Home Explore Help
Sign In
kolter
/
ansible-playbooks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 3c98cd09ac
Branches Tags
ansible-playboo...
/
roles
/
webserver
/
templates
/
nginx
/
sys_vhost.j2

sys_vhost.j2 2.3 KB
History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879 
  1. {% if ansible_prolog -%}
    2. 

  2. {% from 'templates/ansible/prolog.j2' import prolog with context %}
    3. 

  3. {{ prolog() }}
    4. 

  4. {% endif -%}
    5. 

  5. # Nginx vhost for PHP system checks
    6. 

  6. 

  7. server {
    8. 

  8. {% if phpsyscheck_vhostip or phpsyscheck_vhostport %}
    9. 

  9.     listen {% if phpsyscheck_vhostip %}{{ phpsyscheck_vhostip }}{% endif %}{% if phpsyscheck_vhostip and phpsyscheck_vhostport %}:{% endif %}{% if phpsyscheck_vhostport %}{{ phpsyscheck_vhostport }}{% endif %};
    10. 

  10. {% endif %}
    11. 

  11. 

  12.     server_name {{ phpsyscheck_vhostname }};
    13. 

  13. 

  14.     access_log  /var/log/nginx/sys.access.log main;
    15. 

  15.     error_log   /var/log/nginx/sys.error.log;
    16. 

  16. 

  17. {% if phpsyscheck_ssl %}
    18. 

  18.     include letsencrypt;
    19. 

  19. {% endif %}
    20. 

  20. 

  21. {% if phpsyscheck_ssl and ssl_certs_auto_installed.stdout_lines is defined and phpsyscheck_vhostname in ssl_certs_auto_installed.stdout_lines %}
    22. 

  22.     location / {
    23. 

  23.         return 301 https://{{ phpsyscheck_vhostname }}$request_uri;
    24. 

  24.     }
    25. 

  25. {% else %}
    26. 

  26.     root /etc/phpsyscheck;
    27. 

  27.     index index.php;
    28. 

  28.     try_files $uri $uri/ /index.php;
    29. 

  29. 

  30. {% if phpsyscheck_http_auth %}
    31. 

  31.     auth_basic "Restricted Access";
    32. 

  32.     auth_basic_user_file /etc/nginx/auth_admin;
    33. 

  33. {% if phpsyscheck_http_whitelist_ip|length > 0 %}
    34. 

  34. {% for ip in phpsyscheck_http_whitelist_ip %}
    35. 

  35.     allow {{ ip }};
    36. 

  36. {% endfor %}
    37. 

  37.     deny all;
    38. 

  38.     satisfy any;
    39. 

  39. {% endif %}
    40. 

  40. {% endif %}
    41. 

  41. 

  42.     location ~ \.php(/|$) {
    43. 

  43.         include fastcgi_pass_fpm;
    44. 

  44.     }
    45. 

  45. {% endif %}
    46. 

  46. }
    47. 

  47. {% if phpsyscheck_ssl and ssl_certs_auto_installed.stdout_lines is defined and phpsyscheck_vhostname in ssl_certs_auto_installed.stdout_lines %}
    48. 

  48. 

  49. server {
    50. 

  50.     listen {% if phpsyscheck_vhostip %}{{ phpsyscheck_vhostip }}:{% endif %}{% if phpsyscheck_vhostport %}{{ phpsyscheck_vhostport }}{% else %}443{% endif %} ssl;
    51. 

  51. 

  52.     server_name {{ phpsyscheck_vhostname }};
    53. 

  53. 

  54.     include vhost_ssl_auto-{{ phpsyscheck_vhostname }};
    55. 

  55. 

  56.     access_log  /var/log/nginx/sys.access.log main;
    57. 

  57.     error_log   /var/log/nginx/sys.error.log;
    58. 

  58. 

  59.     root /etc/phpsyscheck;
    60. 

  60.     index index.php;
    61. 

  61.     try_files $uri $uri/ /index.php;
    62. 

  62. 

  63. {% if phpsyscheck_http_auth %}
    64. 

  64.     auth_basic "Restricted Access";
    65. 

  65.     auth_basic_user_file /etc/nginx/auth_admin;
    66. 

  66. {% if phpsyscheck_http_whitelist_ip|length > 0 %}
    67. 

  67. {% for ip in phpsyscheck_http_whitelist_ip %}
    68. 

  68.     allow {{ ip }};
    69. 

  69. {% endfor %}
    70. 

  70.     deny all;
    71. 

  71.     satisfy any;
    72. 

  72. {% endif %}
    73. 

  73. {% endif %}
    74. 

  74. 

  75.     location ~ \.php(/|$) {
    76. 

  76.         include fastcgi_pass_fpm;
    77. 

  77.     }
    78. 

  78. }
    79. 

  79. {% endif %}
    80.