nginx_apps.vhost.master 11.4 KB
Newer Older
1
server {
2 3 4
        listen {apps_vhost_port} {ssl_on};
        listen [::]:{apps_vhost_port} {ssl_on} ipv6only=on;

Florian Schaal's avatar
Florian Schaal committed
5 6 7 8 9 10
        {ssl_comment}ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        {ssl_comment}ssl_certificate /usr/local/ispconfig/interface/ssl/ispserver.crt;
        {ssl_comment}ssl_certificate_key /usr/local/ispconfig/interface/ssl/ispserver.key;

        # redirect to https if accessed with http
        {ssl_comment}error_page 497 https://$host:{vhost_port}$request_uri;
11 12 13 14 15

        server_name {apps_vhost_servername};

        root   {apps_vhost_dir};

16
        client_max_body_size 100M;
17

18 19 20 21 22
        location / {
               index index.php index.html;
        }

        # serve static files directly
23
        location ~* ^.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt)$ {
24 25 26 27
               access_log        off;
        }

        location ~ \.php$ {
28
               try_files $uri =404;
29 30 31 32 33 34 35 36 37 38 39 40 41 42
               fastcgi_param   QUERY_STRING            $query_string;
               fastcgi_param   REQUEST_METHOD          $request_method;
               fastcgi_param   CONTENT_TYPE            $content_type;
               fastcgi_param   CONTENT_LENGTH          $content_length;

               fastcgi_param   SCRIPT_FILENAME         $request_filename;
               fastcgi_param   SCRIPT_NAME             $fastcgi_script_name;
               fastcgi_param   REQUEST_URI             $request_uri;
               fastcgi_param   DOCUMENT_URI            $document_uri;
               fastcgi_param   DOCUMENT_ROOT           $document_root;
               fastcgi_param   SERVER_PROTOCOL         $server_protocol;

               fastcgi_param   GATEWAY_INTERFACE       CGI/1.1;
               fastcgi_param   SERVER_SOFTWARE         nginx/$nginx_version;
43
			   fastcgi_param   HTTP_PROXY              "";
44 45 46 47 48 49 50 51 52 53 54

               fastcgi_param   REMOTE_ADDR             $remote_addr;
               fastcgi_param   REMOTE_PORT             $remote_port;
               fastcgi_param   SERVER_ADDR             $server_addr;
               fastcgi_param   SERVER_PORT             $server_port;
               fastcgi_param   SERVER_NAME             $server_name;

               fastcgi_param   HTTPS                   $https;

               # PHP only, required if PHP was built with --enable-force-cgi-redirect
               fastcgi_param   REDIRECT_STATUS         200;
55
               fastcgi_pass unix:{fpm_socket};
56 57
               fastcgi_index index.php;
               fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
58
               #fastcgi_param PATH_INFO $fastcgi_script_name;
59 60 61 62
               fastcgi_buffer_size 128k;
               fastcgi_buffers 256 4k;
               fastcgi_busy_buffers_size 256k;
               fastcgi_temp_file_write_size 256k;
63 64 65 66 67
        }

        location ~ /\. {
               deny  all;
        }
68 69 70 71 72 73 74

        location /phpmyadmin {
               root /usr/share/;
               index index.php index.html index.htm;
               location ~ ^/phpmyadmin/(.+\.php)$ {
                       try_files $uri =404;
                       root /usr/share/;
75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99
                       fastcgi_param   QUERY_STRING            $query_string;
                       fastcgi_param   REQUEST_METHOD          $request_method;
                       fastcgi_param   CONTENT_TYPE            $content_type;
                       fastcgi_param   CONTENT_LENGTH          $content_length;

                       fastcgi_param   SCRIPT_FILENAME         $request_filename;
                       fastcgi_param   SCRIPT_NAME             $fastcgi_script_name;
                       fastcgi_param   REQUEST_URI             $request_uri;
                       fastcgi_param   DOCUMENT_URI            $document_uri;
                       fastcgi_param   DOCUMENT_ROOT           $document_root;
                       fastcgi_param   SERVER_PROTOCOL         $server_protocol;

                       fastcgi_param   GATEWAY_INTERFACE       CGI/1.1;
                       fastcgi_param   SERVER_SOFTWARE         nginx/$nginx_version;

                       fastcgi_param   REMOTE_ADDR             $remote_addr;
                       fastcgi_param   REMOTE_PORT             $remote_port;
                       fastcgi_param   SERVER_ADDR             $server_addr;
                       fastcgi_param   SERVER_PORT             $server_port;
                       fastcgi_param   SERVER_NAME             $server_name;

                       fastcgi_param   HTTPS                   $https;

                       # PHP only, required if PHP was built with --enable-force-cgi-redirect
                       fastcgi_param   REDIRECT_STATUS         200;
100
                       # To access phpMyAdmin, the default user (like www-data on Debian/Ubuntu) must be used
101 102
                       {use_tcp}fastcgi_pass 127.0.0.1:9000;
                       {use_socket}fastcgi_pass unix:/var/run/php5-fpm.sock;
103
                       fastcgi_index index.php;
104
                       fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
105 106 107 108
                       fastcgi_buffer_size 128k;
                       fastcgi_buffers 256 4k;
                       fastcgi_busy_buffers_size 256k;
                       fastcgi_temp_file_write_size 256k;
109
                       fastcgi_read_timeout 1200;
110 111 112 113 114 115 116 117 118 119 120 121 122 123 124
               }
               location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
                       root /usr/share/;
               }
        }
        location /phpMyAdmin {
               rewrite ^/* /phpmyadmin last;
        }
		
        location /squirrelmail {
               root /usr/share/;
               index index.php index.html index.htm;
               location ~ ^/squirrelmail/(.+\.php)$ {
                       try_files $uri =404;
                       root /usr/share/;
125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149
                       fastcgi_param   QUERY_STRING            $query_string;
                       fastcgi_param   REQUEST_METHOD          $request_method;
                       fastcgi_param   CONTENT_TYPE            $content_type;
                       fastcgi_param   CONTENT_LENGTH          $content_length;

                       fastcgi_param   SCRIPT_FILENAME         $request_filename;
                       fastcgi_param   SCRIPT_NAME             $fastcgi_script_name;
                       fastcgi_param   REQUEST_URI             $request_uri;
                       fastcgi_param   DOCUMENT_URI            $document_uri;
                       fastcgi_param   DOCUMENT_ROOT           $document_root;
                       fastcgi_param   SERVER_PROTOCOL         $server_protocol;

                       fastcgi_param   GATEWAY_INTERFACE       CGI/1.1;
                       fastcgi_param   SERVER_SOFTWARE         nginx/$nginx_version;

                       fastcgi_param   REMOTE_ADDR             $remote_addr;
                       fastcgi_param   REMOTE_PORT             $remote_port;
                       fastcgi_param   SERVER_ADDR             $server_addr;
                       fastcgi_param   SERVER_PORT             $server_port;
                       fastcgi_param   SERVER_NAME             $server_name;

                       fastcgi_param   HTTPS                   $https;

                       # PHP only, required if PHP was built with --enable-force-cgi-redirect
                       fastcgi_param   REDIRECT_STATUS         200;
150
                       # To access SquirrelMail, the default user (like www-data on Debian/Ubuntu) must be used
151 152
                       {use_tcp}fastcgi_pass 127.0.0.1:9000;
                       {use_socket}fastcgi_pass unix:/var/run/php5-fpm.sock;
153
                       fastcgi_index index.php;
154
                       fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
155 156 157 158
                       fastcgi_buffer_size 128k;
                       fastcgi_buffers 256 4k;
                       fastcgi_busy_buffers_size 256k;
                       fastcgi_temp_file_write_size 256k;
159 160 161 162 163 164 165 166
               }
               location ~* ^/squirrelmail/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
                       root /usr/share/;
               }
        }
        location /webmail {
               rewrite ^/* /squirrelmail last;
        }
167 168 169 170

        location /cgi-bin/mailman {
               root /usr/lib/;
               fastcgi_split_path_info (^/cgi-bin/mailman/[^/]*)(.*)$;
171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195
               fastcgi_param   QUERY_STRING            $query_string;
               fastcgi_param   REQUEST_METHOD          $request_method;
               fastcgi_param   CONTENT_TYPE            $content_type;
               fastcgi_param   CONTENT_LENGTH          $content_length;

               fastcgi_param   SCRIPT_FILENAME         $request_filename;
               fastcgi_param   SCRIPT_NAME             $fastcgi_script_name;
               fastcgi_param   REQUEST_URI             $request_uri;
               fastcgi_param   DOCUMENT_URI            $document_uri;
               fastcgi_param   DOCUMENT_ROOT           $document_root;
               fastcgi_param   SERVER_PROTOCOL         $server_protocol;

               fastcgi_param   GATEWAY_INTERFACE       CGI/1.1;
               fastcgi_param   SERVER_SOFTWARE         nginx/$nginx_version;

               fastcgi_param   REMOTE_ADDR             $remote_addr;
               fastcgi_param   REMOTE_PORT             $remote_port;
               fastcgi_param   SERVER_ADDR             $server_addr;
               fastcgi_param   SERVER_PORT             $server_port;
               fastcgi_param   SERVER_NAME             $server_name;

               fastcgi_param   HTTPS                   $https;

               # PHP only, required if PHP was built with --enable-force-cgi-redirect
               fastcgi_param   REDIRECT_STATUS         200;
196 197 198 199 200 201 202 203 204 205 206 207 208 209 210
               fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
               fastcgi_param PATH_INFO $fastcgi_path_info;
               fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
               fastcgi_intercept_errors on;
               fastcgi_pass unix:{cgi_socket};
        }

        location /images/mailman {
               alias /usr/share/images/mailman;
        }

        location /pipermail {
               alias /var/lib/mailman/archives/public;
               autoindex on;
        }
211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234

        {use_rspamd}location /rspamd/ {
                {use_rspamd}proxy_pass http://127.0.0.1:11334/;
                {use_rspamd}rewrite ^//(.*) /$1;
                {use_rspamd}proxy_set_header X-Forwarded-Proto $scheme;
                {use_rspamd}proxy_set_header Host $host;
                {use_rspamd}proxy_set_header X-Real-IP $remote_addr;
                {use_rspamd}proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                {use_rspamd}proxy_pass_header Authorization;
                {use_rspamd}client_max_body_size 0;
                {use_rspamd}client_body_buffer_size 1m;
                {use_rspamd}proxy_intercept_errors on;
                {use_rspamd}proxy_buffering on;
                {use_rspamd}proxy_buffer_size 128k;
                {use_rspamd}proxy_buffers 256 16k;
                {use_rspamd}proxy_busy_buffers_size 256k;
                {use_rspamd}proxy_temp_file_write_size 256k;
                {use_rspamd}proxy_max_temp_file_size 0;
                {use_rspamd}proxy_read_timeout 300;
                {use_rspamd}
                {use_rspamd}location ~* ^/rspamd/(.+\.(jpg|jpeg|gif|css|png|js|ico|html?|xml|txt))$ {
                       {use_rspamd}alias /usr/share/rspamd/www/$1;
                {use_rspamd}}
        {use_rspamd}}
Florian Schaal's avatar
Florian Schaal committed
235
}