|
|
server {
|
|
|
# Base settings.
|
|
|
listen 80;
|
|
|
root {{ home }}/htdocs/;
|
|
|
index {{ index }};
|
|
|
server_name {{ fqdn }};
|
|
|
|
|
|
# HTTP (plaintext) configuration.
|
|
|
listen 80;
|
|
|
|
|
|
# HTTPS (TLS) configuration.
|
|
|
listen 443 ssl;
|
|
|
listen [::]:443 ssl;
|
|
|
ssl_certificate_key /etc/ssl/private/{{ https_tls_key | basename }};
|
|
|
ssl_certificate /etc/ssl/certs/{{ https_tls_certificate | basename }};
|
|
|
|
|
|
{% if rewrites -%}
|
|
|
# Generic URL rewrites.
|
|
|
{% for rewrite in rewrites -%}
|
|
|
rewrite {{ rewrite }};
|
|
|
{% endfor -%}
|
|
|
{% endif %}
|
|
|
|
|
|
{% if deny_files_regex -%}
|
|
|
# Deny access to user-specified files.
|
|
|
{% for regex in deny_files_regex -%}
|
|
|
location ~ {{ regex }} {
|
|
|
deny all;
|
|
|
}
|
|
|
{% endfor -%}
|
|
|
{% endif %}
|
|
|
|
|
|
# Interpret PHP files via FastCGI.
|
|
|
location ~ {{ php_file_regex }} {
|
|
|
include snippets/fastcgi-php.conf;
|
|
|
fastcgi_pass unix:/var/run/php5-fpm/{{ fqdn }}.sock;
|
|
|
}
|
|
|
|
|
|
# Serve the files.
|
|
|
location ~ /(.+) {
|