Files @ dfb91e411e40
Branch filter:

Location: majic-ansible-roles/roles/php_website/templates/nginx_site.j2

dfb91e411e40 1.6 KiB text/plain Show Annotation Show as Raw Download as Raw
branko
MAR-46: Intorduced additional options to web server, PHP website, and WSGI website roles for controling if HTTPS access is enforced (HTTP redirected to HTTPS) or not. Defaults to enforcing HTTPS now. Updated docs for the new parameters.
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
{% if enforce_https -%}
server {
    # HTTP (plaintext) configuration.
    listen 80;
    server_name {{ fqdn }};

    # Redirect plaintext connections to HTTPS
    return 301 https://$host$request_uri;
}

{% endif -%}
server {
    # Base settings.
    root {{ home }}/htdocs/;
    index {{ index }};
    server_name {{ fqdn }};
{% if not enforce_https %}

    # HTTP (plaintext) configuration.
    listen 80;

{% endif %}
    # HTTPS (TLS) configuration.
    listen 443 ssl;
    listen [::]:443 ssl;
    ssl_certificate_key /etc/ssl/private/{{ https_tls_key | basename }};
    ssl_certificate /etc/ssl/certs/{{ https_tls_certificate | basename }};

    {% if rewrites -%}
    # Generic URL rewrites.
    {% for rewrite in rewrites -%}
    rewrite {{ rewrite }};
    {% endfor -%}
    {% endif %}

    {% if deny_files_regex -%}
    # Deny access to user-specified files.
    {% for regex in deny_files_regex -%}
    location ~ {{ regex }} {
        deny all;
    }
    {% endfor -%}
    {% endif %}

    # Interpret PHP files via FastCGI.
    location ~ {{ php_file_regex }} {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/var/run/php5-fpm/{{ fqdn }}.sock;
    }

    # Serve the files.
    location ~ /(.+) {
	try_files $uri $uri/{% if php_rewrite_urls %} @php_rewrite{% endif %};
    }

    {% if php_rewrite_urls -%}
    # Apply URL rewrites.
    location @php_rewrite {
    {% for rewrite in php_rewrite_urls %}
    rewrite {{ rewrite }};
    {% endfor -%}
    }
    {% endif -%}

    access_log /var/log/nginx/{{ fqdn }}-access.log;
    error_log /var/log/nginx/{{ fqdn }}-error.log;
}
This site is powered by Kallithea 0.7.0, which is © 2010–2025 by various authors & licensed under GPLv3.