcgi_script_name;
164
            fastcgi_intercept_errors on;
165
        }
Falko Timme's avatar
Falko Timme committed
166
</tmpl_if>
Falko Timme's avatar
Falko Timme committed
167

Falko Timme's avatar
Falko Timme committed
168
<tmpl_loop name="nginx_directives">
169
        <tmpl_var name='nginx_directive'>
170 171 172
</tmpl_loop>

<tmpl_loop name="basic_auth_locations">
173
        location <tmpl_var name='htpasswd_location'> { ##merge##
174 175
                auth_basic "Members Only";
                auth_basic_user_file <tmpl_var name='htpasswd_path'>.htpasswd;
Falko Timme's avatar
Falko Timme committed
176 177
				
                location ~ \.php$ {
178
                    try_files <tmpl_var name='rnd_php_dummy_file'> @php;
Falko Timme's avatar
Falko Timme committed
179
                }
180 181
        }
</tmpl_loop>
182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222
</tmpl_if>	
}

<tmpl_loop name="redirects">
server {
        listen <tmpl_var name='ip_address'>:80;
<tmpl_if name='ipv6_enabled'>
        listen [<tmpl_var name='ipv6_address'>]:80;
</tmpl_if>
		
<tmpl_if name='ssl_enabled'>
        listen <tmpl_var name='ip_address'>:443 ssl;
<tmpl_if name='ipv6_enabled'>
        listen [<tmpl_var name='ipv6_address'>]:443 ssl;
</tmpl_if>
        ssl_certificate <tmpl_var name='document_root'>/ssl/<tmpl_var name='ssl_domain'>.crt;
        ssl_certificate_key <tmpl_var name='document_root'>/ssl/<tmpl_var name='ssl_domain'>.key;
</tmpl_if>
        
        server_name <tmpl_var name='rewrite_domain'>;
<tmpl_if name='alias_seo_redirects2'>
<tmpl_loop name="alias_seo_redirects2">
        if ($http_host <tmpl_var name='alias_seo_redirect_operator'> "<tmpl_var name='alias_seo_redirect_origin_domain'>") {
            rewrite ^ $scheme://<tmpl_var name='alias_seo_redirect_target_domain'>$request_uri? permanent;
        }
</tmpl_loop>
</tmpl_if>
<tmpl_if name='use_rewrite'>
        rewrite ^ <tmpl_var name='rewrite_target'>$request_uri? <tmpl_var name='rewrite_type'>;
</tmpl_if>
<tmpl_if name='use_proxy'>
        location / {
            proxy_pass <tmpl_var name='rewrite_target'>;
            rewrite ^/<tmpl_var name='rewrite_subdir'>/(.*) /$1;
<tmpl_loop name="proxy_directives">
        <tmpl_var name='proxy_directive'>
</tmpl_loop>
        }
</tmpl_if>
}
</tmpl_loop>