Newer
Older
<tmpl_if name='ssl_enabled'>
<tmpl_if name='rewrite_to_https' op='==' value='y'>
server {
listen <tmpl_var name='ip_address'>:<tmpl_var name='http_port'>;
<tmpl_if name='ipv6_enabled'>
listen [<tmpl_var name='ipv6_address'>]:<tmpl_var name='http_port'>;
</tmpl_if>
server_name <tmpl_var name='domain'> <tmpl_var name='alias'>;
access_log off;
rewrite ^ https://$http_host$request_uri? permanent;
}
</tmpl_if>
</tmpl_if>
latham
committed
server {
listen <tmpl_var name='ip_address'>:<tmpl_var name='http_port'>;
listen [<tmpl_var name='ipv6_address'>]:<tmpl_var name='http_port'>;
<tmpl_if name='rewrite_to_https' op='!=' value='y'>
listen <tmpl_var name='ip_address'>:<tmpl_var name='http_port'>;
<tmpl_if name='ipv6_enabled'>
listen [<tmpl_var name='ipv6_address'>]:<tmpl_var name='http_port'>;
</tmpl_if>
</tmpl_if>
listen <tmpl_var name='ip_address'>:<tmpl_var name='https_port'> ssl{tmpl_if name='enable_http2' op='==' value='y'} http2{/tmpl_if}{tmpl_if name='enable_spdy' op='==' value='y'} spdy{/tmpl_if};
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
Till Brehm
committed
# ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
# ssl_prefer_server_ciphers on;
listen [<tmpl_var name='ipv6_address'>]:<tmpl_var name='https_port'> ssl{tmpl_if name='enable_http2' op='==' value='y'} http2{/tmpl_if}{tmpl_if name='enable_spdy' op='==' value='y'} spdy{/tmpl_if};
Till Brehm
committed
ssl_certificate <tmpl_var name='ssl_crt_file'>;
ssl_certificate_key <tmpl_var name='ssl_key_file'>;
server_name <tmpl_var name='domain'> <tmpl_var name='alias'>;
latham
committed
if ($http_host <tmpl_var name='seo_redirect_operator'> "<tmpl_var name='seo_redirect_origin_domain'>") {
rewrite ^ $scheme://<tmpl_var name='seo_redirect_target_domain'>$request_uri? permanent;
<tmpl_loop name="alias_seo_redirects">
if ($http_host <tmpl_var name='alias_seo_redirect_operator'> "<tmpl_var name='alias_seo_redirect_origin_domain'>") {
rewrite ^ $scheme://<tmpl_var name='alias_seo_redirect_target_domain'>$request_uri? permanent;
tbrehm
committed
<tmpl_loop name="local_redirects">
if ($http_host <tmpl_var name='local_redirect_operator'> "<tmpl_var name='local_redirect_origin_domain'>") {
rewrite ^<tmpl_var name='local_redirect_exclude'>(.*)$ <tmpl_var name='local_redirect_target'>$2 <tmpl_var name='local_redirect_type'>;
}
</tmpl_loop>
<tmpl_loop name="own_redirects">
<tmpl_if name='use_rewrite'>
tbrehm
committed
<tmpl_if name='exclude_own_hostname'>if ($http_host != "<tmpl_var name='exclude_own_hostname'>") { </tmpl_if>rewrite ^<tmpl_var name='rewrite_exclude'>(.*)$ <tmpl_var name='rewrite_target'>$2 <tmpl_var name='rewrite_type'>;<tmpl_if name='exclude_own_hostname'> }</tmpl_if>
</tmpl_if>
<tmpl_if name='use_proxy'>
location / {
proxy_pass <tmpl_var name='rewrite_target'>;
tbrehm
committed
<tmpl_if name='rewrite_subdir'>rewrite ^/<tmpl_var name='rewrite_subdir'>(.*) /$1;</tmpl_if>
<tmpl_loop name="proxy_directives">
<tmpl_var name='proxy_directive'>
</tmpl_loop>
}
</tmpl_if>
</tmpl_loop>
<tmpl_if name='use_proxy' op='!=' value='y'>
index index.html index.htm index.php index.cgi index.pl index.xhtml;
latham
committed
}
latham
committed
error_page 400 /error/400.html;
error_page 401 /error/401.html;
error_page 403 /error/403.html;
error_page 404 /error/404.html;
error_page 405 /error/405.html;
error_page 500 /error/500.html;
error_page 502 /error/502.html;
recursive_error_pages on;
location = /error/400.html {
<tmpl_var name='web_document_root_www_proxy'>
internal;
}
location = /error/401.html {
<tmpl_var name='web_document_root_www_proxy'>
internal;
}
location = /error/403.html {
<tmpl_var name='web_document_root_www_proxy'>
internal;
}
location = /error/404.html {
<tmpl_var name='web_document_root_www_proxy'>
internal;
}
location = /error/405.html {
<tmpl_var name='web_document_root_www_proxy'>
internal;
}
location = /error/500.html {
<tmpl_var name='web_document_root_www_proxy'>
internal;
}
location = /error/502.html {
<tmpl_var name='web_document_root_www_proxy'>
internal;
}
location = /error/503.html {
<tmpl_var name='web_document_root_www_proxy'>
error_log /var/log/ispconfig/httpd/<tmpl_var name='domain'>/error.log;
access_log /var/log/ispconfig/httpd/<tmpl_var name='domain'>/access.log combined;
latham
committed
location ~ /\. {
deny all;
}
## Allow access for .well-known/acme-challenge
location ^~ /.well-known/acme-challenge/ {
access_log off;
log_not_found off;
root /usr/local/ispconfig/interface/acme/;
autoindex off;
index index.html;
try_files $uri $uri/ =404;
latham
committed
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location /stats/ {
<tmpl_var name='web_document_root_www_proxy'>
index index.html index.php;
auth_basic "Members Only";
auth_basic_user_file <tmpl_var name='stats_auth_passwd_file'>;
}
latham
committed
alias /usr/share/awstats/icon;
}
try_files <tmpl_var name='rnd_php_dummy_file'> @php;
}
<tmpl_if name='php' op='==' value='php-fpm'>
location @php {
Falko Timme
committed
include /etc/nginx/fastcgi_params;
<tmpl_if name='use_tcp'>
fastcgi_pass 127.0.0.1:<tmpl_var name='fpm_port'>;
</tmpl_if>
<tmpl_if name='use_socket'>
fastcgi_pass unix:<tmpl_var name='fpm_socket'>;
</tmpl_if>
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
tbrehm
committed
#fastcgi_param PATH_INFO $fastcgi_script_name;
Falko Timme
committed
fastcgi_intercept_errors on;
Marius Cramer
committed
<tmpl_if name='php' op='==' value='hhvm'>
location @php {
try_files $uri =404;
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/var/run/hhvm/hhvm.<tmpl_var name='system_user'>.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
#fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_intercept_errors on;
error_page 500 501 502 503 = @phpfallback;
}
location @phpfallback {
try_files $uri =404;
include /etc/nginx/fastcgi_params;
<tmpl_if name='use_tcp'>
fastcgi_pass 127.0.0.1:<tmpl_var name='fpm_port'>;
</tmpl_if>
<tmpl_if name='use_socket'>
fastcgi_pass unix:<tmpl_var name='fpm_socket'>;
</tmpl_if>
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
#fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_intercept_errors on;
Marius Cramer
committed
}
</tmpl_else>
Marius Cramer
committed
</tmpl_if>
Falko Timme
committed
include /etc/nginx/fastcgi_params;
root <tmpl_var name='document_root'>;
gzip off;
fastcgi_pass unix:/var/run/fcgiwrap.socket;
fastcgi_index index.cgi;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
Falko Timme
committed
fastcgi_intercept_errors on;
latham
committed
}
<tmpl_loop name="rewrite_rules">
<tmpl_var name='rewrite_rule'>
</tmpl_loop>
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
<tmpl_if name='enable_pagespeed' op='==' value='y'>
pagespeed on;
pagespeed FileCachePath /var/ngx_pagespeed_cache;
<tmpl_if name='ssl_enabled'>pagespeed FetchHttps enable,allow_self_signed;</tmpl_if>
# let's speed up PageSpeed by storing it in the super duper fast memcached
pagespeed MemcachedThreads 1;
pagespeed MemcachedServers "localhost:11211";
# Filter settings
pagespeed RewriteLevel CoreFilters;
pagespeed EnableFilters collapse_whitespace,remove_comments;
# Ensure requests for pagespeed optimized resources go to the pagespeed
# handler and no extraneous headers get set.
location ~ "\.pagespeed\.([a-z]\.)?[a-z]{2}\.[^.]{10}\.[^.]+" {
add_header "" "";
access_log off;
}
location ~ "^/ngx_pagespeed_static/" {
access_log off;
}
location ~ "^/ngx_pagespeed_beacon$" {
access_log off;
}
location /ngx_pagespeed_statistics {
allow 127.0.0.1;
deny all;
access_log off;
}
location /ngx_pagespeed_global_statistics {
allow 127.0.0.1;
deny all;
access_log off;
}
location /ngx_pagespeed_message {
allow 127.0.0.1;
deny all;
access_log off;
}
location /pagespeed_console {
allow 127.0.0.1;
deny all;
access_log off;
}
</tmpl_if>
location ~ /\.well-known/acme-challenge/ {
root /usr/local/ispconfig/interface/acme/;
index index.html index.htm;
try_files $uri =404;
}
<tmpl_loop name="basic_auth_locations">
Falko Timme
committed
location <tmpl_var name='htpasswd_location'> { ##merge##
auth_basic "Members Only";
auth_basic_user_file <tmpl_var name='htpasswd_path'>.htpasswd;
try_files <tmpl_var name='rnd_php_dummy_file'> @php;
</tmpl_if>
}
<tmpl_loop name="redirects">
server {
listen <tmpl_var name='ip_address'>:80;
<tmpl_if name='ipv6_enabled'>
listen [<tmpl_var name='ipv6_address'>]:80;
</tmpl_if>
<tmpl_if name='ssl_enabled'>
listen <tmpl_var name='ip_address'>:443 ssl;
<tmpl_if name='ipv6_enabled'>
listen [<tmpl_var name='ipv6_address'>]:443 ssl;
</tmpl_if>
ssl_certificate <tmpl_var name='document_root'>/ssl/<tmpl_var name='ssl_domain'>.crt;
ssl_certificate_key <tmpl_var name='document_root'>/ssl/<tmpl_var name='ssl_domain'>.key;
</tmpl_if>
server_name <tmpl_var name='rewrite_domain'>;
<tmpl_if name='alias_seo_redirects2'>
<tmpl_loop name="alias_seo_redirects2">
if ($http_host <tmpl_var name='alias_seo_redirect_operator'> "<tmpl_var name='alias_seo_redirect_origin_domain'>") {
rewrite ^ $scheme://<tmpl_var name='alias_seo_redirect_target_domain'>$request_uri? permanent;
}
</tmpl_loop>
</tmpl_if>
<tmpl_if name='use_rewrite'>
rewrite ^ <tmpl_var name='rewrite_target'>$request_uri? <tmpl_var name='rewrite_type'>;
</tmpl_if>
<tmpl_if name='use_proxy'>
location / {
proxy_pass <tmpl_var name='rewrite_target'>;
tbrehm
committed
<tmpl_if name='rewrite_subdir'>rewrite ^/<tmpl_var name='rewrite_subdir'>(.*) /$1;</tmpl_if>
<tmpl_loop name="proxy_directives">
<tmpl_var name='proxy_directive'>
</tmpl_loop>
}
</tmpl_if>
}