Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
- nginx: configuration file /etc/nginx/nginx.conf test is successful
- # configuration file /etc/nginx/nginx.conf:
- user www-data;
- worker_processes auto;
- pid /run/nginx.pid;
- include /etc/nginx/modules-enabled/*.conf;
- events {
- worker_connections 768;
- # multi_accept on;
- }
- http {
- include /etc/letsencrypt/le_http_01_cert_challenge.conf;
- server_names_hash_bucket_size 128;
- map $remote_addr $ip_anonym1 {
- default 0.0.0;
- "~(?P<ip>(\d+)\.(\d+)\.(\d+))\.\d+" $ip;
- "~(?P<ip>[^:]+:[^:]+):" $ip;
- }
- map $remote_addr $ip_anonym2 {
- default .0;
- "~(?P<ip>(\d+)\.(\d+)\.(\d+))\.\d+" .0;
- "~(?P<ip>[^:]+:[^:]+):" ::;
- }
- map $ip_anonym1$ip_anonym2 $ip_anonymized {
- default 0.0.0.0;
- "~(?P<ip>.*)" $ip;
- }
- log_format anonymized '$ip_anonymized - $remote_user [$time_local] '
- '"$request" $status $body_bytes_sent '
- '"$http_referer" "$http_user_agent"';
- # Basic Settings
- sendfile on;
- tcp_nopush on;
- tcp_nodelay on;
- keepalive_timeout 65;
- types_hash_max_size 2048;
- # server_tokens off;
- # server_names_hash_bucket_size 64;
- # server_name_in_redirect off;
- include /etc/nginx/mime.types;
- default_type application/octet-stream;
- ##
- # SSL Settings
- ##
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
- ssl_prefer_server_ciphers on;
- ##
- # Logging Settings
- ##
- access_log /var/log/nginx/access.log;
- error_log /var/log/nginx/error.log;
- ##
- # Gzip Settings
- ##
- gzip on;
- gzip_disable "msie6";
- # gzip_vary on;
- # gzip_proxied any;
- # gzip_comp_level 6;
- # gzip_buffers 16 8k;
- # gzip_http_version 1.1;
- # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
- ##
- # Virtual Host Configs
- ##
- include /etc/nginx/conf.d/*.conf;
- include /etc/nginx/sites-enabled/*;
- # Avoid 413 - Request Entity Too Large error
- client_max_body_size 20M;
- }
- # configuration file /etc/nginx/modules-enabled/50-mod-http-auth-pam.conf:
- load_module modules/ngx_http_auth_pam_module.so;
- # configuration file /etc/nginx/modules-enabled/50-mod-http-dav-ext.conf:
- load_module modules/ngx_http_dav_ext_module.so;
- # configuration file /etc/nginx/modules-enabled/50-mod-http-echo.conf:
- load_module modules/ngx_http_echo_module.so;
- # configuration file /etc/nginx/modules-enabled/50-mod-http-geoip.conf:
- load_module modules/ngx_http_geoip_module.so;
- # configuration file /etc/nginx/modules-enabled/50-mod-http-image-filter.conf:
- load_module modules/ngx_http_image_filter_module.so;
- # configuration file /etc/nginx/modules-enabled/50-mod-http-subs-filter.conf:
- load_module modules/ngx_http_subs_filter_module.so;
- # configuration file /etc/nginx/modules-enabled/50-mod-http-upstream-fair.conf:
- load_module modules/ngx_http_upstream_fair_module.so;
- # configuration file /etc/nginx/modules-enabled/50-mod-http-xslt-filter.conf:
- load_module modules/ngx_http_xslt_filter_module.so;
- # configuration file /etc/nginx/modules-enabled/50-mod-mail.conf:
- load_module modules/ngx_mail_module.so;
- # configuration file /etc/nginx/modules-enabled/50-mod-stream.conf:
- load_module modules/ngx_stream_module.so;
- # configuration file /etc/letsencrypt/le_http_01_cert_challenge.conf:
- server{listen 80;listen [::]:80;server_name example.org;root /var/lib/letsencrypt/http_01_nonexistent;location = /.well-known/acme-challenge/PlsQNg7nOVxIe6CwwGpco
- KTbSudji44JNZVQA57EyNE{default_type text/plain;return 200 PlsQNg7nOVxIe6CwwGpcoKTbSudji44JNZVQA57EyNE.7nkyfxInEw24UW4P7xfgJQGTMXYGQH_mzIOz6F0641Y;}}
- # configuration file /etc/nginx/mime.types:
- types {
- text/html html htm shtml;
- text/css css;
- text/xml xml;
- image/gif gif;
- image/jpeg jpeg jpg;
- application/javascript js;
- application/atom+xml atom;
- application/rss+xml rss;
- text/mathml mml;
- text/plain txt;
- text/vnd.sun.j2me.app-descriptor jad;
- text/vnd.wap.wml wml;
- text/x-component htc;
- image/png png;
- image/tiff tif tiff;
- image/vnd.wap.wbmp wbmp;
- image/x-icon ico;
- image/x-jng jng;
- image/x-ms-bmp bmp;
- image/svg+xml svg svgz;
- image/webp webp;
- application/font-woff woff;
- application/java-archive jar war ear;
- application/json json;
- application/mac-binhex40 hqx;
- application/msword doc;
- application/pdf pdf;
- application/postscript ps eps ai;
- application/rtf rtf;
- application/vnd.apple.mpegurl m3u8;
- application/vnd.ms-excel xls;
- application/vnd.ms-fontobject eot;
- application/vnd.ms-powerpoint ppt;
- application/vnd.wap.wmlc wmlc;
- application/vnd.google-earth.kml+xml kml;
- application/vnd.google-earth.kmz kmz;
- application/x-7z-compressed 7z;
- application/x-cocoa cco;
- application/x-java-archive-diff jardiff;
- application/x-java-jnlp-file jnlp;
- application/x-makeself run;
- application/x-perl pl pm;
- application/x-pilot prc pdb;
- application/x-rar-compressed rar;
- application/x-redhat-package-manager rpm;
- application/x-sea sea;
- application/x-shockwave-flash swf;
- application/x-stuffit sit;
- application/x-tcl tcl tk;
- application/x-x509-ca-cert der pem crt;
- application/x-xpinstall xpi;
- application/xhtml+xml xhtml;
- application/xspf+xml xspf;
- application/zip zip;
- application/octet-stream bin exe dll;
- application/octet-stream deb;
- application/octet-stream dmg;
- application/octet-stream iso img;
- application/octet-stream msi msp msm;
- application/vnd.openxmlformats-officedocument.wordprocessingml.document docx;
- application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx;
- application/vnd.openxmlformats-officedocument.presentationml.presentation pptx;
- audio/midi mid midi kar;
- audio/mpeg mp3;
- audio/ogg ogg;
- audio/x-m4a m4a;
- audio/x-realaudio ra;
- video/3gpp 3gpp 3gp;
- video/mp2t ts;
- video/mp4 mp4;
- video/mpeg mpeg mpg;
- video/quicktime mov;
- video/webm webm;
- video/x-flv flv;
- video/x-m4v m4v;
- video/x-mng mng;
- video/x-ms-asf asx asf;
- video/x-ms-wmv wmv;
- video/x-msvideo avi;
- }
- # configuration file /etc/nginx/conf.d/default.conf:
- server {
- listen 8000 default_server;
- listen [::]:8000 ipv6only=on default_server;
- server_name _;
- listen 443 ssl default_server;
- listen [::]:443 ssl ipv6only=on default_server;
- }
- # configuration file /etc/nginx/sites-enabled/000-apps.vhost:
- server {
- listen 8081;
- listen [::]:8081 ipv6only=on;
- ssl off;
- server_name _;
- root /var/www/apps;
- client_max_body_size 100M;
- location / {
- index index.php index.html;
- }
- # serve static files directly
- location ~* ^.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt)$ {
- access_log off;
- }
- location ~ \.php$ {
- try_files $uri =404;
- fastcgi_param QUERY_STRING $query_string;
- fastcgi_param REQUEST_METHOD $request_method;
- fastcgi_param CONTENT_TYPE $content_type;
- fastcgi_param CONTENT_LENGTH $content_length;
- fastcgi_param SCRIPT_FILENAME $request_filename;
- fastcgi_param SCRIPT_NAME $fastcgi_script_name;
- fastcgi_param REQUEST_URI $request_uri;
- fastcgi_param DOCUMENT_URI $document_uri;
- fastcgi_param DOCUMENT_ROOT $document_root;
- fastcgi_param SERVER_PROTOCOL $server_protocol;
- fastcgi_param GATEWAY_INTERFACE CGI/1.1;
- fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
- fastcgi_param HTTP_PROXY "";
- fastcgi_param REMOTE_ADDR $remote_addr;
- fastcgi_param REMOTE_PORT $remote_port;
- fastcgi_param SERVER_ADDR $server_addr;
- fastcgi_param SERVER_PORT $server_port;
- fastcgi_param SERVER_NAME $server_name;
- fastcgi_param HTTPS $https;
- # PHP only, required if PHP was built with --enable-force-cgi-redirect
- fastcgi_param REDIRECT_STATUS 200;
- fastcgi_pass unix:/var/lib/php7.0-fpm/apps.sock;
- fastcgi_index index.php;
- fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
- #fastcgi_param PATH_INFO $fastcgi_script_name;
- fastcgi_buffer_size 128k;
- fastcgi_buffers 256 4k;
- fastcgi_busy_buffers_size 256k;
- fastcgi_temp_file_write_size 256k;
- }
- location ~ /\. {
- deny all;
- }
- location /phpmyadmin {
- root /usr/share/;
- index index.php index.html index.htm;
- location ~ ^/phpmyadmin/(.+\.php)$ {
- try_files $uri =404;
- root /usr/share/;
- fastcgi_param QUERY_STRING $query_string;
- fastcgi_param REQUEST_METHOD $request_method;
- fastcgi_param CONTENT_TYPE $content_type;
- fastcgi_param CONTENT_LENGTH $content_length;
- fastcgi_param SCRIPT_FILENAME $request_filename;
- fastcgi_param SCRIPT_NAME $fastcgi_script_name;
- fastcgi_param REQUEST_URI $request_uri;
- fastcgi_param DOCUMENT_URI $document_uri;
- fastcgi_param DOCUMENT_ROOT $document_root;
- fastcgi_param SERVER_PROTOCOL $server_protocol;
- fastcgi_param GATEWAY_INTERFACE CGI/1.1;
- fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
- fastcgi_param REMOTE_ADDR $remote_addr;
- fastcgi_param REMOTE_PORT $remote_port;
- fastcgi_param SERVER_ADDR $server_addr;
- fastcgi_param SERVER_PORT $server_port;
- fastcgi_param SERVER_NAME $server_name;
- fastcgi_param HTTPS $https;
- # PHP only, required if PHP was built with --enable-force-cgi-redirect
- fastcgi_param REDIRECT_STATUS 200;
- # To access phpMyAdmin, the default user (like www-data on Debian/Ubuntu) must be used
- #fastcgi_pass 127.0.0.1:9000;
- fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
- fastcgi_index index.php;
- fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
- fastcgi_buffer_size 128k;
- fastcgi_buffers 256 4k;
- fastcgi_busy_buffers_size 256k;
- fastcgi_temp_file_write_size 256k;
- fastcgi_read_timeout 1200;
- }
- location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
- root /usr/share/;
- }
- }
- location /phpMyAdmin {
- rewrite ^/* /phpmyadmin last;
- }
- location /squirrelmail {
- root /usr/share/;
- index index.php index.html index.htm;
- location ~ ^/squirrelmail/(.+\.php)$ {
- try_files $uri =404;
- root /usr/share/;
- fastcgi_param QUERY_STRING $query_string;
- fastcgi_param REQUEST_METHOD $request_method;
- fastcgi_param CONTENT_TYPE $content_type;
- fastcgi_param CONTENT_LENGTH $content_length;
- fastcgi_param SCRIPT_FILENAME $request_filename;
- fastcgi_param SCRIPT_NAME $fastcgi_script_name;
- fastcgi_param REQUEST_URI $request_uri;
- fastcgi_param DOCUMENT_URI $document_uri;
- fastcgi_param DOCUMENT_ROOT $document_root;
- fastcgi_param SERVER_PROTOCOL $server_protocol;
- fastcgi_param GATEWAY_INTERFACE CGI/1.1;
- fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
- fastcgi_param REMOTE_ADDR $remote_addr;
- fastcgi_param REMOTE_PORT $remote_port;
- fastcgi_param SERVER_ADDR $server_addr;
- fastcgi_param SERVER_PORT $server_port;
- fastcgi_param SERVER_NAME $server_name;
- fastcgi_param HTTPS $https;
- # PHP only, required if PHP was built with --enable-force-cgi-redirect
- fastcgi_param REDIRECT_STATUS 200;
- # To access SquirrelMail, the default user (like www-data on Debian/Ubuntu) must be used
- #fastcgi_pass 127.0.0.1:9000;
- fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
- fastcgi_index index.php;
- fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
- fastcgi_buffer_size 128k;
- fastcgi_buffers 256 4k;
- fastcgi_busy_buffers_size 256k;
- fastcgi_temp_file_write_size 256k;
- }
- location ~* ^/squirrelmail/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
- root /usr/share/;
- }
- }
- location /webmail {
- rewrite ^/* /squirrelmail last;
- }
- location /cgi-bin/mailman {
- root /usr/lib/;
- fastcgi_split_path_info (^/cgi-bin/mailman/[^/]*)(.*)$;
- fastcgi_param QUERY_STRING $query_string;
- fastcgi_param REQUEST_METHOD $request_method;
- fastcgi_param CONTENT_TYPE $content_type;
- fastcgi_param CONTENT_LENGTH $content_length;
- fastcgi_param SCRIPT_FILENAME $request_filename;
- fastcgi_param SCRIPT_NAME $fastcgi_script_name;
- fastcgi_param REQUEST_URI $request_uri;
- fastcgi_param DOCUMENT_URI $document_uri;
- fastcgi_param DOCUMENT_ROOT $document_root;
- fastcgi_param SERVER_PROTOCOL $server_protocol;
- fastcgi_param GATEWAY_INTERFACE CGI/1.1;
- fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
- fastcgi_param REMOTE_ADDR $remote_addr;
- fastcgi_param REMOTE_PORT $remote_port;
- fastcgi_param SERVER_ADDR $server_addr;
- fastcgi_param SERVER_PORT $server_port;
- fastcgi_param SERVER_NAME $server_name;
- fastcgi_param HTTPS $https;
- # PHP only, required if PHP was built with --enable-force-cgi-redirect
- fastcgi_param REDIRECT_STATUS 200;
- fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
- fastcgi_param PATH_INFO $fastcgi_path_info;
- fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
- fastcgi_intercept_errors on;
- fastcgi_pass unix:/var/run/fcgiwrap.socket;
- }
- location /images/mailman {
- alias /usr/share/images/mailman;
- }
- location /pipermail {
- alias /var/lib/mailman/archives/public;
- autoindex on;
- }
- }
- # configuration file /etc/nginx/sites-enabled/000-ispconfig.vhost:
- server {
- listen 8080;
- listen [::]:8080 ipv6only=on;
- ssl on;
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
- ssl_certificate /usr/local/ispconfig/interface/ssl/ispserver.crt;
- ssl_certificate_key /usr/local/ispconfig/interface/ssl/ispserver.key;
- ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-
- RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:EC
- DHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:EC
- DHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
- ssl_prefer_server_ciphers on;
- # redirect to https if accessed with http
- error_page 497 https://$host:8080$request_uri;
- server_name _;
- root /usr/local/ispconfig/interface/web/;
- client_max_body_size 20M;
- location / {
- index index.php index.html;
- }
- # serve static files directly
- location ~* ^.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt)$ {
- access_log off;
- }
- location ~ \.php$ {
- try_files $uri =404;
- include /etc/nginx/fastcgi_params;
- fastcgi_pass unix:/var/lib/php7.0-fpm/ispconfig.sock;
- fastcgi_index index.php;
- fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
- fastcgi_buffer_size 128k;
- fastcgi_buffers 256 4k;
- fastcgi_busy_buffers_size 256k;
- fastcgi_temp_file_write_size 256k;
- fastcgi_read_timeout 1200;
- fastcgi_param HTTP_PROXY "";
- }
- location ~ /\. {
- deny all;
- }
- }
- # configuration file /etc/nginx/fastcgi_params:
- fastcgi_param QUERY_STRING $query_string;
- fastcgi_param REQUEST_METHOD $request_method;
- fastcgi_param CONTENT_TYPE $content_type;
- fastcgi_param CONTENT_LENGTH $content_length;
- fastcgi_param SCRIPT_NAME $fastcgi_script_name;
- fastcgi_param REQUEST_URI $request_uri;
- fastcgi_param DOCUMENT_URI $document_uri;
- fastcgi_param DOCUMENT_ROOT $document_root;
- fastcgi_param SERVER_PROTOCOL $server_protocol;
- fastcgi_param REQUEST_SCHEME $scheme;
- fastcgi_param HTTPS $https if_not_empty;
- fastcgi_param GATEWAY_INTERFACE CGI/1.1;
- fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
- fastcgi_param REMOTE_ADDR $remote_addr;
- fastcgi_param REMOTE_PORT $remote_port;
- fastcgi_param SERVER_ADDR $server_addr;
- fastcgi_param SERVER_PORT $server_port;
- fastcgi_param SERVER_NAME $server_name;
- # PHP only, required if PHP was built with --enable-force-cgi-redirect
- fastcgi_param REDIRECT_STATUS 200;
- # configuration file /etc/nginx/sites-enabled/100-domain2.com.vhost:
- server { # this block only redirects www to non www
- listen 1.2.3.4:443 ssl;
- server_name www.domain2.com;
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
- ssl_certificate /var/www/clients/client0/web3/ssl/domain2.com-le.crt;
- ssl_certificate_key /var/www/clients/client0/web3/ssl/domain2.com-le.key;
- return 301 https://domain2.com$request_uri;
- }
- server {
- listen 1.2.3.4:443 ssl;
- server_name domain2.com
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
- ssl_certificate /var/www/clients/client0/web3/ssl/domain2.com-le.crt;
- ssl_certificate_key /var/www/clients/client0/web3/ssl/domain2.com-le.key;
- location / {
- # Pass the request on to Varnish.
- proxy_pass http://127.0.0.1;
- # Pass some headers to the downstream server, so it can identify the host.
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto https;
- proxy_redirect off;
- }
- }
- server {
- listen 1.2.3.4:8082;
- # listen [::]:8082 ipv6only=on;
- server_name domain2.com www.domain2.com;
- root /var/www/domain2.com/web/public;
- # index index.html index.htm index.php index.cgi index.pl index.xhtml;
- location / {
- try_files $uri /index.php$is_args$args;
- }
- location ~ ^/index\.php(/|$) {
- fastcgi_pass 127.0.0.1:8998;
- fastcgi_split_path_info ^(.+\.php)(/.*)$;
- include fastcgi_params;
- fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
- fastcgi_param DOCUMENT_ROOT $realpath_root;
- internal;
- }
- location ~ \.php$ {
- # return 404;
- }
- error_log /var/log/ispconfig/httpd/domain2.com/error.log;
- access_log /var/log/ispconfig/httpd/domain2.com/access.log combined;
- location ~ /\. {
- deny all;
- }
- location ^~ /.well-known/acme-challenge/ {
- access_log off;
- log_not_found off;
- root /usr/local/ispconfig/interface/acme/;
- autoindex off;
- try_files $uri $uri/ =404;
- }
- location = /favicon.ico {
- log_not_found off;
- access_log off;
- expires max;
- add_header Cache-Control "public, must-revalidate, proxy-revalidate";
- }
- location = /robots.txt {
- allow all;
- log_not_found off;
- access_log off;
- }
- }
- # configuration file /etc/nginx/fastcgi_params:
- fastcgi_param QUERY_STRING $query_string;
- fastcgi_param REQUEST_METHOD $request_method;
- fastcgi_param CONTENT_TYPE $content_type;
- fastcgi_param CONTENT_LENGTH $content_length;
- fastcgi_param SCRIPT_NAME $fastcgi_script_name;
- fastcgi_param REQUEST_URI $request_uri;
- fastcgi_param DOCUMENT_URI $document_uri;
- fastcgi_param DOCUMENT_ROOT $document_root;
- fastcgi_param SERVER_PROTOCOL $server_protocol;
- fastcgi_param REQUEST_SCHEME $scheme;
- fastcgi_param HTTPS $https if_not_empty;
- fastcgi_param GATEWAY_INTERFACE CGI/1.1;
- fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
- fastcgi_param REMOTE_ADDR $remote_addr;
- fastcgi_param REMOTE_PORT $remote_port;
- fastcgi_param SERVER_ADDR $server_addr;
- fastcgi_param SERVER_PORT $server_port;
- fastcgi_param SERVER_NAME $server_name;
- # PHP only, required if PHP was built with --enable-force-cgi-redirect
- fastcgi_param REDIRECT_STATUS 200;
- # configuration file /etc/nginx/sites-enabled/100-other_domain.com.vhost:
- server { # this block only redirects www to non www
- listen 5.6.7.8:443 ssl;
- server_name www.other_domain.com;
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
- ssl_certificate /var/www/clients/client0/web4/ssl/other_domain.com-le.crt;
- ssl_certificate_key /var/www/clients/client0/web4/ssl/other_domain.com-le.key;
- return 301 https://other_domain.com$request_uri;
- }
- server {
- listen 5.6.7.8:443 ssl;
- server_name other_domain.com;
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
- ssl_certificate /var/www/clients/client0/web4/ssl/other_domain.com-le.crt;
- ssl_certificate_key /var/www/clients/client0/web4/ssl/other_domain.com-le.key;
- location / {
- # Pass the request on to Varnish.
- proxy_pass http://127.0.0.1;
- # Pass some headers to the downstream server, so it can identify the host.
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- # Tell any web apps like Drupal that the session is HTTPS.
- proxy_set_header X-Forwarded-Proto https;
- proxy_redirect off;
- }
- }
- server {
- listen 5.6.7.8:8083;
- # listen [::]:8083 ipv6only=on;
- server_name other_domain.com;
- root /var/www/other_domain.com/web/public;
- location / {
- try_files $uri /index.php$is_args$args;
- }
- location ~ ^/index\.php(/|$) {
- fastcgi_pass 127.0.0.1:8998;
- fastcgi_split_path_info ^(.+\.php)(/.*)$;
- include fastcgi_params;
- fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
- fastcgi_param DOCUMENT_ROOT $realpath_root;
- internal;
- }
- location ~ \.php$ {
- return 404;
- }
- location ~ /\. {
- deny all;
- }
- location ^~ /.well-known/acme-challenge/ {
- access_log off;
- log_not_found off;
- root /usr/local/ispconfig/interface/acme/;
- autoindex off;
- try_files $uri $uri/ =404;
- }
- location = /favicon.ico {
- log_not_found off;
- access_log off;
- expires max;
- }
- location = /robots.txt {
- allow all;
- log_not_found off;
- access_log off;
- }
- }
- # configuration file /etc/nginx/fastcgi_params:
- fastcgi_param QUERY_STRING $query_string;
- fastcgi_param REQUEST_METHOD $request_method;
- fastcgi_param CONTENT_TYPE $content_type;
- fastcgi_param CONTENT_LENGTH $content_length;
- fastcgi_param SCRIPT_NAME $fastcgi_script_name;
- fastcgi_param REQUEST_URI $request_uri;
- fastcgi_param DOCUMENT_URI $document_uri;
- fastcgi_param DOCUMENT_ROOT $document_root;
- fastcgi_param SERVER_PROTOCOL $server_protocol;
- fastcgi_param REQUEST_SCHEME $scheme;
- fastcgi_param HTTPS $https if_not_empty;
- fastcgi_param GATEWAY_INTERFACE CGI/1.1;
- fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
- fastcgi_param REMOTE_ADDR $remote_addr;
- fastcgi_param REMOTE_PORT $remote_port;
- fastcgi_param SERVER_ADDR $server_addr;
- fastcgi_param SERVER_PORT $server_port;
- fastcgi_param SERVER_NAME $server_name;
- # PHP only, required if PHP was built with --enable-force-cgi-redirect
- fastcgi_param REDIRECT_STATUS 200;
- # configuration file /etc/nginx/sites-enabled/100-www.example.org.vhost:
- server { # this block only redirects www to non www
- listen 8.9.10.11.233:443 ssl;
- server_name example.org;
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
- ssl_certificate /var/www/clients/client1/web5/ssl/www.example.org-le.crt;
- ssl_certificate_key /var/www/clients/client1/web5/ssl/www.example.org-le.key;
- return 301 https://www.example.org$request_uri;
- }
- server {
- listen 8.9.10.11.233:443 ssl;
- server_name www.example.org;
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
- ssl_certificate /var/www/clients/client1/web5/ssl/www.example.org-le.crt;
- ssl_certificate_key /var/www/clients/client1/web5/ssl/www.example.org-le.key;
- location / {
- # Pass the request on to Varnish.
- proxy_pass http://127.0.0.1;
- # Pass some headers to the downstream server, so it can identify the host.
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_buffer_size 128k;
- proxy_buffers 4 256k;
- proxy_busy_buffers_size 256k;
- proxy_set_header X-Forwarded-Proto https;
- proxy_redirect off;
- }
- }
- server {
- listen 8.9.10.11.233:8084;
- # listen [::]:8084 ipv6only=on;
- server_name www.example.org example.org;
- root /var/www/www.example.org/web/docroot;
- location = /favicon.ico {
- log_not_found off;
- access_log off;
- }
- location = /robots.txt {
- allow all;
- log_not_found off;
- access_log off;
- }
- # Very rarely should these ever be accessed outside of your lan
- location ~* \.(txt|log)$ {
- allow 192.168.0.0/16;
- deny all;
- }
- location ~ \..*/.*\.php$ {
- return 403;
- }
- location ~ ^/sites/.*/private/ {
- return 403;
- }
- # Block access to scripts in site files directory
- location ~ ^/sites/[^/]+/files/.*\.php$ {
- deny all;
- }
- # Allow "Well-Known URIs" as per RFC 5785
- location ~* ^/.well-known/ {
- allow all;
- }
- # Block access to "hidden" files and directories whose names begin with a
- # period. This includes directories used by version control systems such
- # as Subversion or Git to store control files.
- location ~ (^|/)\. {
- return 403;
- }
- location / {
- try_files $uri /index.php?$query_string;
- }
- location @rewrite {
- rewrite ^/(.*)$ /index.php?q=$1;
- }
- # Don't allow direct access to PHP files in the vendor directory.
- location ~ /vendor/.*\.php$ {
- deny all;
- return 404;
- }
- location ~ '\.php$|^/update.php' {
- # Ensure the php file exists. Mitigates CVE-2019-11043
- try_files $uri =404;
- fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
- # See http://serverfault.com/q/627903/94922 for details.
- include fastcgi_params;
- # Block httproxy attacks. See https://httpoxy.org/.
- fastcgi_param HTTP_PROXY "";
- fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
- fastcgi_param PATH_INFO $fastcgi_path_info;
- fastcgi_param QUERY_STRING $query_string;
- fastcgi_intercept_errors on;
- fastcgi_buffers 16 16k;
- fastcgi_buffer_size 32k;
- # PHP 7.2 socket location (from /opt/php-7.2/etc/php-fpm.d/www.conf)
- fastcgi_pass 127.0.0.1:8998;
- }
- # Fighting with Styles? This little gem is amazing.
- location ~ ^/sites/.*/files/styles/ { # For Drupal >= 7
- try_files $uri @rewrite;
- }
- # Handle private files through Drupal. Private file's path can come
- # with a language prefix.
- location ~ ^(/[a-z\-]+)?/system/files/ { # For Drupal >= 7
- try_files $uri /index.php?$query_string;
- }
- location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
- try_files $uri @rewrite;
- expires max;
- log_not_found off;
- }
- if ($request_uri ~* "^(.*/)index\.php(.*)") {
- return 307 $1$2;
- }
- }
- # configuration file /etc/nginx/fastcgi_params:
- fastcgi_param QUERY_STRING $query_string;
- fastcgi_param REQUEST_METHOD $request_method;
- fastcgi_param CONTENT_TYPE $content_type;
- fastcgi_param CONTENT_LENGTH $content_length;
- fastcgi_param SCRIPT_NAME $fastcgi_script_name;
- fastcgi_param REQUEST_URI $request_uri;
- fastcgi_param DOCUMENT_URI $document_uri;
- fastcgi_param DOCUMENT_ROOT $document_root;
- fastcgi_param SERVER_PROTOCOL $server_protocol;
- fastcgi_param REQUEST_SCHEME $scheme;
- fastcgi_param HTTPS $https if_not_empty;
- fastcgi_param GATEWAY_INTERFACE CGI/1.1;
- fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
- fastcgi_param REMOTE_ADDR $remote_addr;
- fastcgi_param REMOTE_PORT $remote_port;
- fastcgi_param SERVER_ADDR $server_addr;
- fastcgi_param SERVER_PORT $server_port;
- fastcgi_param SERVER_NAME $server_name;
- # PHP only, required if PHP was built with --enable-force-cgi-redirect
- fastcgi_param REDIRECT_STATUS 200;
Add Comment
Please, Sign In to add comment