sys_vhost.j2 2.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081
  1. {% if ansible_prolog -%}
  2. {% from 'templates/ansible/prolog.j2' import prolog with context %}
  3. {{ prolog() }}
  4. {% endif -%}
  5. # Nginx vhost for PHP system checks
  6. server {
  7. {% if phpsyscheck_vhostip or phpsyscheck_vhostport %}
  8. listen {% if phpsyscheck_vhostip %}{{ phpsyscheck_vhostip }}{% endif %}{% if phpsyscheck_vhostip and phpsyscheck_vhostport %}:{% endif %}{% if phpsyscheck_vhostport %}{{ phpsyscheck_vhostport }}{% endif %};
  9. {% endif %}
  10. server_name {{ phpsyscheck_vhostname }};
  11. access_log /var/log/nginx/sys.access.log main;
  12. error_log /var/log/nginx/sys.error.log;
  13. {% if phpsyscheck_ssl %}
  14. include letsencrypt;
  15. {% endif %}
  16. {% if phpsyscheck_ssl and ssl_certs_auto_installed.stdout_lines is defined and phpsyscheck_vhostname in ssl_certs_auto_installed.stdout_lines %}
  17. location / {
  18. return 301 https://{{ phpsyscheck_vhostname }}$request_uri;
  19. }
  20. {% else %}
  21. root /etc/phpsyscheck;
  22. index index.php;
  23. try_files $uri $uri/ /index.php;
  24. {% if phpsyscheck_http_auth %}
  25. location / {
  26. auth_basic "Restricted Access";
  27. auth_basic_user_file /etc/nginx/auth_admin;
  28. {% if phpsyscheck_http_whitelist_ip|length > 0 %}
  29. {% for ip in phpsyscheck_http_whitelist_ip %}
  30. allow {{ ip }};
  31. {% endfor %}
  32. deny all;
  33. satisfy any;
  34. {% endif %}
  35. }
  36. {% endif %}
  37. location ~ \.php(/|$) {
  38. include fastcgi_pass_fpm;
  39. }
  40. {% endif %}
  41. }
  42. {% if phpsyscheck_ssl and ssl_certs_auto_installed.stdout_lines is defined and phpsyscheck_vhostname in ssl_certs_auto_installed.stdout_lines %}
  43. server {
  44. listen {% if phpsyscheck_vhostip %}{{ phpsyscheck_vhostip }}:{% endif %}{% if phpsyscheck_vhostport %}{{ phpsyscheck_vhostport }}{% else %}443{% endif %} ssl;
  45. server_name {{ phpsyscheck_vhostname }};
  46. include vhost_ssl_auto-{{ phpsyscheck_vhostname }};
  47. access_log /var/log/nginx/sys.access.log main;
  48. error_log /var/log/nginx/sys.error.log;
  49. root /etc/phpsyscheck;
  50. index index.php;
  51. try_files $uri $uri/ /index.php;
  52. {% if phpsyscheck_http_auth %}
  53. auth_basic "Restricted Access";
  54. auth_basic_user_file /etc/nginx/auth_admin;
  55. {% if phpsyscheck_http_whitelist_ip|length > 0 %}
  56. {% for ip in phpsyscheck_http_whitelist_ip %}
  57. allow {{ ip }};
  58. {% endfor %}
  59. deny all;
  60. satisfy any;
  61. {% endif %}
  62. {% endif %}
  63. location ~ \.php(/|$) {
  64. include fastcgi_pass_fpm;
  65. }
  66. }
  67. {% endif %}