{% if ansible_controlled is defined and ansible_controlled != "" %} # # {{ ansible_controlled }} # {% endif %} # Nginx vhost for PHP system checks server { {% if phpsyscheck_vhostip or phpsyscheck_vhostport %} listen {% if phpsyscheck_vhostip %}{{ phpsyscheck_vhostip }}{% endif %}{% if phpsyscheck_vhostip and phpsyscheck_vhostport %}:{% endif %}{% if phpsyscheck_vhostport %}{{ phpsyscheck_vhostport }}{% endif %}; {% endif %} server_name {{ phpsyscheck_vhostname }}; access_log /var/log/nginx/sys.access.log main; error_log /var/log/nginx/sys.error.log; {% if phpsyscheck_ssl %} include letsencrypt; {% endif %} {% if phpsyscheck_ssl and ssl_certs_auto_installed.stdout_lines is defined and phpsyscheck_vhostname in ssl_certs_auto_installed.stdout_lines %} location / { return 301 https://{{ phpsyscheck_vhostname }}$request_uri; } {% else %} root /etc/phpsyscheck; index index.php; try_files $uri $uri/ /index.php; {% if phpsyscheck_http_auth %} location / { auth_basic "Restricted Access"; auth_basic_user_file /etc/nginx/auth_admin; {% if phpsyscheck_http_whitelist_ip|length > 0 %} {% for ip in phpsyscheck_http_whitelist_ip %} allow {{ ip }}; {% endfor %} deny all; satisfy any; {% endif %} } {% endif %} location ~ \.php(/|$) { include fastcgi_pass_fpm; } {% endif %} } {% if phpsyscheck_ssl and ssl_certs_auto_installed.stdout_lines is defined and phpsyscheck_vhostname in ssl_certs_auto_installed.stdout_lines %} server { listen {% if phpsyscheck_vhostip %}{{ phpsyscheck_vhostip }}:{% endif %}{% if phpsyscheck_vhostport %}{{ phpsyscheck_vhostport }}{% else %}443{% endif %} ssl; server_name {{ phpsyscheck_vhostname }}; include vhost_ssl_auto-{{ phpsyscheck_vhostname }}; access_log /var/log/nginx/sys.access.log main; error_log /var/log/nginx/sys.error.log; root /etc/phpsyscheck; index index.php; try_files $uri $uri/ /index.php; {% if phpsyscheck_http_auth %} auth_basic "Restricted Access"; auth_basic_user_file /etc/nginx/auth_admin; {% if phpsyscheck_http_whitelist_ip|length > 0 %} {% for ip in phpsyscheck_http_whitelist_ip %} allow {{ ip }}; {% endfor %} deny all; satisfy any; {% endif %} {% endif %} location ~ \.php(/|$) { include fastcgi_pass_fpm; } } {% endif %}