API tools faq
paste
Guest User

nginx -T output

a guest
Jun 27th, 2020
251
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 42.26 KB | None | 0 0
raw download clone embed print report
  1. nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
  2. nginx: configuration file /etc/nginx/nginx.conf test is successful
  3.  
  4. # configuration file /etc/nginx/nginx.conf:
  5. user www-data;
  6. worker_processes auto;
  7. pid /run/nginx.pid;
  8. include /etc/nginx/modules-enabled/*.conf;
  9.  
  10. events {
  11.        worker_connections 768;
  12.        # multi_accept on;
  13. }
  14.  
  15.  
  16. http {
  17.  
  18. include /etc/letsencrypt/le_http_01_cert_challenge.conf;
  19. server_names_hash_bucket_size 128;
  20.  
  21. map $remote_addr $ip_anonym1 {
  22. default 0.0.0;
  23. "~(?P<ip>(\d+)\.(\d+)\.(\d+))\.\d+" $ip;
  24. "~(?P<ip>[^:]+:[^:]+):" $ip;
  25. }
  26.  
  27. map $remote_addr $ip_anonym2 {
  28. default .0;
  29. "~(?P<ip>(\d+)\.(\d+)\.(\d+))\.\d+" .0;
  30. "~(?P<ip>[^:]+:[^:]+):" ::;
  31. }
  32.  
  33. map $ip_anonym1$ip_anonym2 $ip_anonymized {
  34. default 0.0.0.0;
  35. "~(?P<ip>.*)" $ip;
  36. }
  37.  
  38. log_format anonymized '$ip_anonymized - $remote_user [$time_local] '
  39. '"$request" $status $body_bytes_sent '
  40. '"$http_referer" "$http_user_agent"';
  41.  
  42.  
  43. # Basic Settings
  44. sendfile on;
  45. tcp_nopush on;
  46. tcp_nodelay on;
  47. keepalive_timeout 65;
  48. types_hash_max_size 2048;
  49. # server_tokens off;
  50. # server_names_hash_bucket_size 64;
  51. # server_name_in_redirect off;
  52.  
  53. include /etc/nginx/mime.types;
  54. default_type application/octet-stream;
  55.  
  56. ##
  57. # SSL Settings
  58. ##
  59. ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
  60. ssl_prefer_server_ciphers on;
  61.  
  62. ##
  63. # Logging Settings
  64. ##
  65. access_log /var/log/nginx/access.log;
  66. error_log /var/log/nginx/error.log;
  67.  
  68. ##
  69. # Gzip Settings
  70. ##
  71.  
  72. gzip on;
  73. gzip_disable "msie6";
  74.  
  75. # gzip_vary on;
  76. # gzip_proxied any;
  77. # gzip_comp_level 6;
  78. # gzip_buffers 16 8k;
  79. # gzip_http_version 1.1;
  80. # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
  81.  
  82. ##
  83. # Virtual Host Configs
  84. ##
  85.  
  86. include /etc/nginx/conf.d/*.conf;
  87. include /etc/nginx/sites-enabled/*;
  88.  
  89. # Avoid 413 - Request Entity Too Large error
  90. client_max_body_size 20M;
  91.  
  92.  
  93. }
  94.  
  95. # configuration file /etc/nginx/modules-enabled/50-mod-http-auth-pam.conf:
  96. load_module modules/ngx_http_auth_pam_module.so;
  97.  
  98. # configuration file /etc/nginx/modules-enabled/50-mod-http-dav-ext.conf:
  99. load_module modules/ngx_http_dav_ext_module.so;
  100.  
  101. # configuration file /etc/nginx/modules-enabled/50-mod-http-echo.conf:
  102. load_module modules/ngx_http_echo_module.so;
  103.  
  104. # configuration file /etc/nginx/modules-enabled/50-mod-http-geoip.conf:
  105. load_module modules/ngx_http_geoip_module.so;
  106.  
  107. # configuration file /etc/nginx/modules-enabled/50-mod-http-image-filter.conf:
  108. load_module modules/ngx_http_image_filter_module.so;
  109.  
  110. # configuration file /etc/nginx/modules-enabled/50-mod-http-subs-filter.conf:
  111. load_module modules/ngx_http_subs_filter_module.so;
  112.  
  113. # configuration file /etc/nginx/modules-enabled/50-mod-http-upstream-fair.conf:
  114. load_module modules/ngx_http_upstream_fair_module.so;
  115.  
  116. # configuration file /etc/nginx/modules-enabled/50-mod-http-xslt-filter.conf:
  117. load_module modules/ngx_http_xslt_filter_module.so;
  118.  
  119. # configuration file /etc/nginx/modules-enabled/50-mod-mail.conf:
  120. load_module modules/ngx_mail_module.so;
  121.  
  122. # configuration file /etc/nginx/modules-enabled/50-mod-stream.conf:
  123. load_module modules/ngx_stream_module.so;
  124.  
  125. # configuration file /etc/letsencrypt/le_http_01_cert_challenge.conf:
  126. server{listen 80;listen [::]:80;server_name example.org;root /var/lib/letsencrypt/http_01_nonexistent;location = /.well-known/acme-challenge/PlsQNg7nOVxIe6CwwGpco
  127. KTbSudji44JNZVQA57EyNE{default_type text/plain;return 200 PlsQNg7nOVxIe6CwwGpcoKTbSudji44JNZVQA57EyNE.7nkyfxInEw24UW4P7xfgJQGTMXYGQH_mzIOz6F0641Y;}}
  128. # configuration file /etc/nginx/mime.types:
  129.  
  130. types {
  131.    text/html                             html htm shtml;
  132.    text/css                              css;
  133.    text/xml                              xml;
  134.    image/gif                             gif;
  135.    image/jpeg                            jpeg jpg;
  136.    application/javascript                js;
  137.    application/atom+xml                  atom;
  138.    application/rss+xml                   rss;
  139.  
  140.    text/mathml                           mml;
  141.    text/plain                            txt;
  142.    text/vnd.sun.j2me.app-descriptor      jad;
  143.    text/vnd.wap.wml                      wml;
  144.    text/x-component                      htc;
  145.  
  146.    image/png                             png;
  147.    image/tiff                            tif tiff;
  148.    image/vnd.wap.wbmp                    wbmp;
  149.    image/x-icon                          ico;
  150.    image/x-jng                           jng;
  151.    image/x-ms-bmp                        bmp;
  152.    image/svg+xml                         svg svgz;
  153.    image/webp                            webp;
  154.  
  155.    application/font-woff                 woff;
  156.    application/java-archive              jar war ear;
  157.    application/json                      json;
  158.    application/mac-binhex40              hqx;
  159.    application/msword                    doc;
  160.    application/pdf                       pdf;
  161.    application/postscript                ps eps ai;
  162.    application/rtf                       rtf;
  163.    application/vnd.apple.mpegurl         m3u8;
  164.    application/vnd.ms-excel              xls;
  165.    application/vnd.ms-fontobject         eot;
  166.    application/vnd.ms-powerpoint         ppt;
  167.    application/vnd.wap.wmlc              wmlc;
  168.    application/vnd.google-earth.kml+xml  kml;
  169.    application/vnd.google-earth.kmz      kmz;
  170.    application/x-7z-compressed           7z;
  171.    application/x-cocoa                   cco;
  172.    application/x-java-archive-diff       jardiff;
  173.    application/x-java-jnlp-file          jnlp;
  174.    application/x-makeself                run;
  175.    application/x-perl                    pl pm;
  176.    application/x-pilot                   prc pdb;
  177.    application/x-rar-compressed          rar;
  178.    application/x-redhat-package-manager  rpm;
  179.    application/x-sea                     sea;
  180.    application/x-shockwave-flash         swf;
  181.    application/x-stuffit                 sit;
  182.    application/x-tcl                     tcl tk;
  183.    application/x-x509-ca-cert            der pem crt;
  184.    application/x-xpinstall               xpi;
  185.    application/xhtml+xml                 xhtml;
  186.    application/xspf+xml                  xspf;
  187.    application/zip                       zip;
  188.  
  189.    application/octet-stream              bin exe dll;
  190.    application/octet-stream              deb;
  191.    application/octet-stream              dmg;
  192.    application/octet-stream              iso img;
  193.    application/octet-stream              msi msp msm;
  194.  
  195.    application/vnd.openxmlformats-officedocument.wordprocessingml.document    docx;
  196.    application/vnd.openxmlformats-officedocument.spreadsheetml.sheet          xlsx;
  197.    application/vnd.openxmlformats-officedocument.presentationml.presentation  pptx;
  198.  
  199.    audio/midi                            mid midi kar;
  200.    audio/mpeg                            mp3;
  201.    audio/ogg                             ogg;
  202.    audio/x-m4a                           m4a;
  203.    audio/x-realaudio                     ra;
  204.  
  205.    video/3gpp                            3gpp 3gp;
  206.    video/mp2t                            ts;
  207.    video/mp4                             mp4;
  208.    video/mpeg                            mpeg mpg;
  209.    video/quicktime                       mov;
  210.    video/webm                            webm;
  211.    video/x-flv                           flv;
  212.    video/x-m4v                           m4v;
  213.    video/x-mng                           mng;
  214.    video/x-ms-asf                        asx asf;
  215.    video/x-ms-wmv                        wmv;
  216.    video/x-msvideo                       avi;
  217. }
  218.  
  219. # configuration file /etc/nginx/conf.d/default.conf:
  220. server {
  221.        listen 8000 default_server;
  222.        listen [::]:8000 ipv6only=on default_server;
  223.        
  224. server_name _;
  225.  
  226.        listen 443 ssl default_server;
  227.        listen [::]:443 ssl ipv6only=on default_server;
  228. }
  229.  
  230.  
  231. # configuration file /etc/nginx/sites-enabled/000-apps.vhost:
  232. server {
  233.        listen 8081;
  234.        listen [::]:8081 ipv6only=on;
  235.        ssl off;
  236.        
  237.        server_name _;
  238.  
  239.        root   /var/www/apps;
  240.  
  241.        client_max_body_size 100M;
  242.  
  243.        location / {
  244.               index index.php index.html;
  245.        }
  246.  
  247.        # serve static files directly
  248.        location ~* ^.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt)$ {
  249.               access_log        off;
  250.        }
  251.  
  252.        location ~ \.php$ {
  253.               try_files $uri =404;
  254.               fastcgi_param   QUERY_STRING            $query_string;
  255.               fastcgi_param   REQUEST_METHOD          $request_method;
  256.               fastcgi_param   CONTENT_TYPE            $content_type;
  257.               fastcgi_param   CONTENT_LENGTH          $content_length;
  258.  
  259.               fastcgi_param   SCRIPT_FILENAME         $request_filename;
  260.               fastcgi_param   SCRIPT_NAME             $fastcgi_script_name;
  261.               fastcgi_param   REQUEST_URI             $request_uri;
  262.               fastcgi_param   DOCUMENT_URI            $document_uri;
  263.               fastcgi_param   DOCUMENT_ROOT           $document_root;
  264.               fastcgi_param   SERVER_PROTOCOL         $server_protocol;
  265.  
  266.               fastcgi_param   GATEWAY_INTERFACE       CGI/1.1;
  267.               fastcgi_param   SERVER_SOFTWARE         nginx/$nginx_version;
  268.                           fastcgi_param   HTTP_PROXY              "";
  269.  
  270.               fastcgi_param   REMOTE_ADDR             $remote_addr;
  271.               fastcgi_param   REMOTE_PORT             $remote_port;
  272.               fastcgi_param   SERVER_ADDR             $server_addr;
  273.               fastcgi_param   SERVER_PORT             $server_port;
  274.               fastcgi_param   SERVER_NAME             $server_name;
  275.  
  276.               fastcgi_param   HTTPS                   $https;
  277.  
  278.               # PHP only, required if PHP was built with --enable-force-cgi-redirect
  279.               fastcgi_param   REDIRECT_STATUS         200;
  280.               fastcgi_pass unix:/var/lib/php7.0-fpm/apps.sock;
  281.               fastcgi_index index.php;
  282.               fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
  283.               #fastcgi_param PATH_INFO $fastcgi_script_name;
  284.               fastcgi_buffer_size 128k;
  285.               fastcgi_buffers 256 4k;
  286.               fastcgi_busy_buffers_size 256k;
  287.               fastcgi_temp_file_write_size 256k;
  288.        }
  289.  
  290.        location ~ /\. {
  291.               deny  all;
  292.        }
  293.  
  294.        location /phpmyadmin {
  295.               root /usr/share/;
  296.               index index.php index.html index.htm;
  297.               location ~ ^/phpmyadmin/(.+\.php)$ {
  298.                       try_files $uri =404;
  299.                       root /usr/share/;
  300.                       fastcgi_param   QUERY_STRING            $query_string;
  301.                       fastcgi_param   REQUEST_METHOD          $request_method;
  302.                       fastcgi_param   CONTENT_TYPE            $content_type;
  303.                       fastcgi_param   CONTENT_LENGTH          $content_length;
  304.  
  305.                       fastcgi_param   SCRIPT_FILENAME         $request_filename;
  306.                       fastcgi_param   SCRIPT_NAME             $fastcgi_script_name;
  307.                       fastcgi_param   REQUEST_URI             $request_uri;
  308.                       fastcgi_param   DOCUMENT_URI            $document_uri;
  309.                       fastcgi_param   DOCUMENT_ROOT           $document_root;
  310.                       fastcgi_param   SERVER_PROTOCOL         $server_protocol;
  311.  
  312.                       fastcgi_param   GATEWAY_INTERFACE       CGI/1.1;
  313.                       fastcgi_param   SERVER_SOFTWARE         nginx/$nginx_version;
  314.  
  315.                       fastcgi_param   REMOTE_ADDR             $remote_addr;
  316.                       fastcgi_param   REMOTE_PORT             $remote_port;
  317.                       fastcgi_param   SERVER_ADDR             $server_addr;
  318.                       fastcgi_param   SERVER_PORT             $server_port;
  319.                       fastcgi_param   SERVER_NAME             $server_name;
  320.  
  321.                       fastcgi_param   HTTPS                   $https;
  322.  
  323.                       # PHP only, required if PHP was built with --enable-force-cgi-redirect
  324.                       fastcgi_param   REDIRECT_STATUS         200;
  325.                       # To access phpMyAdmin, the default user (like www-data on Debian/Ubuntu) must be used
  326.                       #fastcgi_pass 127.0.0.1:9000;
  327.                       fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
  328.                       fastcgi_index index.php;
  329.                       fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
  330.                       fastcgi_buffer_size 128k;
  331.                       fastcgi_buffers 256 4k;
  332.                       fastcgi_busy_buffers_size 256k;
  333.                       fastcgi_temp_file_write_size 256k;
  334.                       fastcgi_read_timeout 1200;
  335.               }
  336.               location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
  337.                       root /usr/share/;
  338.               }
  339.        }
  340.        location /phpMyAdmin {
  341.               rewrite ^/* /phpmyadmin last;
  342.        }
  343.  
  344.        location /squirrelmail {
  345.               root /usr/share/;
  346.               index index.php index.html index.htm;
  347.               location ~ ^/squirrelmail/(.+\.php)$ {
  348.                       try_files $uri =404;
  349.                       root /usr/share/;
  350.                       fastcgi_param   QUERY_STRING            $query_string;
  351.                       fastcgi_param   REQUEST_METHOD          $request_method;
  352.                       fastcgi_param   CONTENT_TYPE            $content_type;
  353.                       fastcgi_param   CONTENT_LENGTH          $content_length;
  354.  
  355.                       fastcgi_param   SCRIPT_FILENAME         $request_filename;
  356.                       fastcgi_param   SCRIPT_NAME             $fastcgi_script_name;
  357.                       fastcgi_param   REQUEST_URI             $request_uri;
  358.                       fastcgi_param   DOCUMENT_URI            $document_uri;
  359.                       fastcgi_param   DOCUMENT_ROOT           $document_root;
  360.                       fastcgi_param   SERVER_PROTOCOL         $server_protocol;
  361.  
  362.                       fastcgi_param   GATEWAY_INTERFACE       CGI/1.1;
  363.                       fastcgi_param   SERVER_SOFTWARE         nginx/$nginx_version;
  364.  
  365.                       fastcgi_param   REMOTE_ADDR             $remote_addr;
  366.                       fastcgi_param   REMOTE_PORT             $remote_port;
  367.                       fastcgi_param   SERVER_ADDR             $server_addr;
  368.                       fastcgi_param   SERVER_PORT             $server_port;
  369.                       fastcgi_param   SERVER_NAME             $server_name;
  370.  
  371.                       fastcgi_param   HTTPS                   $https;
  372.  
  373.                       # PHP only, required if PHP was built with --enable-force-cgi-redirect
  374.                       fastcgi_param   REDIRECT_STATUS         200;
  375.                       # To access SquirrelMail, the default user (like www-data on Debian/Ubuntu) must be used
  376.                       #fastcgi_pass 127.0.0.1:9000;
  377.                       fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
  378.                       fastcgi_index index.php;
  379.                       fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
  380.                       fastcgi_buffer_size 128k;
  381.                       fastcgi_buffers 256 4k;
  382.                       fastcgi_busy_buffers_size 256k;
  383.                       fastcgi_temp_file_write_size 256k;
  384.               }
  385.               location ~* ^/squirrelmail/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
  386.                       root /usr/share/;
  387.               }
  388.        }
  389.        location /webmail {
  390.               rewrite ^/* /squirrelmail last;
  391.        }
  392.  
  393.        location /cgi-bin/mailman {
  394.               root /usr/lib/;
  395.               fastcgi_split_path_info (^/cgi-bin/mailman/[^/]*)(.*)$;
  396.               fastcgi_param   QUERY_STRING            $query_string;
  397.               fastcgi_param   REQUEST_METHOD          $request_method;
  398.               fastcgi_param   CONTENT_TYPE            $content_type;
  399.               fastcgi_param   CONTENT_LENGTH          $content_length;
  400.  
  401.               fastcgi_param   SCRIPT_FILENAME         $request_filename;
  402.               fastcgi_param   SCRIPT_NAME             $fastcgi_script_name;
  403.               fastcgi_param   REQUEST_URI             $request_uri;
  404.               fastcgi_param   DOCUMENT_URI            $document_uri;
  405.               fastcgi_param   DOCUMENT_ROOT           $document_root;
  406.               fastcgi_param   SERVER_PROTOCOL         $server_protocol;
  407.  
  408.               fastcgi_param   GATEWAY_INTERFACE       CGI/1.1;
  409.               fastcgi_param   SERVER_SOFTWARE         nginx/$nginx_version;
  410.  
  411.               fastcgi_param   REMOTE_ADDR             $remote_addr;
  412.               fastcgi_param   REMOTE_PORT             $remote_port;
  413.               fastcgi_param   SERVER_ADDR             $server_addr;
  414.               fastcgi_param   SERVER_PORT             $server_port;
  415.               fastcgi_param   SERVER_NAME             $server_name;
  416.  
  417.               fastcgi_param   HTTPS                   $https;
  418.  
  419.               # PHP only, required if PHP was built with --enable-force-cgi-redirect
  420.               fastcgi_param   REDIRECT_STATUS         200;
  421.               fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
  422.               fastcgi_param PATH_INFO $fastcgi_path_info;
  423.               fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
  424.               fastcgi_intercept_errors on;
  425.               fastcgi_pass unix:/var/run/fcgiwrap.socket;
  426.        }
  427.  
  428.        location /images/mailman {
  429.               alias /usr/share/images/mailman;
  430.        }
  431.  
  432.        location /pipermail {
  433.               alias /var/lib/mailman/archives/public;
  434.               autoindex on;
  435.        }
  436. }
  437.  
  438. # configuration file /etc/nginx/sites-enabled/000-ispconfig.vhost:
  439. server {
  440.        listen 8080;
  441.        listen [::]:8080 ipv6only=on;
  442.                ssl on;
  443.                ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  444.        ssl_certificate /usr/local/ispconfig/interface/ssl/ispserver.crt;
  445.        ssl_certificate_key /usr/local/ispconfig/interface/ssl/ispserver.key;
  446.        ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-
  447. RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:EC
  448. DHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:EC
  449. DHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
  450.        ssl_prefer_server_ciphers on;
  451.  
  452.                # redirect to https if accessed with http
  453.                error_page 497 https://$host:8080$request_uri;
  454.  
  455.        server_name _;
  456.  
  457.        root   /usr/local/ispconfig/interface/web/;
  458.  
  459.        client_max_body_size 20M;
  460.  
  461.        location / {
  462.               index index.php index.html;
  463.        }
  464.  
  465.        # serve static files directly
  466.        location ~* ^.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt)$ {
  467.               access_log        off;
  468.        }
  469.  
  470.        location ~ \.php$ {
  471.               try_files $uri =404;
  472.               include /etc/nginx/fastcgi_params;
  473.               fastcgi_pass unix:/var/lib/php7.0-fpm/ispconfig.sock;
  474.               fastcgi_index index.php;
  475.               fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
  476.               
  477.               fastcgi_buffer_size 128k;
  478.               fastcgi_buffers 256 4k;
  479.               fastcgi_busy_buffers_size 256k;
  480.               fastcgi_temp_file_write_size 256k;
  481.               fastcgi_read_timeout 1200;
  482.               fastcgi_param HTTP_PROXY "";
  483.        }
  484.  
  485.        location ~ /\. {
  486.               deny  all;
  487.        }
  488.  
  489. }
  490.  
  491. # configuration file /etc/nginx/fastcgi_params:
  492.  
  493. fastcgi_param  QUERY_STRING       $query_string;
  494. fastcgi_param  REQUEST_METHOD     $request_method;
  495. fastcgi_param  CONTENT_TYPE       $content_type;
  496. fastcgi_param  CONTENT_LENGTH     $content_length;
  497.  
  498. fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
  499. fastcgi_param  REQUEST_URI        $request_uri;
  500. fastcgi_param  DOCUMENT_URI       $document_uri;
  501. fastcgi_param  DOCUMENT_ROOT      $document_root;
  502. fastcgi_param  SERVER_PROTOCOL    $server_protocol;
  503. fastcgi_param  REQUEST_SCHEME     $scheme;
  504. fastcgi_param  HTTPS              $https if_not_empty;
  505.  
  506. fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
  507. fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;
  508.  
  509. fastcgi_param  REMOTE_ADDR        $remote_addr;
  510. fastcgi_param  REMOTE_PORT        $remote_port;
  511. fastcgi_param  SERVER_ADDR        $server_addr;
  512. fastcgi_param  SERVER_PORT        $server_port;
  513. fastcgi_param  SERVER_NAME        $server_name;
  514.  
  515. # PHP only, required if PHP was built with --enable-force-cgi-redirect
  516. fastcgi_param  REDIRECT_STATUS    200;
  517.  
  518. # configuration file /etc/nginx/sites-enabled/100-domain2.com.vhost:
  519. server { # this block only redirects www to non www
  520.        listen 1.2.3.4:443 ssl;
  521.        server_name www.domain2.com;
  522.  
  523.        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  524.        ssl_certificate /var/www/clients/client0/web3/ssl/domain2.com-le.crt;
  525.        ssl_certificate_key /var/www/clients/client0/web3/ssl/domain2.com-le.key;
  526.  
  527.        return 301 https://domain2.com$request_uri;
  528.        }
  529.  
  530. server {
  531.        listen 1.2.3.4:443 ssl;
  532.        server_name domain2.com
  533.  
  534.        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  535.        ssl_certificate /var/www/clients/client0/web3/ssl/domain2.com-le.crt;
  536.        ssl_certificate_key /var/www/clients/client0/web3/ssl/domain2.com-le.key;
  537.  
  538.        location / {
  539.            # Pass the request on to Varnish.
  540.            proxy_pass  http://127.0.0.1;
  541.  
  542.            # Pass some headers to the downstream server, so it can identify the host.
  543.            proxy_set_header Host $host;
  544.            proxy_set_header X-Real-IP $remote_addr;
  545.            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  546.  
  547.            proxy_set_header X-Forwarded-Proto https;
  548.  
  549.            proxy_redirect     off;
  550.        }
  551.         
  552. }
  553.  
  554. server {
  555.        listen 1.2.3.4:8082;
  556. #       listen [::]:8082 ipv6only=on;
  557.  
  558.        server_name domain2.com www.domain2.com;
  559.  
  560.        root   /var/www/domain2.com/web/public;
  561.  
  562.        # index index.html index.htm index.php index.cgi index.pl index.xhtml;
  563.        location / {
  564.            try_files $uri /index.php$is_args$args;
  565.        }
  566.  
  567.       location ~ ^/index\.php(/|$) {
  568.  
  569.            fastcgi_pass 127.0.0.1:8998;
  570.       
  571.        fastcgi_split_path_info ^(.+\.php)(/.*)$;
  572.        include fastcgi_params;
  573.        
  574.        fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
  575.        fastcgi_param DOCUMENT_ROOT $realpath_root;
  576.  
  577.        internal;
  578.  
  579.        }
  580.  
  581.        location ~ \.php$ {
  582.           # return 404;
  583.        }
  584.  
  585.        error_log /var/log/ispconfig/httpd/domain2.com/error.log;
  586.        access_log /var/log/ispconfig/httpd/domain2.com/access.log combined;
  587.  
  588.        location ~ /\. {
  589.                        deny all;
  590.        }
  591.  
  592.        location ^~ /.well-known/acme-challenge/ {
  593.                        access_log off;
  594.                        log_not_found off;
  595.                        root /usr/local/ispconfig/interface/acme/;
  596.                        autoindex off;
  597.                        try_files $uri $uri/ =404;
  598.        }
  599.  
  600.        location = /favicon.ico {
  601.            log_not_found off;
  602.            access_log off;
  603.            expires max;
  604.            add_header Cache-Control "public, must-revalidate, proxy-revalidate";
  605.        }
  606.  
  607.        location = /robots.txt {
  608.            allow all;
  609.            log_not_found off;
  610.            access_log off;
  611.        }
  612.  
  613. }
  614.  
  615. # configuration file /etc/nginx/fastcgi_params:
  616.  
  617. fastcgi_param  QUERY_STRING       $query_string;
  618. fastcgi_param  REQUEST_METHOD     $request_method;
  619. fastcgi_param  CONTENT_TYPE       $content_type;
  620. fastcgi_param  CONTENT_LENGTH     $content_length;
  621.  
  622. fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
  623. fastcgi_param  REQUEST_URI        $request_uri;
  624. fastcgi_param  DOCUMENT_URI       $document_uri;
  625. fastcgi_param  DOCUMENT_ROOT      $document_root;
  626. fastcgi_param  SERVER_PROTOCOL    $server_protocol;
  627. fastcgi_param  REQUEST_SCHEME     $scheme;
  628. fastcgi_param  HTTPS              $https if_not_empty;
  629.  
  630. fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
  631. fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;
  632.  
  633. fastcgi_param  REMOTE_ADDR        $remote_addr;
  634. fastcgi_param  REMOTE_PORT        $remote_port;
  635. fastcgi_param  SERVER_ADDR        $server_addr;
  636. fastcgi_param  SERVER_PORT        $server_port;
  637. fastcgi_param  SERVER_NAME        $server_name;
  638.  
  639. # PHP only, required if PHP was built with --enable-force-cgi-redirect
  640. fastcgi_param  REDIRECT_STATUS    200;
  641.  
  642. # configuration file /etc/nginx/sites-enabled/100-other_domain.com.vhost:
  643. server { # this block only redirects www to non www
  644.        listen 5.6.7.8:443 ssl;
  645.        server_name www.other_domain.com;
  646.  
  647.        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  648.        ssl_certificate /var/www/clients/client0/web4/ssl/other_domain.com-le.crt;
  649.        ssl_certificate_key /var/www/clients/client0/web4/ssl/other_domain.com-le.key;
  650.  
  651.        return 301 https://other_domain.com$request_uri;
  652.        }
  653.  
  654. server {
  655.        listen 5.6.7.8:443 ssl;
  656.        server_name other_domain.com;
  657.  
  658.        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  659.        ssl_certificate /var/www/clients/client0/web4/ssl/other_domain.com-le.crt;
  660.        ssl_certificate_key /var/www/clients/client0/web4/ssl/other_domain.com-le.key;
  661.  
  662.        location / {
  663.            # Pass the request on to Varnish.
  664.            proxy_pass  http://127.0.0.1;
  665.  
  666.            # Pass some headers to the downstream server, so it can identify the host.
  667.            proxy_set_header Host $host;
  668.            proxy_set_header X-Real-IP $remote_addr;
  669.            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  670.  
  671.            # Tell any web apps like Drupal that the session is HTTPS.
  672.            proxy_set_header X-Forwarded-Proto https;
  673.            proxy_redirect     off;
  674.        }
  675. }
  676.  
  677. server {
  678.        listen 5.6.7.8:8083;
  679. #       listen [::]:8083 ipv6only=on;
  680.  
  681.  
  682.        server_name other_domain.com;
  683.        root   /var/www/other_domain.com/web/public;
  684.  
  685.        location / {
  686.            try_files $uri /index.php$is_args$args;
  687.       }
  688.  
  689.       location ~ ^/index\.php(/|$) {
  690.            fastcgi_pass 127.0.0.1:8998;
  691.  
  692.            fastcgi_split_path_info ^(.+\.php)(/.*)$;
  693.            include fastcgi_params;
  694.  
  695.            fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
  696.            fastcgi_param DOCUMENT_ROOT $realpath_root;
  697.  
  698.            internal;
  699.        }
  700.  
  701.        location ~ \.php$ {
  702.            return 404;
  703.        }
  704.  
  705.        location ~ /\. {
  706.                        deny all;
  707.        }
  708.  
  709.        location ^~ /.well-known/acme-challenge/ {
  710.                        access_log off;
  711.                        log_not_found off;
  712.                        root /usr/local/ispconfig/interface/acme/;
  713.                        autoindex off;
  714.                        try_files $uri $uri/ =404;
  715.        }
  716.  
  717.        location = /favicon.ico {
  718.            log_not_found off;
  719.            access_log off;
  720.            expires max;
  721.        }
  722.  
  723.        location = /robots.txt {
  724.            allow all;
  725.            log_not_found off;
  726.            access_log off;
  727.        }
  728.          
  729. }
  730.  
  731. # configuration file /etc/nginx/fastcgi_params:
  732.  
  733. fastcgi_param  QUERY_STRING       $query_string;
  734. fastcgi_param  REQUEST_METHOD     $request_method;
  735. fastcgi_param  CONTENT_TYPE       $content_type;
  736. fastcgi_param  CONTENT_LENGTH     $content_length;
  737.  
  738. fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
  739. fastcgi_param  REQUEST_URI        $request_uri;
  740. fastcgi_param  DOCUMENT_URI       $document_uri;
  741. fastcgi_param  DOCUMENT_ROOT      $document_root;
  742. fastcgi_param  SERVER_PROTOCOL    $server_protocol;
  743. fastcgi_param  REQUEST_SCHEME     $scheme;
  744. fastcgi_param  HTTPS              $https if_not_empty;
  745.  
  746. fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
  747. fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;
  748.  
  749. fastcgi_param  REMOTE_ADDR        $remote_addr;
  750. fastcgi_param  REMOTE_PORT        $remote_port;
  751. fastcgi_param  SERVER_ADDR        $server_addr;
  752. fastcgi_param  SERVER_PORT        $server_port;
  753. fastcgi_param  SERVER_NAME        $server_name;
  754.  
  755. # PHP only, required if PHP was built with --enable-force-cgi-redirect
  756. fastcgi_param  REDIRECT_STATUS    200;
  757.  
  758. # configuration file /etc/nginx/sites-enabled/100-www.example.org.vhost:
  759. server { # this block only redirects www to non www
  760.        listen 8.9.10.11.233:443 ssl;
  761.        server_name example.org;
  762.         
  763.        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  764.        ssl_certificate /var/www/clients/client1/web5/ssl/www.example.org-le.crt;
  765.        ssl_certificate_key /var/www/clients/client1/web5/ssl/www.example.org-le.key;
  766.  
  767.        return 301 https://www.example.org$request_uri;
  768. }
  769. server {
  770.        listen 8.9.10.11.233:443 ssl;
  771.        server_name www.example.org;
  772.  
  773.        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  774.        ssl_certificate /var/www/clients/client1/web5/ssl/www.example.org-le.crt;
  775.        ssl_certificate_key /var/www/clients/client1/web5/ssl/www.example.org-le.key;
  776.  
  777.        location / {
  778.            # Pass the request on to Varnish.
  779.            proxy_pass  http://127.0.0.1;
  780.  
  781.            # Pass some headers to the downstream server, so it can identify the host.
  782.            proxy_set_header Host $host;
  783.            proxy_set_header X-Real-IP $remote_addr;
  784.            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  785.            proxy_buffer_size 128k;
  786.            proxy_buffers 4 256k;
  787.            proxy_busy_buffers_size 256k;
  788.        
  789.            proxy_set_header X-Forwarded-Proto https;
  790.            proxy_redirect     off;
  791.        }
  792. }
  793. server {
  794.    listen 8.9.10.11.233:8084;
  795.    # listen [::]:8084 ipv6only=on;
  796.  
  797.    server_name www.example.org example.org;
  798.  
  799.    root   /var/www/www.example.org/web/docroot;
  800.  
  801.  
  802.    location = /favicon.ico {
  803.        log_not_found off;
  804.        access_log off;
  805.    }
  806.  
  807.    location = /robots.txt {
  808.        allow all;
  809.        log_not_found off;
  810.        access_log off;
  811.    }
  812.  
  813.    # Very rarely should these ever be accessed outside of your lan
  814.    location ~* \.(txt|log)$ {
  815.        allow 192.168.0.0/16;
  816.        deny all;
  817.    }
  818.  
  819.    location ~ \..*/.*\.php$ {
  820.        return 403;
  821.    }
  822.  
  823.    location ~ ^/sites/.*/private/ {
  824.        return 403;
  825.    }
  826.  
  827.    # Block access to scripts in site files directory
  828.    location ~ ^/sites/[^/]+/files/.*\.php$ {
  829.        deny all;
  830.    }
  831.  
  832.    # Allow "Well-Known URIs" as per RFC 5785
  833.    location ~* ^/.well-known/ {
  834.        allow all;
  835.    }
  836.  
  837.    # Block access to "hidden" files and directories whose names begin with a
  838.    # period. This includes directories used by version control systems such
  839.    # as Subversion or Git to store control files.
  840.    location ~ (^|/)\. {
  841.        return 403;
  842.    }
  843.  
  844.    location / {
  845.        try_files $uri /index.php?$query_string;
  846.    }
  847.  
  848.    location @rewrite {
  849.        rewrite ^/(.*)$ /index.php?q=$1;
  850.    }
  851.  
  852.    # Don't allow direct access to PHP files in the vendor directory.
  853.    location ~ /vendor/.*\.php$ {
  854.        deny all;
  855.        return 404;
  856.    }
  857.  
  858.  
  859.    location ~ '\.php$|^/update.php' {
  860.        # Ensure the php file exists. Mitigates CVE-2019-11043
  861.        try_files $uri =404;
  862.        fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
  863.        # See http://serverfault.com/q/627903/94922 for details.
  864.        include fastcgi_params;
  865.        # Block httproxy attacks. See https://httpoxy.org/.
  866.        fastcgi_param HTTP_PROXY "";
  867.        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
  868.        fastcgi_param PATH_INFO $fastcgi_path_info;
  869.        fastcgi_param QUERY_STRING $query_string;
  870.        fastcgi_intercept_errors on;
  871.        fastcgi_buffers 16 16k;
  872.        fastcgi_buffer_size 32k;
  873.        # PHP 7.2 socket location (from /opt/php-7.2/etc/php-fpm.d/www.conf)
  874.        fastcgi_pass 127.0.0.1:8998;
  875.        
  876.    }
  877.  
  878.    # Fighting with Styles? This little gem is amazing.
  879.    location ~ ^/sites/.*/files/styles/ { # For Drupal >= 7
  880.        try_files $uri @rewrite;
  881.    }
  882.  
  883.    # Handle private files through Drupal. Private file's path can come
  884.    # with a language prefix.
  885.    location ~ ^(/[a-z\-]+)?/system/files/ { # For Drupal >= 7
  886.        try_files $uri /index.php?$query_string;
  887.    }
  888.  
  889.    location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
  890.        try_files $uri @rewrite;
  891.        expires max;
  892.        log_not_found off;
  893.    }
  894.  
  895.    if ($request_uri ~* "^(.*/)index\.php(.*)") {
  896.        return 307 $1$2;
  897.    }
  898.  
  899.  
  900. }
  901.  
  902. # configuration file /etc/nginx/fastcgi_params:
  903.  
  904. fastcgi_param  QUERY_STRING       $query_string;
  905. fastcgi_param  REQUEST_METHOD     $request_method;
  906. fastcgi_param  CONTENT_TYPE       $content_type;
  907. fastcgi_param  CONTENT_LENGTH     $content_length;
  908.  
  909. fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
  910. fastcgi_param  REQUEST_URI        $request_uri;
  911. fastcgi_param  DOCUMENT_URI       $document_uri;
  912. fastcgi_param  DOCUMENT_ROOT      $document_root;
  913. fastcgi_param  SERVER_PROTOCOL    $server_protocol;
  914. fastcgi_param  REQUEST_SCHEME     $scheme;
  915. fastcgi_param  HTTPS              $https if_not_empty;
  916.  
  917. fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
  918. fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;
  919.  
  920. fastcgi_param  REMOTE_ADDR        $remote_addr;
  921. fastcgi_param  REMOTE_PORT        $remote_port;
  922. fastcgi_param  SERVER_ADDR        $server_addr;
  923. fastcgi_param  SERVER_PORT        $server_port;
  924. fastcgi_param  SERVER_NAME        $server_name;
  925.  
  926. # PHP only, required if PHP was built with --enable-force-cgi-redirect
  927. fastcgi_param  REDIRECT_STATUS    200;
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!