-
Notifications
You must be signed in to change notification settings - Fork 30
/
nginx.yml
177 lines (155 loc) · 4.63 KB
/
nginx.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
---
# Nginx vHost Template defintion for vhost-gen.py
#
# The 'feature' section contains optional features that can be enabled via
# conf.yml and will then be replaced into the main vhost ('structure' section)
# into their corresponding position:
#
# __XDOMAIN_REQ__
# __PHP_FPM__
# __ALIASES__
# __DENIES__
# __STATUS__
#
# The features itself also contain variables to be adjusted in conf.yml
# and will then be replaced in their corresponding feature section
# before being replaced into the vhost section (if enabled):
#
# PHP-FPM:
# __PHP_ADDR__
# __PHP_PORT__
# XDomain:
# __REGEX__
# Alias:
# __REGEX__
# __PATH__
# Deny:
# __REGEX__
# Status:
# __REGEX__
#
# Variables to be replaced directly in the vhost configuration can also be set
# in conf.yml and include:
# __VHOST_NAME__
# __DOCUMENT_ROOT__
# __INDEX__
# __ACCESS_LOG__
# __ERROR_LOG__
# __PHP_ADDR__
# __PHP_PORT__
#
###
### Basic vHost skeleton
###
vhost: |
server {
listen __PORT____HTTP_PROTO____DEFAULT_VHOST__;
server_name __VHOST_NAME__;
access_log "__ACCESS_LOG__" combined;
error_log "__ERROR_LOG__" warn;
__REDIRECT__
__SSL__
__VHOST_DOCROOT__
__VHOST_RPROXY__
__PHP_FPM__
__ALIASES__
__DENIES__
__SERVER_STATUS__
# Custom directives
__CUSTOM__
}
###
### vHost Type (normal or reverse proxy)
###
vhost_type:
# Normal vHost (-p)
docroot: |
# Define the vhost to serve files
root "__DOCUMENT_ROOT__";
index __INDEX__;
# Reverse Proxy (-r http(s)://ADDR:PORT)
rproxy: |
# Define Reverse Proxy
location __LOCATION__ {
# https://stackoverflow.com/a/72586833
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# Proxy connection
proxy_pass __PROXY_PROTO__://__PROXY_ADDR__:__PROXY_PORT__;
}
# Reverse Proxy with websocket support (-r ws(s)://ADDR:PORT)
rproxy_ws: |
# Define Reverse Proxy with Websock support
location __LOCATION__ {
# https://stackoverflow.com/a/72586833
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# Websocket settings
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
# Proxy connection
proxy_pass __PROXY_PROTO__://__PROXY_ADDR__:__PROXY_PORT__;
}
###
### Optional features to be enabled in vHost
###
features:
# SSL Configuration
ssl: |
ssl_certificate __SSL_PATH_CRT__;
ssl_certificate_key __SSL_PATH_KEY__;
ssl_protocols __SSL_PROTOCOLS__;
ssl_prefer_server_ciphers __SSL_HONOR_CIPHER_ORDER__;
ssl_ciphers __SSL_CIPHERS__;
# Redirect to SSL directive
redirect: |
return 301 https://__VHOST_NAME__:__SSL_PORT__$request_uri;
# PHP-FPM will not be applied to a reverse proxy!
php_fpm: |
# PHP-FPM Definition
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
location ~ \.php?$ {
try_files $uri = 404;
include fastcgi_params;
# https://stackoverflow.com/questions/1733306/nginx-errors-readv-and-recv-failed/51457613#51457613
fastcgi_keep_conn off;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_split_path_info ^(.+\.php)(.*)$;
fastcgi_pass __PHP_ADDR__:__PHP_PORT__;
fastcgi_read_timeout __PHP_TIMEOUT__;
fastcgi_index index.php;
fastcgi_intercept_errors on;
}
alias: |
# Alias Definition
location ~ __ALIAS__ {
root __PATH__;
__XDOMAIN_REQ__
}
deny: |
# Deny Definition
location ~ __REGEX__ {
deny all;
}
server_status: |
# Status Page
location ~ __REGEX__ {
stub_status on;
access_log off;
}
xdomain_request: |
# Allow cross domain request from these hosts
# https://fetch.spec.whatwg.org/#forbidden-header-name
if ( $http_origin ~* (__REGEX__) ) {
add_header "Access-Control-Allow-Origin" "$http_origin";
add_header 'Access-Control-Allow-Methods' 'HEAD, GET, POST, PUT, PATCH, DELETE, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'Accept, Authorization, Content-Security-Policy, Content-Type, Location, Origin, X-Requested-With';
add_header 'Access-Control-Expose-Headers' 'Content-Security-Policy, Location';
add_header 'Access-Control-Max-Age' 0;
return 200;
}