ansible-playbooks/roles/webserver/templates/nginx/pma_vhost.j2

{% if ansible_prolog -%}
{% from 'templates/ansible/prolog.j2' import prolog with context %}
{{ prolog() }}
{% endif -%}
# Nginx vhost for phpmyadmin

server {
{% if phpmyadmin_vhostip or phpmyadmin_vhostport %}
    listen {% if phpmyadmin_vhostip %}{{ phpmyadmin_vhostip }}{% endif %}{% if phpmyadmin_vhostip and phpmyadmin_vhostport %}:{% endif %}{% if phpmyadmin_vhostport %}{{ phpmyadmin_vhostport }}{% endif %};
{% endif %}

    server_name {{ phpmyadmin_vhostname }};

    access_log  /var/log/nginx/pma.access.log main;
    error_log   /var/log/nginx/pma.error.log;

{% if phpmyadmin_ssl %}
    include letsencrypt;
{% endif %}

{% if phpmyadmin_ssl and ssl_certs_auto_installed.stdout_lines is defined and phpmyadmin_vhostname in ssl_certs_auto_installed.stdout_lines %}
    location / {
        return 301 https://{{ phpmyadmin_vhostname }}$request_uri;
    }
{% else %}
    root /usr/share/phpmyadmin;
    index index.php;
    try_files $uri $uri/ /index.php;

{% if phpmyadmin_http_auth %}
    location / {
        auth_basic "Restricted Access";
        auth_basic_user_file /etc/nginx/auth_admin;
{% if phpmyadmin_http_whitelist_ip|length > 0 %}
{% for ip in phpmyadmin_http_whitelist_ip %}
        allow {{ ip }};
{% endfor %}
        deny all;
        satisfy any;
{% endif %}
    }
{% endif %}

    client_max_body_size 128m;

    location ~ \.php(/|$) {
        include fastcgi_pass_fpm;
        fastcgi_read_timeout 300s;
{% if nginx_fpm_openbasedir_enforced %}
        fastcgi_param PHP_ADMIN_VALUE "upload_tmp_dir=/tmp\nopen_basedir=$document_root:/etc/phpmyadmin:/var/lib/phpmyadmin:/tmp:/usr/share:/tmp:/dev/random:/dev/urandom\nmax_execution_time=300\nupload_max_filesize=128M\npost_max_size=128M\nmax_input_vars=10000";
{% else %}
        fastcgi_param PHP_ADMIN_VALUE "max_execution_time=240\nupload_max_filesize=128M\npost_max_size=128M\nmax_input_vars=10000";
{% endif %}
    }
{% endif %}
}
{% if phpmyadmin_ssl and ssl_certs_auto_installed.stdout_lines is defined and phpmyadmin_vhostname in ssl_certs_auto_installed.stdout_lines %}

server {
    listen {% if phpmyadmin_vhostip %}{{ phpmyadmin_vhostip }}:{% endif %}{% if phpmyadmin_vhostport %}{{ phpmyadmin_vhostport }}{% else %}443{% endif %} ssl;

    server_name {{ phpmyadmin_vhostname }};

    include vhost_ssl_auto-{{ phpmyadmin_vhostname }};

    access_log  /var/log/nginx/pma.access.log main;
    error_log   /var/log/nginx/pma.error.log;

    root /usr/share/phpmyadmin;
    index index.php;
    try_files $uri $uri/ /index.php;

{% if phpmyadmin_http_auth %}
    auth_basic "Restricted Access";
    auth_basic_user_file /etc/nginx/auth_admin;
{% if phpmyadmin_http_whitelist_ip|length > 0 %}
{% for ip in phpmyadmin_http_whitelist_ip %}
    allow {{ ip }};
{% endfor %}
    deny all;
    satisfy any;
{% endif %}
{% endif %}

    client_max_body_size 128m;

    location ~ \.php(/|$) {
        include fastcgi_pass_fpm;
        fastcgi_read_timeout 300s;
{% if nginx_fpm_openbasedir_enforced %}
        fastcgi_param PHP_ADMIN_VALUE "upload_tmp_dir=/tmp\nopen_basedir=$document_root:/etc/phpmyadmin:/var/lib/phpmyadmin:/tmp:/usr/share:/tmp:/dev/random:/dev/urandom\nmax_execution_time=300\nupload_max_filesize=128M\npost_max_size=128M\nmax_input_vars=10000";
{% else %}
        fastcgi_param PHP_ADMIN_VALUE "max_execution_time=240\nupload_max_filesize=128M\npost_max_size=128M\nmax_input_vars=10000";
{% endif %}
    }
}
{% endif %}