nginx_vhost.conf.master 11.4 KB
Newer Older
1
server {
2
        listen <tmpl_var name='ip_address'>:<tmpl_var name='http_port'>;
Falko Timme's avatar
Falko Timme committed
3
<tmpl_if name='ipv6_enabled'>
4
        listen [<tmpl_var name='ipv6_address'>]:<tmpl_var name='http_port'>;
Falko Timme's avatar
Falko Timme committed
5
</tmpl_if>
Falko Timme's avatar
Falko Timme committed
6
		
Falko Timme's avatar
Falko Timme committed
7
<tmpl_if name='ssl_enabled'>
8
        listen <tmpl_var name='ip_address'>:<tmpl_var name='https_port'> ssl{tmpl_if name='enable_http2' op='==' value='y'} http2{/tmpl_if}{tmpl_if name='enable_spdy' op='==' value='y'} spdy{/tmpl_if};
9
		ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
10
		ssl_ciphers EECDH+AESGCM:EDH+AESGCM:EECDH:EDH:!MD5:!RC4:!LOW:!MEDIUM:!CAMELLIA:!ECDSA:!DES:!DSS:!3DES:!NULL;
Falko Timme's avatar
Falko Timme committed
11
<tmpl_if name='ipv6_enabled'>
12
        listen [<tmpl_var name='ipv6_address'>]:<tmpl_var name='https_port'> ssl{tmpl_if name='enable_http2' op='==' value='y'} http2{/tmpl_if}{tmpl_if name='enable_spdy' op='==' value='y'} spdy{/tmpl_if};
Falko Timme's avatar
Falko Timme committed
13
</tmpl_if>
Falko Timme's avatar
Falko Timme committed
14 15
        ssl_certificate <tmpl_var name='document_root'>/ssl/<tmpl_var name='ssl_domain'>.crt;
        ssl_certificate_key <tmpl_var name='document_root'>/ssl/<tmpl_var name='ssl_domain'>.key;
Falko Timme's avatar
Falko Timme committed
16
</tmpl_if>
Falko Timme's avatar
Falko Timme committed
17 18
        
        server_name <tmpl_var name='domain'> <tmpl_var name='alias'>;
19

Falko Timme's avatar
Falko Timme committed
20
        root   <tmpl_var name='web_document_root_www'>;
21
		
Falko Timme's avatar
Falko Timme committed
22
<tmpl_if name='seo_redirect_enabled'>
23
        if ($http_host <tmpl_var name='seo_redirect_operator'> "<tmpl_var name='seo_redirect_origin_domain'>") {
24
            rewrite ^ $scheme://<tmpl_var name='seo_redirect_target_domain'>$request_uri? permanent;
Falko Timme's avatar
Falko Timme committed
25
        }
Falko Timme's avatar
Falko Timme committed
26
</tmpl_if>
27 28 29
<tmpl_loop name="alias_seo_redirects">
        if ($http_host <tmpl_var name='alias_seo_redirect_operator'> "<tmpl_var name='alias_seo_redirect_origin_domain'>") {
            rewrite ^ $scheme://<tmpl_var name='alias_seo_redirect_target_domain'>$request_uri? permanent;
30
        }
Falko Timme's avatar
Falko Timme committed
31
</tmpl_loop>
32 33 34 35 36
<tmpl_loop name="local_redirects">
        if ($http_host <tmpl_var name='local_redirect_operator'> "<tmpl_var name='local_redirect_origin_domain'>") {
            rewrite ^<tmpl_var name='local_redirect_exclude'>(.*)$ <tmpl_var name='local_redirect_target'>$2 <tmpl_var name='local_redirect_type'>;
        }
</tmpl_loop>
37 38 39 40 41 42 43
<tmpl_if name='ssl_enabled'>
<tmpl_if name='rewrite_to_https' op='==' value='y'>
        if ($scheme != "https") {
            rewrite ^ https://$http_host$request_uri? permanent;
        }
</tmpl_if>
</tmpl_if>
44 45 46

<tmpl_loop name="own_redirects">
<tmpl_if name='use_rewrite'>
47
        <tmpl_if name='exclude_own_hostname'>if ($http_host != "<tmpl_var name='exclude_own_hostname'>") { </tmpl_if>rewrite ^<tmpl_var name='rewrite_exclude'>(.*)$ <tmpl_var name='rewrite_target'>$2 <tmpl_var name='rewrite_type'>;<tmpl_if name='exclude_own_hostname'> }</tmpl_if>
48 49 50 51
</tmpl_if>
<tmpl_if name='use_proxy'>
        location / {
            proxy_pass <tmpl_var name='rewrite_target'>;
52
            <tmpl_if name='rewrite_subdir'>rewrite ^/<tmpl_var name='rewrite_subdir'>(.*) /$1;</tmpl_if>
53 54 55 56 57 58 59
<tmpl_loop name="proxy_directives">
        <tmpl_var name='proxy_directive'>
</tmpl_loop>
        }
</tmpl_if>
</tmpl_loop>
<tmpl_if name='use_proxy' op='!=' value='y'>		
60
        index index.html index.htm index.php index.cgi index.pl index.xhtml;
Falko Timme's avatar
Falko Timme committed
61
		
Falko Timme's avatar
Falko Timme committed
62
<tmpl_if name='ssi' op='==' value='y'>		
Falko Timme's avatar
Falko Timme committed
63 64
        location ~ \.shtml$ {
            ssi on;
65
        }
Falko Timme's avatar
Falko Timme committed
66
</tmpl_if>
67

Falko Timme's avatar
Falko Timme committed
68
<tmpl_if name='errordocs'>		
Falko Timme's avatar
Falko Timme committed
69 70 71 72 73 74
        error_page 400 /error/400.html;
        error_page 401 /error/401.html;
        error_page 403 /error/403.html;
        error_page 404 /error/404.html;
        error_page 405 /error/405.html;
        error_page 500 /error/500.html;
75
        error_page 502 /error/502.html;
Falko Timme's avatar
Falko Timme committed
76
        error_page 503 /error/503.html;
77 78
        recursive_error_pages on;
        location = /error/400.html {
79
            <tmpl_var name='web_document_root_www_proxy'>
80 81 82
            internal;
        }
        location = /error/401.html {
83
            <tmpl_var name='web_document_root_www_proxy'>
84 85 86
            internal;
        }
        location = /error/403.html {
87
            <tmpl_var name='web_document_root_www_proxy'>
88 89 90
            internal;
        }
        location = /error/404.html {
91
            <tmpl_var name='web_document_root_www_proxy'>
92 93 94
            internal;
        }
        location = /error/405.html {
95
            <tmpl_var name='web_document_root_www_proxy'>
96 97 98
            internal;
        }
        location = /error/500.html {
99
            <tmpl_var name='web_document_root_www_proxy'>
100 101 102
            internal;
        }
        location = /error/502.html {
103
            <tmpl_var name='web_document_root_www_proxy'>
104 105 106
            internal;
        }
        location = /error/503.html {
107
            <tmpl_var name='web_document_root_www_proxy'>
108 109
            internal;
        }
Falko Timme's avatar
Falko Timme committed
110
</tmpl_if>
Falko Timme's avatar
Falko Timme committed
111 112
		
        error_log /var/log/ispconfig/httpd/<tmpl_var name='domain'>/error.log;
113
        access_log /var/log/ispconfig/httpd/<tmpl_var name='domain'>/access.log combined;
114

Falko Timme's avatar
Falko Timme committed
115
        ## Disable .htaccess and other hidden files
116
        location ~ /\.(?!well-known/acme-challenge/) {
Falko Timme's avatar
Falko Timme committed
117 118 119 120 121
            deny all;
            access_log off;
            log_not_found off;
        }
		
122
        location = /favicon.ico {
Falko Timme's avatar
Falko Timme committed
123 124 125
            log_not_found off;
            access_log off;
        }
126

Falko Timme's avatar
Falko Timme committed
127 128 129 130 131 132
        location = /robots.txt {
            allow all;
            log_not_found off;
            access_log off;
        }
		
133
        location /stats/ {
134
            <tmpl_var name='web_document_root_www_proxy'>
Falko Timme's avatar
Falko Timme committed
135 136 137 138
            index index.html index.php;
            auth_basic "Members Only";
            auth_basic_user_file <tmpl_var name='stats_auth_passwd_file'>;
        }
139

140
        location ^~ /awstats-icon {
141 142 143
            alias /usr/share/awstats/icon;
        }

Falko Timme's avatar
Falko Timme committed
144
        location ~ \.php$ {
145
            try_files <tmpl_var name='rnd_php_dummy_file'> @php;
Falko Timme's avatar
Falko Timme committed
146 147 148 149
        }

<tmpl_if name='php' op='==' value='php-fpm'>
        location @php {
150
            try_files $uri =404;
151
            include /etc/nginx/fastcgi_params;
Falko Timme's avatar
Falko Timme committed
152 153 154 155 156 157
<tmpl_if name='use_tcp'>
            fastcgi_pass 127.0.0.1:<tmpl_var name='fpm_port'>;
</tmpl_if>
<tmpl_if name='use_socket'>
            fastcgi_pass unix:<tmpl_var name='fpm_socket'>;
</tmpl_if>
Falko Timme's avatar
Falko Timme committed
158 159
            fastcgi_index index.php;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
160
            #fastcgi_param PATH_INFO $fastcgi_script_name;
161
            fastcgi_intercept_errors on;
Falko Timme's avatar
Falko Timme committed
162
        }
Falko Timme's avatar
Falko Timme committed
163
</tmpl_else>
164 165 166 167 168 169 170 171 172
	<tmpl_if name='php' op='==' value='hhvm'>
			location @php {
				try_files $uri =404;
				include /etc/nginx/fastcgi_params;
				fastcgi_pass unix:/var/run/hhvm/hhvm.<tmpl_var name='system_user'>.sock;
				fastcgi_index index.php;
				fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
				#fastcgi_param PATH_INFO $fastcgi_script_name;
				fastcgi_intercept_errors on;
173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188
				error_page 500 501 502 503 = @phpfallback;
			}
			
			location @phpfallback {
				try_files $uri =404;
				include /etc/nginx/fastcgi_params;
<tmpl_if name='use_tcp'>
				fastcgi_pass 127.0.0.1:<tmpl_var name='fpm_port'>;
</tmpl_if>
<tmpl_if name='use_socket'>
				fastcgi_pass unix:<tmpl_var name='fpm_socket'>;
</tmpl_if>
				fastcgi_index index.php;
				fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
				#fastcgi_param PATH_INFO $fastcgi_script_name;
				fastcgi_intercept_errors on;
189 190 191
			}
	</tmpl_else>

Falko Timme's avatar
Falko Timme committed
192
        location @php {
Falko Timme's avatar
Falko Timme committed
193 194
            deny all;
        }
195
	</tmpl_if>
Falko Timme's avatar
Falko Timme committed
196
</tmpl_if>
Falko Timme's avatar
Falko Timme committed
197
		
Falko Timme's avatar
Falko Timme committed
198
<tmpl_if name='cgi' op='==' value='y'>
Falko Timme's avatar
Falko Timme committed
199
        location /cgi-bin/ {
200
            try_files $uri =404;
201
            include /etc/nginx/fastcgi_params;
Falko Timme's avatar
Falko Timme committed
202 203 204 205 206
            root <tmpl_var name='document_root'>;
            gzip off;
            fastcgi_pass  unix:/var/run/fcgiwrap.socket;
            fastcgi_index index.cgi;
            fastcgi_param SCRIPT_FILENAME  $document_root$fastcgi_script_name;
207
            fastcgi_intercept_errors on;
208
        }
Falko Timme's avatar
Falko Timme committed
209
</tmpl_if>
Falko Timme's avatar
Falko Timme committed
210

211 212 213 214
<tmpl_loop name="rewrite_rules">
        <tmpl_var name='rewrite_rule'>
</tmpl_loop>

Falko Timme's avatar
Falko Timme committed
215
<tmpl_loop name="nginx_directives">
216
        <tmpl_var name='nginx_directive'>
217 218
</tmpl_loop>

Marius Cramer's avatar
Marius Cramer committed
219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266
<tmpl_if name='enable_pagespeed' op='==' value='y'>
        pagespeed on;
        pagespeed FileCachePath /var/ngx_pagespeed_cache;
        <tmpl_if name='ssl_enabled'>pagespeed FetchHttps enable,allow_self_signed;</tmpl_if>


        # let's speed up PageSpeed by storing it in the super duper fast memcached
        pagespeed MemcachedThreads 1;
        pagespeed MemcachedServers "localhost:11211";

        # Filter settings
        pagespeed RewriteLevel CoreFilters;
        pagespeed EnableFilters collapse_whitespace,remove_comments;

        #  Ensure requests for pagespeed optimized resources go to the pagespeed
        #  handler and no extraneous headers get set.
        location ~ "\.pagespeed\.([a-z]\.)?[a-z]{2}\.[^.]{10}\.[^.]+" {
                add_header "" "";
                access_log off;
        }
        location ~ "^/ngx_pagespeed_static/" {
                access_log off;
        }
        location ~ "^/ngx_pagespeed_beacon$" {
                access_log off;
        }
        location /ngx_pagespeed_statistics {
                allow 127.0.0.1;
                deny all;
                access_log off;
        }
        location /ngx_pagespeed_global_statistics {
                allow 127.0.0.1;
                deny all;
                access_log off;
        }
        location /ngx_pagespeed_message {
                allow 127.0.0.1;
                deny all;
                access_log off;
        }
        location /pagespeed_console {
                allow 127.0.0.1;
                deny all;
                access_log off;
        }
</tmpl_if>

267 268
location ~ /\.well-known/acme-challenge/ {
	   root /usr/local/ispconfig/interface/acme/;
269 270 271 272 273
	   index index.html index.htm;
	   try_files $uri =404;
}


274
<tmpl_loop name="basic_auth_locations">
275
        location <tmpl_var name='htpasswd_location'> { ##merge##
276 277
                auth_basic "Members Only";
                auth_basic_user_file <tmpl_var name='htpasswd_path'>.htpasswd;
Falko Timme's avatar
Falko Timme committed
278 279
				
                location ~ \.php$ {
280
                    try_files <tmpl_var name='rnd_php_dummy_file'> @php;
Falko Timme's avatar
Falko Timme committed
281
                }
282 283
        }
</tmpl_loop>
284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303
</tmpl_if>	
}

<tmpl_loop name="redirects">
server {
        listen <tmpl_var name='ip_address'>:80;
<tmpl_if name='ipv6_enabled'>
        listen [<tmpl_var name='ipv6_address'>]:80;
</tmpl_if>
		
<tmpl_if name='ssl_enabled'>
        listen <tmpl_var name='ip_address'>:443 ssl;
<tmpl_if name='ipv6_enabled'>
        listen [<tmpl_var name='ipv6_address'>]:443 ssl;
</tmpl_if>
        ssl_certificate <tmpl_var name='document_root'>/ssl/<tmpl_var name='ssl_domain'>.crt;
        ssl_certificate_key <tmpl_var name='document_root'>/ssl/<tmpl_var name='ssl_domain'>.key;
</tmpl_if>
        
        server_name <tmpl_var name='rewrite_domain'>;
304

305 306
location ~ /\.well-known/acme-challenge/ {
	   root /usr/local/ispconfig/interface/acme/;
307 308 309 310
	   index index.html index.htm;
	   try_files $uri =404;
}

311 312 313 314 315 316 317 318 319 320 321 322 323
<tmpl_if name='alias_seo_redirects2'>
<tmpl_loop name="alias_seo_redirects2">
        if ($http_host <tmpl_var name='alias_seo_redirect_operator'> "<tmpl_var name='alias_seo_redirect_origin_domain'>") {
            rewrite ^ $scheme://<tmpl_var name='alias_seo_redirect_target_domain'>$request_uri? permanent;
        }
</tmpl_loop>
</tmpl_if>
<tmpl_if name='use_rewrite'>
        rewrite ^ <tmpl_var name='rewrite_target'>$request_uri? <tmpl_var name='rewrite_type'>;
</tmpl_if>
<tmpl_if name='use_proxy'>
        location / {
            proxy_pass <tmpl_var name='rewrite_target'>;
324
            <tmpl_if name='rewrite_subdir'>rewrite ^/<tmpl_var name='rewrite_subdir'>(.*) /$1;</tmpl_if>
325 326 327 328 329 330
<tmpl_loop name="proxy_directives">
        <tmpl_var name='proxy_directive'>
</tmpl_loop>
        }
</tmpl_if>
}
Patrick Anders's avatar
Patrick Anders committed
331
</tmpl_loop>