pma_vhost.j2 3.3 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798
  1. {% if ansible_controlled is defined and ansible_controlled != "" %}
  2. #
  3. # {{ ansible_controlled }}
  4. #
  5. {% endif %}
  6. # Nginx vhost for phpmyadmin
  7. server {
  8. {% if phpmyadmin_vhostip or phpmyadmin_vhostport %}
  9. listen {% if phpmyadmin_vhostip %}{{ phpmyadmin_vhostip }}{% endif %}{% if phpmyadmin_vhostip and phpmyadmin_vhostport %}:{% endif %}{% if phpmyadmin_vhostport %}{{ phpmyadmin_vhostport }}{% endif %};
  10. {% endif %}
  11. server_name {{ phpmyadmin_vhostname }};
  12. access_log /var/log/nginx/pma.access.log main;
  13. error_log /var/log/nginx/pma.error.log;
  14. {% if phpmyadmin_ssl %}
  15. include letsencrypt;
  16. {% endif %}
  17. {% if phpmyadmin_ssl and ssl_certs_auto_installed.stdout_lines is defined and phpmyadmin_vhostname in ssl_certs_auto_installed.stdout_lines %}
  18. location / {
  19. return 301 https://{{ phpmyadmin_vhostname }}$request_uri;
  20. }
  21. {% else %}
  22. root /usr/share/phpmyadmin;
  23. index index.php;
  24. try_files $uri $uri/ /index.php;
  25. {% if phpmyadmin_http_auth %}
  26. location / {
  27. auth_basic "Restricted Access";
  28. auth_basic_user_file /etc/nginx/auth_admin;
  29. {% if phpmyadmin_http_whitelist_ip|length > 0 %}
  30. {% for ip in phpmyadmin_http_whitelist_ip %}
  31. allow {{ ip }};
  32. {% endfor %}
  33. deny all;
  34. satisfy any;
  35. {% endif %}
  36. }
  37. {% endif %}
  38. client_max_body_size 128m;
  39. location ~ \.php(/|$) {
  40. include fastcgi_pass_fpm;
  41. fastcgi_read_timeout 300s;
  42. {% if nginx_fpm_openbasedir_enforced %}
  43. fastcgi_param PHP_ADMIN_VALUE "upload_tmp_dir=/tmp\nopen_basedir=$document_root:/etc/phpmyadmin:/var/lib/phpmyadmin:/tmp:/usr/share:/tmp:/dev/random:/dev/urandom\nmax_execution_time=300\nupload_max_filesize=128M\npost_max_size=128M\nmax_input_vars=10000";
  44. {% else %}
  45. fastcgi_param PHP_ADMIN_VALUE "max_execution_time=240\nupload_max_filesize=128M\npost_max_size=128M\nmax_input_vars=10000";
  46. {% endif %}
  47. }
  48. {% endif %}
  49. }
  50. {% if phpmyadmin_ssl and ssl_certs_auto_installed.stdout_lines is defined and phpmyadmin_vhostname in ssl_certs_auto_installed.stdout_lines %}
  51. server {
  52. listen {% if phpmyadmin_vhostip %}{{ phpmyadmin_vhostip }}:{% endif %}{% if phpmyadmin_vhostport %}{{ phpmyadmin_vhostport }}{% else %}443{% endif %} ssl;
  53. server_name {{ phpmyadmin_vhostname }};
  54. include vhost_ssl_auto-{{ phpmyadmin_vhostname }};
  55. access_log /var/log/nginx/pma.access.log main;
  56. error_log /var/log/nginx/pma.error.log;
  57. root /usr/share/phpmyadmin;
  58. index index.php;
  59. try_files $uri $uri/ /index.php;
  60. {% if phpmyadmin_http_auth %}
  61. auth_basic "Restricted Access";
  62. auth_basic_user_file /etc/nginx/auth_admin;
  63. {% if phpmyadmin_http_whitelist_ip|length > 0 %}
  64. {% for ip in phpmyadmin_http_whitelist_ip %}
  65. allow {{ ip }};
  66. {% endfor %}
  67. deny all;
  68. satisfy any;
  69. {% endif %}
  70. {% endif %}
  71. client_max_body_size 128m;
  72. location ~ \.php(/|$) {
  73. include fastcgi_pass_fpm;
  74. fastcgi_read_timeout 300s;
  75. {% if nginx_fpm_openbasedir_enforced %}
  76. fastcgi_param PHP_ADMIN_VALUE "upload_tmp_dir=/tmp\nopen_basedir=$document_root:/etc/phpmyadmin:/var/lib/phpmyadmin:/tmp:/usr/share:/tmp:/dev/random:/dev/urandom\nmax_execution_time=300\nupload_max_filesize=128M\npost_max_size=128M\nmax_input_vars=10000";
  77. {% else %}
  78. fastcgi_param PHP_ADMIN_VALUE "max_execution_time=240\nupload_max_filesize=128M\npost_max_size=128M\nmax_input_vars=10000";
  79. {% endif %}
  80. }
  81. }
  82. {% endif %}