server {
listen :;
listen []:;
server_name ;
access_log off;
rewrite ^ https://$http_host$request_uri? permanent;
}
server {
listen :;
listen []:;
listen :;
listen []:;
listen : ssl{tmpl_if name='enable_http2' op='==' value='y'} http2{/tmpl_if}{tmpl_if name='enable_spdy' op='==' value='y'} spdy{/tmpl_if};
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
# ssl_ciphers 'TLS-CHACHA20-POLY1305-SHA256:TLS-AES-256-GCM-SHA384:TLS-AES-128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
# ssl_prefer_server_ciphers on;
listen []: ssl{tmpl_if name='enable_http2' op='==' value='y'} http2{/tmpl_if}{tmpl_if name='enable_spdy' op='==' value='y'} spdy{/tmpl_if};
ssl_certificate ;
ssl_certificate_key ;
server_name ;
root ;
if ($http_host "") {
rewrite ^ $scheme://$request_uri? permanent;
}
if ($http_host "") {
rewrite ^ $scheme://$request_uri? permanent;
}
if ($http_host "") {
rewrite ^(.*)$ $2 ;
}
if ($http_host != "") { rewrite ^(.*)$ $2 ; }
location / {
proxy_pass ;
rewrite ^/(.*) /$1;
}
index index.html index.htm index.php index.cgi index.pl index.xhtml;
location ~ \.shtml$ {
ssi on;
}
error_page 400 /error/400.html;
error_page 401 /error/401.html;
error_page 403 /error/403.html;
error_page 404 /error/404.html;
error_page 405 /error/405.html;
error_page 500 /error/500.html;
error_page 502 /error/502.html;
error_page 503 /error/503.html;
recursive_error_pages on;
location = /error/400.html {
internal;
}
location = /error/401.html {
internal;
}
location = /error/403.html {
internal;
}
location = /error/404.html {
internal;
}
location = /error/405.html {
internal;
}
location = /error/500.html {
internal;
}
location = /error/502.html {
internal;
}
location = /error/503.html {
internal;
}
error_log /var/log/ispconfig/httpd//error.log;
access_log /var/log/ispconfig/httpd//access.log combined;
error_log /var/log/ispconfig/httpd//error.log;
access_log /var/log/ispconfig/httpd//access.log anonymized;
## Disable .htaccess and other hidden files
location ~ /\. {
deny all;
}
## Allow access for .well-known/acme-challenge
location ^~ /.well-known/acme-challenge/ {
access_log off;
log_not_found off;
root /usr/local/ispconfig/interface/acme/;
autoindex off;
index index.html;
try_files $uri $uri/ =404;
}
location = /favicon.ico {
log_not_found off;
access_log off;
expires max;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location /stats/ {
index index.html index.php;
auth_basic "Members Only";
auth_basic_user_file ;
}
location ^~ /awstats-icon {
alias /usr/share/awstats/icon;
}
location ~ \.php$ {
try_files @php;
}
location @php {
try_files $uri =404;
include /etc/nginx/fastcgi_params;
fastcgi_pass 127.0.0.1:;
fastcgi_pass unix:;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /web$fastcgi_script_name;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
#fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_param SERVER_NAME ;
fastcgi_intercept_errors on;
}
location @php {
try_files $uri =404;
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/var/run/hhvm/hhvm..sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
#fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_param SERVER_NAME ;
fastcgi_intercept_errors on;
error_page 500 501 502 503 = @phpfallback;
}
location @phpfallback {
try_files $uri =404;
include /etc/nginx/fastcgi_params;
fastcgi_pass 127.0.0.1:;
fastcgi_pass unix:;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
#fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_param SERVER_NAME ;
fastcgi_intercept_errors on;
}
location @php {
deny all;
}
location /cgi-bin/ {
try_files @cgi;
}
location @cgi {
try_files $uri =404;
include /etc/nginx/fastcgi_params;
root ;
gzip off;
fastcgi_pass unix:/var/run/fcgiwrap.socket;
fastcgi_index index.cgi;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_intercept_errors on;
}
pagespeed on;
pagespeed FileCachePath /var/ngx_pagespeed_cache;
pagespeed FetchHttps enable,allow_self_signed;
# let's speed up PageSpeed by storing it in the super duper fast memcached
pagespeed MemcachedThreads 1;
pagespeed MemcachedServers "localhost:11211";
# Filter settings
pagespeed RewriteLevel CoreFilters;
pagespeed EnableFilters collapse_whitespace,remove_comments;
# Ensure requests for pagespeed optimized resources go to the pagespeed
# handler and no extraneous headers get set.
location ~ "\.pagespeed\.([a-z]\.)?[a-z]{2}\.[^.]{10}\.[^.]+" {
add_header "" "";
access_log off;
}
location ~ "^/ngx_pagespeed_static/" {
access_log off;
}
location ~ "^/ngx_pagespeed_beacon$" {
access_log off;
}
location /ngx_pagespeed_statistics {
allow 127.0.0.1;
deny all;
access_log off;
}
location /ngx_pagespeed_global_statistics {
allow 127.0.0.1;
deny all;
access_log off;
}
location /ngx_pagespeed_message {
allow 127.0.0.1;
deny all;
access_log off;
}
location /pagespeed_console {
allow 127.0.0.1;
deny all;
access_log off;
}
location { ##merge##
auth_basic "Members Only";
auth_basic_user_file .htpasswd;
location ~ \.php$ {
try_files @php;
}
location ~ \.cgi$ {
try_files @cgi;
}
}
}
server {
listen :;
listen []:;
listen : ssl{tmpl_if name='enable_http2' op='==' value='y'} http2{/tmpl_if}{tmpl_if name='enable_spdy' op='==' value='y'} spdy{/tmpl_if};
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
listen []: ssl{tmpl_if name='enable_http2' op='==' value='y'} http2{/tmpl_if}{tmpl_if name='enable_spdy' op='==' value='y'} spdy{/tmpl_if};
ssl_certificate ;
ssl_certificate_key ;
server_name ;
if ($http_host "") {
rewrite ^ $scheme://$request_uri? permanent;
}
## no redirect for acme
location ^~ /.well-known/acme-challenge/ {
access_log off;
log_not_found off;
root /usr/local/ispconfig/interface/acme/;
autoindex off;
index index.html;
try_files $uri $uri/ =404;
}
location / {
rewrite ^ $request_uri? ;
}
location / {
proxy_pass ;
rewrite ^/(.*) /$1;
}
}