pma_vhost.j2 3.3 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697
  1. {% if ansible_prolog -%}
  2. {% from 'templates/ansible/prolog.j2' import prolog with context %}
  3. {{ prolog() }}
  4. {% endif -%}
  5. # Nginx vhost for phpmyadmin
  6. server {
  7. {% if phpmyadmin_vhostip or phpmyadmin_vhostport %}
  8. listen {% if phpmyadmin_vhostip %}{{ phpmyadmin_vhostip }}{% endif %}{% if phpmyadmin_vhostip and phpmyadmin_vhostport %}:{% endif %}{% if phpmyadmin_vhostport %}{{ phpmyadmin_vhostport }}{% endif %};
  9. {% endif %}
  10. server_name {{ phpmyadmin_vhostname }};
  11. access_log /var/log/nginx/pma.access.log main;
  12. error_log /var/log/nginx/pma.error.log;
  13. {% if phpmyadmin_ssl %}
  14. include letsencrypt;
  15. {% endif %}
  16. {% if phpmyadmin_ssl and ssl_certs_auto_installed.stdout_lines is defined and phpmyadmin_vhostname in ssl_certs_auto_installed.stdout_lines %}
  17. location / {
  18. return 301 https://{{ phpmyadmin_vhostname }}$request_uri;
  19. }
  20. {% else %}
  21. root /usr/share/phpmyadmin;
  22. index index.php;
  23. try_files $uri $uri/ /index.php;
  24. {% if phpmyadmin_http_auth %}
  25. location / {
  26. auth_basic "Restricted Access";
  27. auth_basic_user_file /etc/nginx/auth_admin;
  28. {% if phpmyadmin_http_whitelist_ip|length > 0 %}
  29. {% for ip in phpmyadmin_http_whitelist_ip %}
  30. allow {{ ip }};
  31. {% endfor %}
  32. deny all;
  33. satisfy any;
  34. {% endif %}
  35. }
  36. {% endif %}
  37. client_max_body_size 128m;
  38. location ~ \.php(/|$) {
  39. include fastcgi_pass_fpm;
  40. fastcgi_read_timeout 300s;
  41. {% if nginx_fpm_openbasedir_enforced %}
  42. fastcgi_param PHP_ADMIN_VALUE "upload_tmp_dir=/tmp\nopen_basedir=$document_root:/etc/phpmyadmin:/var/lib/phpmyadmin:/tmp:/usr/share:/tmp:/dev/random:/dev/urandom\nmax_execution_time=300\nupload_max_filesize=128M\npost_max_size=128M\nmax_input_vars=10000";
  43. {% else %}
  44. fastcgi_param PHP_ADMIN_VALUE "max_execution_time=240\nupload_max_filesize=128M\npost_max_size=128M\nmax_input_vars=10000";
  45. {% endif %}
  46. }
  47. {% endif %}
  48. }
  49. {% if phpmyadmin_ssl and ssl_certs_auto_installed.stdout_lines is defined and phpmyadmin_vhostname in ssl_certs_auto_installed.stdout_lines %}
  50. server {
  51. listen {% if phpmyadmin_vhostip %}{{ phpmyadmin_vhostip }}:{% endif %}{% if phpmyadmin_vhostport %}{{ phpmyadmin_vhostport }}{% else %}443{% endif %} ssl;
  52. server_name {{ phpmyadmin_vhostname }};
  53. include vhost_ssl_auto-{{ phpmyadmin_vhostname }};
  54. access_log /var/log/nginx/pma.access.log main;
  55. error_log /var/log/nginx/pma.error.log;
  56. root /usr/share/phpmyadmin;
  57. index index.php;
  58. try_files $uri $uri/ /index.php;
  59. {% if phpmyadmin_http_auth %}
  60. auth_basic "Restricted Access";
  61. auth_basic_user_file /etc/nginx/auth_admin;
  62. {% if phpmyadmin_http_whitelist_ip|length > 0 %}
  63. {% for ip in phpmyadmin_http_whitelist_ip %}
  64. allow {{ ip }};
  65. {% endfor %}
  66. deny all;
  67. satisfy any;
  68. {% endif %}
  69. {% endif %}
  70. client_max_body_size 128m;
  71. location ~ \.php(/|$) {
  72. include fastcgi_pass_fpm;
  73. fastcgi_read_timeout 300s;
  74. {% if nginx_fpm_openbasedir_enforced %}
  75. fastcgi_param PHP_ADMIN_VALUE "upload_tmp_dir=/tmp\nopen_basedir=$document_root:/etc/phpmyadmin:/var/lib/phpmyadmin:/tmp:/usr/share:/tmp:/dev/random:/dev/urandom\nmax_execution_time=300\nupload_max_filesize=128M\npost_max_size=128M\nmax_input_vars=10000";
  76. {% else %}
  77. fastcgi_param PHP_ADMIN_VALUE "max_execution_time=240\nupload_max_filesize=128M\npost_max_size=128M\nmax_input_vars=10000";
  78. {% endif %}
  79. }
  80. }
  81. {% endif %}