Home Explore Help
Sign In
kolter
/
ansible-playbooks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 11236da338
Branches Tags
ansible-play...
/
roles
/
webserver
/
templates
/
nginx
/
sys_vhost.j2

sys_vhost.j2 2.3 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081 
  1. {% if ansible_prolog -%}
    2. 

  2. {% from 'templates/ansible/prolog.j2' import prolog with context %}
    3. 

  3. {{ prolog() }}
    4. 

  4. {% endif -%}
    5. 

  5. # Nginx vhost for PHP system checks
    6. 

  6. 

  7. server {
    8. 

  8. {% if phpsyscheck_vhostip or phpsyscheck_vhostport %}
    9. 

  9.     listen {% if phpsyscheck_vhostip %}{{ phpsyscheck_vhostip }}{% endif %}{% if phpsyscheck_vhostip and phpsyscheck_vhostport %}:{% endif %}{% if phpsyscheck_vhostport %}{{ phpsyscheck_vhostport }}{% endif %};
    10. 

  10. {% endif %}
    11. 

  11. 

  12.     server_name {{ phpsyscheck_vhostname }};
    13. 

  13. 

  14.     access_log  /var/log/nginx/sys.access.log main;
    15. 

  15.     error_log   /var/log/nginx/sys.error.log;
    16. 

  16. 

  17. {% if phpsyscheck_ssl %}
    18. 

  18.     include letsencrypt;
    19. 

  19. {% endif %}
    20. 

  20. 

  21. {% if phpsyscheck_ssl and ssl_certs_auto_installed.stdout_lines is defined and phpsyscheck_vhostname in ssl_certs_auto_installed.stdout_lines %}
    22. 

  22.     location / {
    23. 

  23.         return 301 https://{{ phpsyscheck_vhostname }}$request_uri;
    24. 

  24.     }
    25. 

  25. {% else %}
    26. 

  26.     root /etc/phpsyscheck;
    27. 

  27.     index index.php;
    28. 

  28.     try_files $uri $uri/ /index.php;
    29. 

  29. 

  30. {% if phpsyscheck_http_auth %}
    31. 

  31.     location / {
    32. 

  32.         auth_basic "Restricted Access";
    33. 

  33.         auth_basic_user_file /etc/nginx/auth_admin;
    34. 

  34. {% if phpsyscheck_http_whitelist_ip|length > 0 %}
    35. 

  35. {% for ip in phpsyscheck_http_whitelist_ip %}
    36. 

  36.         allow {{ ip }};
    37. 

  37. {% endfor %}
    38. 

  38.         deny all;
    39. 

  39.         satisfy any;
    40. 

  40. {% endif %}
    41. 

  41.     }
    42. 

  42. {% endif %}
    43. 

  43. 

  44.     location ~ \.php(/|$) {
    45. 

  45.         include fastcgi_pass_fpm;
    46. 

  46.     }
    47. 

  47. {% endif %}
    48. 

  48. }
    49. 

  49. {% if phpsyscheck_ssl and ssl_certs_auto_installed.stdout_lines is defined and phpsyscheck_vhostname in ssl_certs_auto_installed.stdout_lines %}
    50. 

  50. 

  51. server {
    52. 

  52.     listen {% if phpsyscheck_vhostip %}{{ phpsyscheck_vhostip }}:{% endif %}{% if phpsyscheck_vhostport %}{{ phpsyscheck_vhostport }}{% else %}443{% endif %} ssl;
    53. 

  53. 

  54.     server_name {{ phpsyscheck_vhostname }};
    55. 

  55. 

  56.     include vhost_ssl_auto-{{ phpsyscheck_vhostname }};
    57. 

  57. 

  58.     access_log  /var/log/nginx/sys.access.log main;
    59. 

  59.     error_log   /var/log/nginx/sys.error.log;
    60. 

  60. 

  61.     root /etc/phpsyscheck;
    62. 

  62.     index index.php;
    63. 

  63.     try_files $uri $uri/ /index.php;
    64. 

  64. 

  65. {% if phpsyscheck_http_auth %}
    66. 

  66.     auth_basic "Restricted Access";
    67. 

  67.     auth_basic_user_file /etc/nginx/auth_admin;
    68. 

  68. {% if phpsyscheck_http_whitelist_ip|length > 0 %}
    69. 

  69. {% for ip in phpsyscheck_http_whitelist_ip %}
    70. 

  70.     allow {{ ip }};
    71. 

  71. {% endfor %}
    72. 

  72.     deny all;
    73. 

  73.     satisfy any;
    74. 

  74. {% endif %}
    75. 

  75. {% endif %}
    76. 

  76. 

  77.     location ~ \.php(/|$) {
    78. 

  78.         include fastcgi_pass_fpm;
    79. 

  79.     }
    80. 

  80. }
    81. 

  81. {% endif %}
    82.