123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081 |
- {% if ansible_prolog -%}
- {% from 'templates/ansible/prolog.j2' import prolog with context %}
- {{ prolog() }}
- {% endif -%}
- # Nginx vhost for PHP system checks
- server {
- {% if phpsyscheck_vhostip or phpsyscheck_vhostport %}
- listen {% if phpsyscheck_vhostip %}{{ phpsyscheck_vhostip }}{% endif %}{% if phpsyscheck_vhostip and phpsyscheck_vhostport %}:{% endif %}{% if phpsyscheck_vhostport %}{{ phpsyscheck_vhostport }}{% endif %};
- {% endif %}
- server_name {{ phpsyscheck_vhostname }};
- access_log /var/log/nginx/sys.access.log main;
- error_log /var/log/nginx/sys.error.log;
- {% if phpsyscheck_ssl %}
- include letsencrypt;
- {% endif %}
- {% if phpsyscheck_ssl and ssl_certs_auto_installed.stdout_lines is defined and phpsyscheck_vhostname in ssl_certs_auto_installed.stdout_lines %}
- location / {
- return 301 https://{{ phpsyscheck_vhostname }}$request_uri;
- }
- {% else %}
- root /etc/phpsyscheck;
- index index.php;
- try_files $uri $uri/ /index.php;
- {% if phpsyscheck_http_auth %}
- location / {
- auth_basic "Restricted Access";
- auth_basic_user_file /etc/nginx/auth_admin;
- {% if phpsyscheck_http_whitelist_ip|length > 0 %}
- {% for ip in phpsyscheck_http_whitelist_ip %}
- allow {{ ip }};
- {% endfor %}
- deny all;
- satisfy any;
- {% endif %}
- }
- {% endif %}
- location ~ \.php(/|$) {
- include fastcgi_pass_fpm;
- }
- {% endif %}
- }
- {% if phpsyscheck_ssl and ssl_certs_auto_installed.stdout_lines is defined and phpsyscheck_vhostname in ssl_certs_auto_installed.stdout_lines %}
- server {
- listen {% if phpsyscheck_vhostip %}{{ phpsyscheck_vhostip }}:{% endif %}{% if phpsyscheck_vhostport %}{{ phpsyscheck_vhostport }}{% else %}443{% endif %} ssl;
- server_name {{ phpsyscheck_vhostname }};
- include vhost_ssl_auto-{{ phpsyscheck_vhostname }};
- access_log /var/log/nginx/sys.access.log main;
- error_log /var/log/nginx/sys.error.log;
- root /etc/phpsyscheck;
- index index.php;
- try_files $uri $uri/ /index.php;
- {% if phpsyscheck_http_auth %}
- auth_basic "Restricted Access";
- auth_basic_user_file /etc/nginx/auth_admin;
- {% if phpsyscheck_http_whitelist_ip|length > 0 %}
- {% for ip in phpsyscheck_http_whitelist_ip %}
- allow {{ ip }};
- {% endfor %}
- deny all;
- satisfy any;
- {% endif %}
- {% endif %}
- location ~ \.php(/|$) {
- include fastcgi_pass_fpm;
- }
- }
- {% endif %}
|