Home Explore Help
Sign In
kolter
/
ansible-playbooks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 5d817082fb
Branches Tags
ansible-play...
/
roles
/
webserver
/
templates
/
nginx
/
sys_vhost.j2

sys_vhost.j2 2.3 KB
History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182 
  1. {% if ansible_controlled is defined and ansible_controlled != "" %}
    2. 

  2. #
    3. 

  3. # {{ ansible_controlled }}
    4. 

  4. #
    5. 

  5. {% endif %}
    6. 

  6. # Nginx vhost for PHP system checks
    7. 

  7. 

  8. server {
    9. 

  9. {% if phpsyscheck_vhostip or phpsyscheck_vhostport %}
    10. 

  10.     listen {% if phpsyscheck_vhostip %}{{ phpsyscheck_vhostip }}{% endif %}{% if phpsyscheck_vhostip and phpsyscheck_vhostport %}:{% endif %}{% if phpsyscheck_vhostport %}{{ phpsyscheck_vhostport }}{% endif %};
    11. 

  11. {% endif %}
    12. 

  12. 

  13.     server_name {{ phpsyscheck_vhostname }};
    14. 

  14. 

  15.     access_log  /var/log/nginx/sys.access.log main;
    16. 

  16.     error_log   /var/log/nginx/sys.error.log;
    17. 

  17. 

  18. {% if phpsyscheck_ssl %}
    19. 

  19.     include letsencrypt;
    20. 

  20. {% endif %}
    21. 

  21. 

  22. {% if phpsyscheck_ssl and ssl_certs_auto_installed.stdout_lines is defined and phpsyscheck_vhostname in ssl_certs_auto_installed.stdout_lines %}
    23. 

  23.     location / {
    24. 

  24.         return 301 https://{{ phpsyscheck_vhostname }}$request_uri;
    25. 

  25.     }
    26. 

  26. {% else %}
    27. 

  27.     root /etc/phpsyscheck;
    28. 

  28.     index index.php;
    29. 

  29.     try_files $uri $uri/ /index.php;
    30. 

  30. 

  31. {% if phpsyscheck_http_auth %}
    32. 

  32.     location / {
    33. 

  33.         auth_basic "Restricted Access";
    34. 

  34.         auth_basic_user_file /etc/nginx/auth_admin;
    35. 

  35. {% if phpsyscheck_http_whitelist_ip|length > 0 %}
    36. 

  36. {% for ip in phpsyscheck_http_whitelist_ip %}
    37. 

  37.         allow {{ ip }};
    38. 

  38. {% endfor %}
    39. 

  39.         deny all;
    40. 

  40.         satisfy any;
    41. 

  41. {% endif %}
    42. 

  42.     }
    43. 

  43. {% endif %}
    44. 

  44. 

  45.     location ~ \.php(/|$) {
    46. 

  46.         include fastcgi_pass_fpm;
    47. 

  47.     }
    48. 

  48. {% endif %}
    49. 

  49. }
    50. 

  50. {% if phpsyscheck_ssl and ssl_certs_auto_installed.stdout_lines is defined and phpsyscheck_vhostname in ssl_certs_auto_installed.stdout_lines %}
    51. 

  51. 

  52. server {
    53. 

  53.     listen {% if phpsyscheck_vhostip %}{{ phpsyscheck_vhostip }}:{% endif %}{% if phpsyscheck_vhostport %}{{ phpsyscheck_vhostport }}{% else %}443{% endif %} ssl;
    54. 

  54. 

  55.     server_name {{ phpsyscheck_vhostname }};
    56. 

  56. 

  57.     include vhost_ssl_auto-{{ phpsyscheck_vhostname }};
    58. 

  58. 

  59.     access_log  /var/log/nginx/sys.access.log main;
    60. 

  60.     error_log   /var/log/nginx/sys.error.log;
    61. 

  61. 

  62.     root /etc/phpsyscheck;
    63. 

  63.     index index.php;
    64. 

  64.     try_files $uri $uri/ /index.php;
    65. 

  65. 

  66. {% if phpsyscheck_http_auth %}
    67. 

  67.     auth_basic "Restricted Access";
    68. 

  68.     auth_basic_user_file /etc/nginx/auth_admin;
    69. 

  69. {% if phpsyscheck_http_whitelist_ip|length > 0 %}
    70. 

  70. {% for ip in phpsyscheck_http_whitelist_ip %}
    71. 

  71.     allow {{ ip }};
    72. 

  72. {% endfor %}
    73. 

  73.     deny all;
    74. 

  74.     satisfy any;
    75. 

  75. {% endif %}
    76. 

  76. {% endif %}
    77. 

  77. 

  78.     location ~ \.php(/|$) {
    79. 

  79.         include fastcgi_pass_fpm;
    80. 

  80.     }
    81. 

  81. }
    82. 

  82. {% endif %}
    83.