Alan Orth
162197ad25
Assumes you have a TLS cert for one domain, but not the others, ie: http://blah.com \ http://blah.net -> https://blah.io http://blah.org / Otherwise, without https, it creates a vhost with all domain names. Signed-off-by: Alan Orth <alan.orth@gmail.com>
63 lines
2.1 KiB
Django/Jinja
63 lines
2.1 KiB
Django/Jinja
{% set domain_name = item.nginx_domain_name %}
|
|
{% set domain_aliases = item.nginx_domain_aliases | default("") %}
|
|
{% set use_https = item.use_https | default("no") %}
|
|
|
|
{% if use_https == "yes" %}
|
|
# http -> https vhost
|
|
server {
|
|
listen 80;
|
|
server_name {{ domain_name }} {{ domain_aliases }};
|
|
|
|
# redirect http -> https
|
|
location / {
|
|
# ? in rewrite makes sure nginx doesn't append query string again
|
|
# see: http://wiki.nginx.org/NginxHttpRewriteModule#rewrite
|
|
rewrite ^ https://{{ domain_name }}$request_uri? permanent;
|
|
}
|
|
}
|
|
{% endif %}
|
|
|
|
server {
|
|
listen {% if use_https == "yes" %} 443 ssl spdy{% else %} 80{% endif %};
|
|
|
|
root {{ nginx_root_prefix }}/{{ domain_name }};
|
|
|
|
{# assumes you only want the main domain name listening for https #}
|
|
server_name {{ domain_name }} {% if use_https == "no" %} {{ domain_aliases }}{% endif %};
|
|
|
|
index index.php index.html;
|
|
|
|
access_log /var/log/nginx/{{ domain_name }}-access.log;
|
|
error_log /var/log/nginx/{{ domain_name }}-error.log;
|
|
|
|
{% if use_https == "yes" %}
|
|
{% include 'https.j2' %}
|
|
{% endif %}
|
|
|
|
location / {
|
|
try_files $uri $uri/ =404;
|
|
}
|
|
|
|
error_page 500 502 503 504 /50x.html;
|
|
location = /50x.html {
|
|
root /usr/share/nginx/html;
|
|
}
|
|
|
|
location ~ \.php$ {
|
|
# Zero-day exploit defense.
|
|
# http://forum.nginx.org/read.php?2,88845,page=3
|
|
# Won't work properly (404 error) if the file is not stored on this server, which is entirely possible with php-fpm/php-fcgi.
|
|
# Comment the 'try_files' line out if you set up php-fpm/php-fcgi on another machine. And then cross your fingers that you won't get hacked.
|
|
try_files $uri =404;
|
|
|
|
#NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
|
|
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
|
|
|
fastcgi_pass unix:/var/run/php5-fpm-{{ domain_name }}.sock;
|
|
fastcgi_index index.php;
|
|
# set script path relative to document root in server block
|
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
|
include fastcgi_params;
|
|
}
|
|
}
|