sys_vhost.j2 2.3 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182
  1. {% if ansible_controlled is defined and ansible_controlled != "" %}
  2. #
  3. # {{ ansible_controlled }}
  4. #
  5. {% endif %}
  6. # Nginx vhost for PHP system checks
  7. server {
  8. {% if phpsyscheck_vhostip or phpsyscheck_vhostport %}
  9. listen {% if phpsyscheck_vhostip %}{{ phpsyscheck_vhostip }}{% endif %}{% if phpsyscheck_vhostip and phpsyscheck_vhostport %}:{% endif %}{% if phpsyscheck_vhostport %}{{ phpsyscheck_vhostport }}{% endif %};
  10. {% endif %}
  11. server_name {{ phpsyscheck_vhostname }};
  12. access_log /var/log/nginx/sys.access.log main;
  13. error_log /var/log/nginx/sys.error.log;
  14. {% if phpsyscheck_ssl %}
  15. include letsencrypt;
  16. {% endif %}
  17. {% if phpsyscheck_ssl and ssl_certs_auto_installed.stdout_lines is defined and phpsyscheck_vhostname in ssl_certs_auto_installed.stdout_lines %}
  18. location / {
  19. return 301 https://{{ phpsyscheck_vhostname }}$request_uri;
  20. }
  21. {% else %}
  22. root /etc/phpsyscheck;
  23. index index.php;
  24. try_files $uri $uri/ /index.php;
  25. {% if phpsyscheck_http_auth %}
  26. location / {
  27. auth_basic "Restricted Access";
  28. auth_basic_user_file /etc/nginx/auth_admin;
  29. {% if phpsyscheck_http_whitelist_ip|length > 0 %}
  30. {% for ip in phpsyscheck_http_whitelist_ip %}
  31. allow {{ ip }};
  32. {% endfor %}
  33. deny all;
  34. satisfy any;
  35. {% endif %}
  36. }
  37. {% endif %}
  38. location ~ \.php(/|$) {
  39. include fastcgi_pass_fpm;
  40. }
  41. {% endif %}
  42. }
  43. {% if phpsyscheck_ssl and ssl_certs_auto_installed.stdout_lines is defined and phpsyscheck_vhostname in ssl_certs_auto_installed.stdout_lines %}
  44. server {
  45. listen {% if phpsyscheck_vhostip %}{{ phpsyscheck_vhostip }}:{% endif %}{% if phpsyscheck_vhostport %}{{ phpsyscheck_vhostport }}{% else %}443{% endif %} ssl;
  46. server_name {{ phpsyscheck_vhostname }};
  47. include vhost_ssl_auto-{{ phpsyscheck_vhostname }};
  48. access_log /var/log/nginx/sys.access.log main;
  49. error_log /var/log/nginx/sys.error.log;
  50. root /etc/phpsyscheck;
  51. index index.php;
  52. try_files $uri $uri/ /index.php;
  53. {% if phpsyscheck_http_auth %}
  54. auth_basic "Restricted Access";
  55. auth_basic_user_file /etc/nginx/auth_admin;
  56. {% if phpsyscheck_http_whitelist_ip|length > 0 %}
  57. {% for ip in phpsyscheck_http_whitelist_ip %}
  58. allow {{ ip }};
  59. {% endfor %}
  60. deny all;
  61. satisfy any;
  62. {% endif %}
  63. {% endif %}
  64. location ~ \.php(/|$) {
  65. include fastcgi_pass_fpm;
  66. }
  67. }
  68. {% endif %}