Strona główna Odkrywaj Pomoc
Zaloguj się
fphammerle
/
ansible-role-nginx
kopia lustrzana https://github.com/fphammerle/ansible-role-nginx
1
0
Forkuj 0
Pliki Problemy 0 Wiki
Gałąź: master
Gałęzie Tagi
ansible-role-ng...
/
templates
/
vhosts.j2

vhosts.j2 2.3 KB
Bezpośredni odnośnik Historia Czysty

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384 
  1. {% for x509 in vhosts_x509.results %}
    2. 

  2. 

  3. {%- set vhost = x509.vhost -%}
    4. 

  4. {%- set ssl = vhost.ssl | default(false) -%}
    5. 

  5. {%- set php_fastcgi = vhost.php_fastcgi | default(false) -%}
    6. 

  6. {%- set frame_options = vhost.frame_options | default('SAMEORIGIN') -%}
    7. 

  7. 

  8. server {
    9. 

  9. 

  10.     listen
    11. 

  11. {%- if ssl %}
    12. 

  12.  {{ vhost.listen | default('443') }} ssl
    13. 

  13. {%- else %}
    14. 

  14.  {{ vhost.listen | default('80') }}
    15. 

  15. {%- endif -%}
    16. 

  16. {%- if vhost.default_server | default(false) %}
    17. 

  17.  default_server
    18. 

  18. {%- endif -%}
    19. 

  19. ;
    20. 

  20. 

  21. {% if vhost.server_name is defined %}
    22. 

  22.     server_name {{ vhost.server_name }};
    23. 

  23. {% endif %}
    24. 

  24. 

  25. {% if ssl %}
    26. 

  26.     ssl_certificate "{{ x509.cert_path }}";
    27. 

  27.     ssl_certificate_key "{{ x509.key_path }}";
    28. 

  28. {% if vhost.strict_transport_security | default(false) %}
    29. 

  29.     add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; ";
    30. 

  30. {% endif %}
    31. 

  31. {% endif %}
    32. 

  32. 

  33. {% if vhost.root is defined %}
    34. 

  34.     root {{ vhost.root }};
    35. 

  35. {% endif %}
    36. 

  36. 

  37. {% if vhost.index is defined %}
    38. 

  38.     index {{ vhost.index }};
    39. 

  39. {% else %}
    40. 

  40.     index {% if php_fastcgi %}index.php {% endif %}index.html;
    41. 

  41. {% endif %}
    42. 

  42. 

  43. {% if vhost.error_page is defined %}
    44. 

  44.     error_page {{ vhost.error_page }};
    45. 

  45. {% endif %}
    46. 

  46. {% if vhost.access_log is defined %}
    47. 

  47.     access_log {{ vhost.access_log }};
    48. 

  48. {% endif %}
    49. 

  49. {% if vhost.error_log is defined %}
    50. 

  50.     error_log {{ vhost.error_log }} error;
    51. 

  51. {% endif %}
    52. 

  52. 

  53. {% if frame_options %}
    54. 

  54.     add_header X-Frame-Options {{frame_options}};
    55. 

  55. {% endif %}
    56. 

  56. 

  57. {% if vhost.return is defined %}
    58. 

  58.     return {{ vhost.return }};
    59. 

  59. {% endif %}
    60. 

  60. 

  61. {% if php_fastcgi %}
    62. 

  62.     location ~ [^/]\.php(/|$) {
    63. 

  63.         # correctly handle request like /test.php/foo/blah.php or /test.php/
    64. 

  64.         fastcgi_split_path_info ^(.+?\.php)(/.*)$;
    65. 

  65.         # check whether the *.php does indeed exist to prevent nginx
    66. 

  66.         # to feeding PHP FPM non php script file (like uploaded image)
    67. 

  67.         # (if instead of try_files due to nginx bug #321)
    68. 

  68.         if (!-f $document_root$fastcgi_script_name) {
    69. 

  69.             return 404;
    70. 

  70.         }
    71. 

  71.         # Mitigate https://httpoxy.org/ vulnerabilities
    72. 

  72.         fastcgi_param HTTP_PROXY "";
    73. 

  73.         fastcgi_pass unix:/var/run/php5-fpm.sock;
    74. 

  74.         fastcgi_index index.php;
    75. 

  75.         include fastcgi_params;
    76. 

  76.     }
    77. 

  77.     # https://www.nginx.com/resources/wiki/start/topics/examples/phpfcgi/
    78. 

  78. {% endif %}
    79. 

  79. 

  80. {% if vhost.extra_parameters is defined %}
    81. 

  81.     {{ vhost.extra_parameters|indent(4) }}
    82. 

  82. {% endif %}
    83. 

  83. }
    84. 

  84. {% endfor %}
    85.