nginx_vhost.conf.master 7.87 KB
Newer Older
1
server {
Falko Timme's avatar
Falko Timme committed
2
        listen <tmpl_var name='ip_address'>:80;
Falko Timme's avatar
Falko Timme committed
3
<tmpl_if name='ipv6_enabled'>
4
        listen [<tmpl_var name='ipv6_address'>]:80;
Falko Timme's avatar
Falko Timme committed
5
</tmpl_if>
Falko Timme's avatar
Falko Timme committed
6
		
Falko Timme's avatar
Falko Timme committed
7
<tmpl_if name='ssl_enabled'>
Falko Timme's avatar
Falko Timme committed
8
        listen <tmpl_var name='ip_address'>:443 ssl;
Falko Timme's avatar
Falko Timme committed
9
<tmpl_if name='ipv6_enabled'>
10
        listen [<tmpl_var name='ipv6_address'>]:443 ssl;
Falko Timme's avatar
Falko Timme committed
11
</tmpl_if>
Falko Timme's avatar
Falko Timme committed
12 13
        ssl_certificate <tmpl_var name='document_root'>/ssl/<tmpl_var name='ssl_domain'>.crt;
        ssl_certificate_key <tmpl_var name='document_root'>/ssl/<tmpl_var name='ssl_domain'>.key;
Falko Timme's avatar
Falko Timme committed
14
</tmpl_if>
Falko Timme's avatar
Falko Timme committed
15 16
        
        server_name <tmpl_var name='domain'> <tmpl_var name='alias'>;
17

Falko Timme's avatar
Falko Timme committed
18
        root   <tmpl_var name='web_document_root_www'>;
19
		
Falko Timme's avatar
Falko Timme committed
20
<tmpl_if name='seo_redirect_enabled'>
21
        if ($http_host <tmpl_var name='seo_redirect_operator'> "<tmpl_var name='seo_redirect_origin_domain'>") {
22
            rewrite ^ $scheme://<tmpl_var name='seo_redirect_target_domain'>$request_uri? permanent;
Falko Timme's avatar
Falko Timme committed
23
        }
Falko Timme's avatar
Falko Timme committed
24
</tmpl_if>
25 26 27
<tmpl_loop name="alias_seo_redirects">
        if ($http_host <tmpl_var name='alias_seo_redirect_operator'> "<tmpl_var name='alias_seo_redirect_origin_domain'>") {
            rewrite ^ $scheme://<tmpl_var name='alias_seo_redirect_target_domain'>$request_uri? permanent;
28
        }
Falko Timme's avatar
Falko Timme committed
29
</tmpl_loop>
30 31 32 33 34
<tmpl_loop name="local_redirects">
        if ($http_host <tmpl_var name='local_redirect_operator'> "<tmpl_var name='local_redirect_origin_domain'>") {
            rewrite ^<tmpl_var name='local_redirect_exclude'>(.*)$ <tmpl_var name='local_redirect_target'>$2 <tmpl_var name='local_redirect_type'>;
        }
</tmpl_loop>
35 36 37

<tmpl_loop name="own_redirects">
<tmpl_if name='use_rewrite'>
38
        <tmpl_if name='exclude_own_hostname'>if ($http_host != "<tmpl_var name='exclude_own_hostname'>") { </tmpl_if>rewrite ^<tmpl_var name='rewrite_exclude'>(.*)$ <tmpl_var name='rewrite_target'>$2 <tmpl_var name='rewrite_type'>;<tmpl_if name='exclude_own_hostname'> }</tmpl_if>
39 40 41 42
</tmpl_if>
<tmpl_if name='use_proxy'>
        location / {
            proxy_pass <tmpl_var name='rewrite_target'>;
43
            <tmpl_if name='rewrite_subdir'>rewrite ^/<tmpl_var name='rewrite_subdir'>(.*) /$1;</tmpl_if>
44 45 46 47 48 49 50
<tmpl_loop name="proxy_directives">
        <tmpl_var name='proxy_directive'>
</tmpl_loop>
        }
</tmpl_if>
</tmpl_loop>
<tmpl_if name='use_proxy' op='!=' value='y'>		
51
        index index.html index.htm index.php index.cgi index.pl index.xhtml;
Falko Timme's avatar
Falko Timme committed
52
		
Falko Timme's avatar
Falko Timme committed
53
<tmpl_if name='ssi' op='==' value='y'>		
Falko Timme's avatar
Falko Timme committed
54 55
        location ~ \.shtml$ {
            ssi on;
56
        }
Falko Timme's avatar
Falko Timme committed
57
</tmpl_if>
58

Falko Timme's avatar
Falko Timme committed
59
<tmpl_if name='errordocs'>		
Falko Timme's avatar
Falko Timme committed
60 61 62 63 64 65
        error_page 400 /error/400.html;
        error_page 401 /error/401.html;
        error_page 403 /error/403.html;
        error_page 404 /error/404.html;
        error_page 405 /error/405.html;
        error_page 500 /error/500.html;
66
        error_page 502 /error/502.html;
Falko Timme's avatar
Falko Timme committed
67
        error_page 503 /error/503.html;
68 69
        recursive_error_pages on;
        location = /error/400.html {
70
            <tmpl_var name='web_document_root_www_proxy'>
71 72 73
            internal;
        }
        location = /error/401.html {
74
            <tmpl_var name='web_document_root_www_proxy'>
75 76 77
            internal;
        }
        location = /error/403.html {
78
            <tmpl_var name='web_document_root_www_proxy'>
79 80 81
            internal;
        }
        location = /error/404.html {
82
            <tmpl_var name='web_document_root_www_proxy'>
83 84 85
            internal;
        }
        location = /error/405.html {
86
            <tmpl_var name='web_document_root_www_proxy'>
87 88 89
            internal;
        }
        location = /error/500.html {
90
            <tmpl_var name='web_document_root_www_proxy'>
91 92 93
            internal;
        }
        location = /error/502.html {
94
            <tmpl_var name='web_document_root_www_proxy'>
95 96 97
            internal;
        }
        location = /error/503.html {
98
            <tmpl_var name='web_document_root_www_proxy'>
99 100
            internal;
        }
Falko Timme's avatar
Falko Timme committed
101
</tmpl_if>
Falko Timme's avatar
Falko Timme committed
102 103
		
        error_log /var/log/ispconfig/httpd/<tmpl_var name='domain'>/error.log;
104
        access_log /var/log/ispconfig/httpd/<tmpl_var name='domain'>/access.log combined;
105

Falko Timme's avatar
Falko Timme committed
106 107 108 109 110 111 112
        ## Disable .htaccess and other hidden files
        location ~ /\. {
            deny all;
            access_log off;
            log_not_found off;
        }
		
113
        location = /favicon.ico {
Falko Timme's avatar
Falko Timme committed
114 115 116
            log_not_found off;
            access_log off;
        }
117

Falko Timme's avatar
Falko Timme committed
118 119 120 121 122 123
        location = /robots.txt {
            allow all;
            log_not_found off;
            access_log off;
        }
		
124
        location /stats/ {
125
            <tmpl_var name='web_document_root_www_proxy'>
Falko Timme's avatar
Falko Timme committed
126 127 128 129
            index index.html index.php;
            auth_basic "Members Only";
            auth_basic_user_file <tmpl_var name='stats_auth_passwd_file'>;
        }
130

131
        location ^~ /awstats-icon {
132 133 134
            alias /usr/share/awstats/icon;
        }

Falko Timme's avatar
Falko Timme committed
135
        location ~ \.php$ {
136
            try_files <tmpl_var name='rnd_php_dummy_file'> @php;
Falko Timme's avatar
Falko Timme committed
137 138 139 140
        }

<tmpl_if name='php' op='==' value='php-fpm'>
        location @php {
141
            try_files $uri =404;
142
            include /etc/nginx/fastcgi_params;
Falko Timme's avatar
Falko Timme committed
143 144 145 146 147 148
<tmpl_if name='use_tcp'>
            fastcgi_pass 127.0.0.1:<tmpl_var name='fpm_port'>;
</tmpl_if>
<tmpl_if name='use_socket'>
            fastcgi_pass unix:<tmpl_var name='fpm_socket'>;
</tmpl_if>
Falko Timme's avatar
Falko Timme committed
149 150
            fastcgi_index index.php;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
151
            #fastcgi_param PATH_INFO $fastcgi_script_name;
152
            fastcgi_intercept_errors on;
Falko Timme's avatar
Falko Timme committed
153
        }
Falko Timme's avatar
Falko Timme committed
154
</tmpl_else>
Falko Timme's avatar
Falko Timme committed
155
        location @php {
Falko Timme's avatar
Falko Timme committed
156 157
            deny all;
        }
Falko Timme's avatar
Falko Timme committed
158
</tmpl_if>
Falko Timme's avatar
Falko Timme committed
159
		
Falko Timme's avatar
Falko Timme committed
160
<tmpl_if name='cgi' op='==' value='y'>
Falko Timme's avatar
Falko Timme committed
161
        location /cgi-bin/ {
162
            try_files $uri =404;
163
            include /etc/nginx/fastcgi_params;
Falko Timme's avatar
Falko Timme committed
164 165 166 167 168
            root <tmpl_var name='document_root'>;
            gzip off;
            fastcgi_pass  unix:/var/run/fcgiwrap.socket;
            fastcgi_index index.cgi;
            fastcgi_param SCRIPT_FILENAME  $document_root$fastcgi_script_name;
169
            fastcgi_intercept_errors on;
170
        }
Falko Timme's avatar
Falko Timme committed
171
</tmpl_if>
Falko Timme's avatar
Falko Timme committed
172

173 174 175 176
<tmpl_loop name="rewrite_rules">
        <tmpl_var name='rewrite_rule'>
</tmpl_loop>

Falko Timme's avatar
Falko Timme committed
177
<tmpl_loop name="nginx_directives">
178
        <tmpl_var name='nginx_directive'>
179 180 181
</tmpl_loop>

<tmpl_loop name="basic_auth_locations">
182
        location <tmpl_var name='htpasswd_location'> { ##merge##
183 184
                auth_basic "Members Only";
                auth_basic_user_file <tmpl_var name='htpasswd_path'>.htpasswd;
Falko Timme's avatar
Falko Timme committed
185 186
				
                location ~ \.php$ {
187
                    try_files <tmpl_var name='rnd_php_dummy_file'> @php;
Falko Timme's avatar
Falko Timme committed
188
                }
189 190
        }
</tmpl_loop>
191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223
</tmpl_if>	
}

<tmpl_loop name="redirects">
server {
        listen <tmpl_var name='ip_address'>:80;
<tmpl_if name='ipv6_enabled'>
        listen [<tmpl_var name='ipv6_address'>]:80;
</tmpl_if>
		
<tmpl_if name='ssl_enabled'>
        listen <tmpl_var name='ip_address'>:443 ssl;
<tmpl_if name='ipv6_enabled'>
        listen [<tmpl_var name='ipv6_address'>]:443 ssl;
</tmpl_if>
        ssl_certificate <tmpl_var name='document_root'>/ssl/<tmpl_var name='ssl_domain'>.crt;
        ssl_certificate_key <tmpl_var name='document_root'>/ssl/<tmpl_var name='ssl_domain'>.key;
</tmpl_if>
        
        server_name <tmpl_var name='rewrite_domain'>;
<tmpl_if name='alias_seo_redirects2'>
<tmpl_loop name="alias_seo_redirects2">
        if ($http_host <tmpl_var name='alias_seo_redirect_operator'> "<tmpl_var name='alias_seo_redirect_origin_domain'>") {
            rewrite ^ $scheme://<tmpl_var name='alias_seo_redirect_target_domain'>$request_uri? permanent;
        }
</tmpl_loop>
</tmpl_if>
<tmpl_if name='use_rewrite'>
        rewrite ^ <tmpl_var name='rewrite_target'>$request_uri? <tmpl_var name='rewrite_type'>;
</tmpl_if>
<tmpl_if name='use_proxy'>
        location / {
            proxy_pass <tmpl_var name='rewrite_target'>;
224
            <tmpl_if name='rewrite_subdir'>rewrite ^/<tmpl_var name='rewrite_subdir'>(.*) /$1;</tmpl_if>
225 226 227 228 229 230 231
<tmpl_loop name="proxy_directives">
        <tmpl_var name='proxy_directive'>
</tmpl_loop>
        }
</tmpl_if>
}
</tmpl_loop>