ansible-personal/roles/nginx/templates/vhost.conf.j2

40 lines
1.3 KiB
Plaintext
Raw Normal View History

{% set domain_name = item.nginx_domain_name %}
{% set domain_aliases = item.nginx_domain_aliases | default("") %}
server {
listen 80;
root {{ nginx_root_prefix }}/{{ domain_name }};
server_name {{ domain_name }} {{ domain_aliases }};
access_log /var/log/nginx/{{ domain_name }}-access.log;
error_log /var/log/nginx/{{ domain_name }}-error.log;
location / {
try_files $uri $uri/ =404;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location ~ \.php$ {
# Zero-day exploit defense.
# http://forum.nginx.org/read.php?2,88845,page=3
# Won't work properly (404 error) if the file is not stored on this server, which is entirely possible with php-fpm/php-fcgi.
# Comment the 'try_files' line out if you set up php-fpm/php-fcgi on another machine. And then cross your fingers that you won't get hacked.
try_files $uri =404;
#NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm-{{ domain_name }}.sock;
fastcgi_index index.php;
# set script path relative to document root in server block
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}