diff --git a/install/debian/7/templates/web/nginx/php5-fpm/drupal.stpl b/install/debian/7/templates/web/nginx/php5-fpm/drupal6.stpl similarity index 92% rename from install/debian/7/templates/web/nginx/php5-fpm/drupal.stpl rename to install/debian/7/templates/web/nginx/php5-fpm/drupal6.stpl index 9a548439..62e67cc9 100644 --- a/install/debian/7/templates/web/nginx/php5-fpm/drupal.stpl +++ b/install/debian/7/templates/web/nginx/php5-fpm/drupal6.stpl @@ -65,15 +65,10 @@ server { } location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - # For Drupal 6 and bwlow: # Some modules enforce no slash (/) at the end of the URL # Else this rewrite block wouldn't be needed (GlobalRedirect) - #rewrite ^/(.*)$ /index.php?q=$1; + rewrite ^/(.*)$ /index.php?q=$1; } location ~ ^/sites/.*/files/styles/ { diff --git a/install/rhel/5/templates/web/nginx/php-fpm/drupal.tpl b/install/debian/7/templates/web/nginx/php5-fpm/drupal6.tpl similarity index 92% rename from install/rhel/5/templates/web/nginx/php-fpm/drupal.tpl rename to install/debian/7/templates/web/nginx/php5-fpm/drupal6.tpl index 417762c1..52adf452 100644 --- a/install/rhel/5/templates/web/nginx/php-fpm/drupal.tpl +++ b/install/debian/7/templates/web/nginx/php5-fpm/drupal6.tpl @@ -62,15 +62,10 @@ server { } location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - # For Drupal 6 and bwlow: # Some modules enforce no slash (/) at the end of the URL # Else this rewrite block wouldn't be needed (GlobalRedirect) - #rewrite ^/(.*)$ /index.php?q=$1; + rewrite ^/(.*)$ /index.php?q=$1; } location ~ ^/sites/.*/files/styles/ { diff --git a/install/debian/7/templates/web/nginx/php5-fpm/drupal7.stpl b/install/debian/7/templates/web/nginx/php5-fpm/drupal7.stpl new file mode 100644 index 00000000..6ff87d84 --- /dev/null +++ b/install/debian/7/templates/web/nginx/php5-fpm/drupal7.stpl @@ -0,0 +1,96 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /index.php; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/7/templates/web/nginx/php5-fpm/drupal7.tpl b/install/debian/7/templates/web/nginx/php5-fpm/drupal7.tpl new file mode 100644 index 00000000..75719cd9 --- /dev/null +++ b/install/debian/7/templates/web/nginx/php5-fpm/drupal7.tpl @@ -0,0 +1,93 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Very rarely should these ever be accessed outside of your lan + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /index.php; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/7/templates/web/nginx/php5-fpm/drupal8.stpl b/install/debian/7/templates/web/nginx/php5-fpm/drupal8.stpl new file mode 100644 index 00000000..b334d481 --- /dev/null +++ b/install/debian/7/templates/web/nginx/php5-fpm/drupal8.stpl @@ -0,0 +1,97 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$)|^/update.php { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /index.php; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/7/templates/web/nginx/php5-fpm/drupal8.tpl b/install/debian/7/templates/web/nginx/php5-fpm/drupal8.tpl new file mode 100644 index 00000000..c927ab13 --- /dev/null +++ b/install/debian/7/templates/web/nginx/php5-fpm/drupal8.tpl @@ -0,0 +1,94 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Very rarely should these ever be accessed outside of your lan + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$)|^/update.php { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /index.php; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/7/templates/web/nginx/php5-fpm/moodle.stpl b/install/debian/7/templates/web/nginx/php5-fpm/moodle.stpl new file mode 100644 index 00000000..c67efe86 --- /dev/null +++ b/install/debian/7/templates/web/nginx/php5-fpm/moodle.stpl @@ -0,0 +1,85 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + rewrite ^/(.*\.php)(/)(.*)$ /$1?file=/$3 last; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/7/templates/web/nginx/php5-fpm/moodle.tpl b/install/debian/7/templates/web/nginx/php5-fpm/moodle.tpl new file mode 100644 index 00000000..0147c821 --- /dev/null +++ b/install/debian/7/templates/web/nginx/php5-fpm/moodle.tpl @@ -0,0 +1,82 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + rewrite ^/(.*\.php)(/)(.*)$ /$1?file=/$3 last; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Very rarely should these ever be accessed outside of your lan + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/7/templates/web/nginx/php5-fpm/owncloud.stpl b/install/debian/7/templates/web/nginx/php5-fpm/owncloud.stpl index 8311ca43..3d3b7547 100644 --- a/install/debian/7/templates/web/nginx/php5-fpm/owncloud.stpl +++ b/install/debian/7/templates/web/nginx/php5-fpm/owncloud.stpl @@ -43,7 +43,7 @@ server { try_files $uri $uri/ /index.php; location ~ \.php(?:$|/) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_split_path_info ^(.+\.php)(/.+)$; include /etc/nginx/fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; diff --git a/install/debian/7/templates/web/nginx/php5-fpm/owncloud.tpl b/install/debian/7/templates/web/nginx/php5-fpm/owncloud.tpl index 57cac2f8..2e898100 100644 --- a/install/debian/7/templates/web/nginx/php5-fpm/owncloud.tpl +++ b/install/debian/7/templates/web/nginx/php5-fpm/owncloud.tpl @@ -39,7 +39,7 @@ server { try_files $uri $uri/ /index.php; location ~ \.php(?:$|/) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_split_path_info ^(.+\.php)(/.+)$; include /etc/nginx/fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; diff --git a/install/rhel/5/templates/web/nginx/php-fpm/drupal.stpl b/install/debian/8/templates/web/nginx/php5-fpm/drupal6.stpl similarity index 92% rename from install/rhel/5/templates/web/nginx/php-fpm/drupal.stpl rename to install/debian/8/templates/web/nginx/php5-fpm/drupal6.stpl index 9a548439..62e67cc9 100644 --- a/install/rhel/5/templates/web/nginx/php-fpm/drupal.stpl +++ b/install/debian/8/templates/web/nginx/php5-fpm/drupal6.stpl @@ -65,15 +65,10 @@ server { } location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - # For Drupal 6 and bwlow: # Some modules enforce no slash (/) at the end of the URL # Else this rewrite block wouldn't be needed (GlobalRedirect) - #rewrite ^/(.*)$ /index.php?q=$1; + rewrite ^/(.*)$ /index.php?q=$1; } location ~ ^/sites/.*/files/styles/ { diff --git a/install/debian/7/templates/web/nginx/php5-fpm/drupal.tpl b/install/debian/8/templates/web/nginx/php5-fpm/drupal6.tpl similarity index 92% rename from install/debian/7/templates/web/nginx/php5-fpm/drupal.tpl rename to install/debian/8/templates/web/nginx/php5-fpm/drupal6.tpl index 417762c1..52adf452 100644 --- a/install/debian/7/templates/web/nginx/php5-fpm/drupal.tpl +++ b/install/debian/8/templates/web/nginx/php5-fpm/drupal6.tpl @@ -62,15 +62,10 @@ server { } location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - # For Drupal 6 and bwlow: # Some modules enforce no slash (/) at the end of the URL # Else this rewrite block wouldn't be needed (GlobalRedirect) - #rewrite ^/(.*)$ /index.php?q=$1; + rewrite ^/(.*)$ /index.php?q=$1; } location ~ ^/sites/.*/files/styles/ { diff --git a/install/debian/8/templates/web/nginx/php5-fpm/drupal7.stpl b/install/debian/8/templates/web/nginx/php5-fpm/drupal7.stpl new file mode 100644 index 00000000..6ff87d84 --- /dev/null +++ b/install/debian/8/templates/web/nginx/php5-fpm/drupal7.stpl @@ -0,0 +1,96 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /index.php; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/8/templates/web/nginx/php5-fpm/drupal7.tpl b/install/debian/8/templates/web/nginx/php5-fpm/drupal7.tpl new file mode 100644 index 00000000..75719cd9 --- /dev/null +++ b/install/debian/8/templates/web/nginx/php5-fpm/drupal7.tpl @@ -0,0 +1,93 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Very rarely should these ever be accessed outside of your lan + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /index.php; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/8/templates/web/nginx/php5-fpm/drupal8.stpl b/install/debian/8/templates/web/nginx/php5-fpm/drupal8.stpl new file mode 100644 index 00000000..b334d481 --- /dev/null +++ b/install/debian/8/templates/web/nginx/php5-fpm/drupal8.stpl @@ -0,0 +1,97 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$)|^/update.php { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /index.php; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/8/templates/web/nginx/php5-fpm/drupal8.tpl b/install/debian/8/templates/web/nginx/php5-fpm/drupal8.tpl new file mode 100644 index 00000000..c927ab13 --- /dev/null +++ b/install/debian/8/templates/web/nginx/php5-fpm/drupal8.tpl @@ -0,0 +1,94 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Very rarely should these ever be accessed outside of your lan + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$)|^/update.php { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /index.php; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/8/templates/web/nginx/php5-fpm/moodle.stpl b/install/debian/8/templates/web/nginx/php5-fpm/moodle.stpl new file mode 100644 index 00000000..c67efe86 --- /dev/null +++ b/install/debian/8/templates/web/nginx/php5-fpm/moodle.stpl @@ -0,0 +1,85 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + rewrite ^/(.*\.php)(/)(.*)$ /$1?file=/$3 last; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/8/templates/web/nginx/php5-fpm/moodle.tpl b/install/debian/8/templates/web/nginx/php5-fpm/moodle.tpl new file mode 100644 index 00000000..0147c821 --- /dev/null +++ b/install/debian/8/templates/web/nginx/php5-fpm/moodle.tpl @@ -0,0 +1,82 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + rewrite ^/(.*\.php)(/)(.*)$ /$1?file=/$3 last; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Very rarely should these ever be accessed outside of your lan + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/8/templates/web/nginx/php5-fpm/owncloud.stpl b/install/debian/8/templates/web/nginx/php5-fpm/owncloud.stpl index 8311ca43..3d3b7547 100644 --- a/install/debian/8/templates/web/nginx/php5-fpm/owncloud.stpl +++ b/install/debian/8/templates/web/nginx/php5-fpm/owncloud.stpl @@ -43,7 +43,7 @@ server { try_files $uri $uri/ /index.php; location ~ \.php(?:$|/) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_split_path_info ^(.+\.php)(/.+)$; include /etc/nginx/fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; diff --git a/install/debian/8/templates/web/nginx/php5-fpm/owncloud.tpl b/install/debian/8/templates/web/nginx/php5-fpm/owncloud.tpl index 57cac2f8..2e898100 100644 --- a/install/debian/8/templates/web/nginx/php5-fpm/owncloud.tpl +++ b/install/debian/8/templates/web/nginx/php5-fpm/owncloud.tpl @@ -39,7 +39,7 @@ server { try_files $uri $uri/ /index.php; location ~ \.php(?:$|/) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_split_path_info ^(.+\.php)(/.+)$; include /etc/nginx/fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; diff --git a/install/debian/8/templates/web/nginx/php5-fpm/drupal.stpl b/install/rhel/5/templates/web/nginx/php-fpm/drupal6.stpl similarity index 92% rename from install/debian/8/templates/web/nginx/php5-fpm/drupal.stpl rename to install/rhel/5/templates/web/nginx/php-fpm/drupal6.stpl index 9a548439..62e67cc9 100644 --- a/install/debian/8/templates/web/nginx/php5-fpm/drupal.stpl +++ b/install/rhel/5/templates/web/nginx/php-fpm/drupal6.stpl @@ -65,15 +65,10 @@ server { } location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - # For Drupal 6 and bwlow: # Some modules enforce no slash (/) at the end of the URL # Else this rewrite block wouldn't be needed (GlobalRedirect) - #rewrite ^/(.*)$ /index.php?q=$1; + rewrite ^/(.*)$ /index.php?q=$1; } location ~ ^/sites/.*/files/styles/ { diff --git a/install/rhel/6/templates/web/nginx/php-fpm/drupal.tpl b/install/rhel/5/templates/web/nginx/php-fpm/drupal6.tpl similarity index 92% rename from install/rhel/6/templates/web/nginx/php-fpm/drupal.tpl rename to install/rhel/5/templates/web/nginx/php-fpm/drupal6.tpl index 417762c1..52adf452 100644 --- a/install/rhel/6/templates/web/nginx/php-fpm/drupal.tpl +++ b/install/rhel/5/templates/web/nginx/php-fpm/drupal6.tpl @@ -62,15 +62,10 @@ server { } location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - # For Drupal 6 and bwlow: # Some modules enforce no slash (/) at the end of the URL # Else this rewrite block wouldn't be needed (GlobalRedirect) - #rewrite ^/(.*)$ /index.php?q=$1; + rewrite ^/(.*)$ /index.php?q=$1; } location ~ ^/sites/.*/files/styles/ { diff --git a/install/rhel/5/templates/web/nginx/php-fpm/drupal7.stpl b/install/rhel/5/templates/web/nginx/php-fpm/drupal7.stpl new file mode 100644 index 00000000..6ff87d84 --- /dev/null +++ b/install/rhel/5/templates/web/nginx/php-fpm/drupal7.stpl @@ -0,0 +1,96 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /index.php; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/5/templates/web/nginx/php-fpm/drupal7.tpl b/install/rhel/5/templates/web/nginx/php-fpm/drupal7.tpl new file mode 100644 index 00000000..75719cd9 --- /dev/null +++ b/install/rhel/5/templates/web/nginx/php-fpm/drupal7.tpl @@ -0,0 +1,93 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Very rarely should these ever be accessed outside of your lan + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /index.php; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/5/templates/web/nginx/php-fpm/drupal8.stpl b/install/rhel/5/templates/web/nginx/php-fpm/drupal8.stpl new file mode 100644 index 00000000..b334d481 --- /dev/null +++ b/install/rhel/5/templates/web/nginx/php-fpm/drupal8.stpl @@ -0,0 +1,97 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$)|^/update.php { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /index.php; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/5/templates/web/nginx/php-fpm/drupal8.tpl b/install/rhel/5/templates/web/nginx/php-fpm/drupal8.tpl new file mode 100644 index 00000000..c927ab13 --- /dev/null +++ b/install/rhel/5/templates/web/nginx/php-fpm/drupal8.tpl @@ -0,0 +1,94 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Very rarely should these ever be accessed outside of your lan + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$)|^/update.php { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /index.php; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/5/templates/web/nginx/php-fpm/moodle.stpl b/install/rhel/5/templates/web/nginx/php-fpm/moodle.stpl new file mode 100644 index 00000000..c67efe86 --- /dev/null +++ b/install/rhel/5/templates/web/nginx/php-fpm/moodle.stpl @@ -0,0 +1,85 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + rewrite ^/(.*\.php)(/)(.*)$ /$1?file=/$3 last; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/5/templates/web/nginx/php-fpm/moodle.tpl b/install/rhel/5/templates/web/nginx/php-fpm/moodle.tpl new file mode 100644 index 00000000..0147c821 --- /dev/null +++ b/install/rhel/5/templates/web/nginx/php-fpm/moodle.tpl @@ -0,0 +1,82 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + rewrite ^/(.*\.php)(/)(.*)$ /$1?file=/$3 last; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Very rarely should these ever be accessed outside of your lan + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/5/templates/web/nginx/php-fpm/owncloud.stpl b/install/rhel/5/templates/web/nginx/php-fpm/owncloud.stpl index 8311ca43..3d3b7547 100644 --- a/install/rhel/5/templates/web/nginx/php-fpm/owncloud.stpl +++ b/install/rhel/5/templates/web/nginx/php-fpm/owncloud.stpl @@ -43,7 +43,7 @@ server { try_files $uri $uri/ /index.php; location ~ \.php(?:$|/) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_split_path_info ^(.+\.php)(/.+)$; include /etc/nginx/fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; diff --git a/install/rhel/5/templates/web/nginx/php-fpm/owncloud.tpl b/install/rhel/5/templates/web/nginx/php-fpm/owncloud.tpl index 57cac2f8..2e898100 100644 --- a/install/rhel/5/templates/web/nginx/php-fpm/owncloud.tpl +++ b/install/rhel/5/templates/web/nginx/php-fpm/owncloud.tpl @@ -39,7 +39,7 @@ server { try_files $uri $uri/ /index.php; location ~ \.php(?:$|/) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_split_path_info ^(.+\.php)(/.+)$; include /etc/nginx/fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; diff --git a/install/rhel/6/templates/web/nginx/php-fpm/drupal.stpl b/install/rhel/6/templates/web/nginx/php-fpm/drupal6.stpl similarity index 92% rename from install/rhel/6/templates/web/nginx/php-fpm/drupal.stpl rename to install/rhel/6/templates/web/nginx/php-fpm/drupal6.stpl index 9a548439..62e67cc9 100644 --- a/install/rhel/6/templates/web/nginx/php-fpm/drupal.stpl +++ b/install/rhel/6/templates/web/nginx/php-fpm/drupal6.stpl @@ -65,15 +65,10 @@ server { } location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - # For Drupal 6 and bwlow: # Some modules enforce no slash (/) at the end of the URL # Else this rewrite block wouldn't be needed (GlobalRedirect) - #rewrite ^/(.*)$ /index.php?q=$1; + rewrite ^/(.*)$ /index.php?q=$1; } location ~ ^/sites/.*/files/styles/ { diff --git a/install/debian/8/templates/web/nginx/php5-fpm/drupal.tpl b/install/rhel/6/templates/web/nginx/php-fpm/drupal6.tpl similarity index 92% rename from install/debian/8/templates/web/nginx/php5-fpm/drupal.tpl rename to install/rhel/6/templates/web/nginx/php-fpm/drupal6.tpl index 417762c1..52adf452 100644 --- a/install/debian/8/templates/web/nginx/php5-fpm/drupal.tpl +++ b/install/rhel/6/templates/web/nginx/php-fpm/drupal6.tpl @@ -62,15 +62,10 @@ server { } location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - # For Drupal 6 and bwlow: # Some modules enforce no slash (/) at the end of the URL # Else this rewrite block wouldn't be needed (GlobalRedirect) - #rewrite ^/(.*)$ /index.php?q=$1; + rewrite ^/(.*)$ /index.php?q=$1; } location ~ ^/sites/.*/files/styles/ { diff --git a/install/rhel/6/templates/web/nginx/php-fpm/drupal7.stpl b/install/rhel/6/templates/web/nginx/php-fpm/drupal7.stpl new file mode 100644 index 00000000..6ff87d84 --- /dev/null +++ b/install/rhel/6/templates/web/nginx/php-fpm/drupal7.stpl @@ -0,0 +1,96 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /index.php; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/6/templates/web/nginx/php-fpm/drupal7.tpl b/install/rhel/6/templates/web/nginx/php-fpm/drupal7.tpl new file mode 100644 index 00000000..75719cd9 --- /dev/null +++ b/install/rhel/6/templates/web/nginx/php-fpm/drupal7.tpl @@ -0,0 +1,93 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Very rarely should these ever be accessed outside of your lan + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /index.php; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/6/templates/web/nginx/php-fpm/drupal8.stpl b/install/rhel/6/templates/web/nginx/php-fpm/drupal8.stpl new file mode 100644 index 00000000..b334d481 --- /dev/null +++ b/install/rhel/6/templates/web/nginx/php-fpm/drupal8.stpl @@ -0,0 +1,97 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$)|^/update.php { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /index.php; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/6/templates/web/nginx/php-fpm/drupal8.tpl b/install/rhel/6/templates/web/nginx/php-fpm/drupal8.tpl new file mode 100644 index 00000000..c927ab13 --- /dev/null +++ b/install/rhel/6/templates/web/nginx/php-fpm/drupal8.tpl @@ -0,0 +1,94 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Very rarely should these ever be accessed outside of your lan + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$)|^/update.php { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /index.php; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/6/templates/web/nginx/php-fpm/moodle.stpl b/install/rhel/6/templates/web/nginx/php-fpm/moodle.stpl new file mode 100644 index 00000000..c67efe86 --- /dev/null +++ b/install/rhel/6/templates/web/nginx/php-fpm/moodle.stpl @@ -0,0 +1,85 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + rewrite ^/(.*\.php)(/)(.*)$ /$1?file=/$3 last; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/6/templates/web/nginx/php-fpm/moodle.tpl b/install/rhel/6/templates/web/nginx/php-fpm/moodle.tpl new file mode 100644 index 00000000..0147c821 --- /dev/null +++ b/install/rhel/6/templates/web/nginx/php-fpm/moodle.tpl @@ -0,0 +1,82 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + rewrite ^/(.*\.php)(/)(.*)$ /$1?file=/$3 last; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Very rarely should these ever be accessed outside of your lan + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/6/templates/web/nginx/php-fpm/owncloud.stpl b/install/rhel/6/templates/web/nginx/php-fpm/owncloud.stpl index 8311ca43..3d3b7547 100644 --- a/install/rhel/6/templates/web/nginx/php-fpm/owncloud.stpl +++ b/install/rhel/6/templates/web/nginx/php-fpm/owncloud.stpl @@ -43,7 +43,7 @@ server { try_files $uri $uri/ /index.php; location ~ \.php(?:$|/) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_split_path_info ^(.+\.php)(/.+)$; include /etc/nginx/fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; diff --git a/install/rhel/6/templates/web/nginx/php-fpm/owncloud.tpl b/install/rhel/6/templates/web/nginx/php-fpm/owncloud.tpl index 57cac2f8..2e898100 100644 --- a/install/rhel/6/templates/web/nginx/php-fpm/owncloud.tpl +++ b/install/rhel/6/templates/web/nginx/php-fpm/owncloud.tpl @@ -39,7 +39,7 @@ server { try_files $uri $uri/ /index.php; location ~ \.php(?:$|/) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_split_path_info ^(.+\.php)(/.+)$; include /etc/nginx/fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; diff --git a/install/rhel/7/templates/web/nginx/php-fpm/drupal.stpl b/install/rhel/7/templates/web/nginx/php-fpm/drupal.stpl deleted file mode 100644 index 9a548439..00000000 --- a/install/rhel/7/templates/web/nginx/php-fpm/drupal.stpl +++ /dev/null @@ -1,101 +0,0 @@ -server { - listen %ip%:%web_ssl_port%; - server_name %domain_idn% %alias_idn%; - root %docroot%; - index index.php index.html index.htm; - access_log /var/log/nginx/domains/%domain%.log combined; - access_log /var/log/nginx/domains/%domain%.bytes bytes; - error_log /var/log/nginx/domains/%domain%.error.log error; - - ssl on; - ssl_certificate %ssl_pem%; - ssl_certificate_key %ssl_key%; - - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - - location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) - #rewrite ^/(.*)$ /index.php?q=$1; - } - - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } - - error_page 403 /error/404.html; - error_page 404 /error/404.html; - error_page 500 502 503 504 /error/50x.html; - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location ~* "/\.(htaccess|htpasswd)$" { - deny all; - return 404; - } - - include /etc/nginx/conf.d/phpmyadmin.inc*; - include /etc/nginx/conf.d/phppgadmin.inc*; - include /etc/nginx/conf.d/webmail.inc*; - - include %home%/%user%/conf/web/nginx.%domain%.conf*; -} diff --git a/install/rhel/7/templates/web/nginx/php-fpm/drupal.tpl b/install/rhel/7/templates/web/nginx/php-fpm/drupal.tpl deleted file mode 100644 index 417762c1..00000000 --- a/install/rhel/7/templates/web/nginx/php-fpm/drupal.tpl +++ /dev/null @@ -1,98 +0,0 @@ -server { - listen %ip%:%web_port%; - server_name %domain_idn% %alias_idn%; - root %docroot%; - index index.php index.html index.htm; - access_log /var/log/nginx/domains/%domain%.log combined; - access_log /var/log/nginx/domains/%domain%.bytes bytes; - error_log /var/log/nginx/domains/%domain%.error.log error; - - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - # Very rarely should these ever be accessed outside of your lan - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - - location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) - #rewrite ^/(.*)$ /index.php?q=$1; - } - - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } - - error_page 403 /error/404.html; - error_page 404 /error/404.html; - error_page 500 502 503 504 /error/50x.html; - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location ~* "/\.(htaccess|htpasswd)$" { - deny all; - return 404; - } - - include /etc/nginx/conf.d/phpmyadmin.inc*; - include /etc/nginx/conf.d/phppgadmin.inc*; - include /etc/nginx/conf.d/webmail.inc*; - - include %home%/%user%/conf/web/nginx.%domain%.conf*; -} diff --git a/install/rhel/7/templates/web/nginx/php-fpm/drupal6.stpl b/install/rhel/7/templates/web/nginx/php-fpm/drupal6.stpl new file mode 100644 index 00000000..62e67cc9 --- /dev/null +++ b/install/rhel/7/templates/web/nginx/php-fpm/drupal6.stpl @@ -0,0 +1,96 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # For Drupal 6 and bwlow: + # Some modules enforce no slash (/) at the end of the URL + # Else this rewrite block wouldn't be needed (GlobalRedirect) + rewrite ^/(.*)$ /index.php?q=$1; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/7/templates/web/nginx/php-fpm/drupal6.tpl b/install/rhel/7/templates/web/nginx/php-fpm/drupal6.tpl new file mode 100644 index 00000000..52adf452 --- /dev/null +++ b/install/rhel/7/templates/web/nginx/php-fpm/drupal6.tpl @@ -0,0 +1,93 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Very rarely should these ever be accessed outside of your lan + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # For Drupal 6 and bwlow: + # Some modules enforce no slash (/) at the end of the URL + # Else this rewrite block wouldn't be needed (GlobalRedirect) + rewrite ^/(.*)$ /index.php?q=$1; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/7/templates/web/nginx/php-fpm/drupal7.stpl b/install/rhel/7/templates/web/nginx/php-fpm/drupal7.stpl new file mode 100644 index 00000000..6ff87d84 --- /dev/null +++ b/install/rhel/7/templates/web/nginx/php-fpm/drupal7.stpl @@ -0,0 +1,96 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /index.php; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/7/templates/web/nginx/php-fpm/drupal7.tpl b/install/rhel/7/templates/web/nginx/php-fpm/drupal7.tpl new file mode 100644 index 00000000..75719cd9 --- /dev/null +++ b/install/rhel/7/templates/web/nginx/php-fpm/drupal7.tpl @@ -0,0 +1,93 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Very rarely should these ever be accessed outside of your lan + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /index.php; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/7/templates/web/nginx/php-fpm/drupal8.stpl b/install/rhel/7/templates/web/nginx/php-fpm/drupal8.stpl new file mode 100644 index 00000000..b334d481 --- /dev/null +++ b/install/rhel/7/templates/web/nginx/php-fpm/drupal8.stpl @@ -0,0 +1,97 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$)|^/update.php { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /index.php; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/7/templates/web/nginx/php-fpm/drupal8.tpl b/install/rhel/7/templates/web/nginx/php-fpm/drupal8.tpl new file mode 100644 index 00000000..c927ab13 --- /dev/null +++ b/install/rhel/7/templates/web/nginx/php-fpm/drupal8.tpl @@ -0,0 +1,94 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Very rarely should these ever be accessed outside of your lan + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$)|^/update.php { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /index.php; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/7/templates/web/nginx/php-fpm/moodle.stpl b/install/rhel/7/templates/web/nginx/php-fpm/moodle.stpl new file mode 100644 index 00000000..c67efe86 --- /dev/null +++ b/install/rhel/7/templates/web/nginx/php-fpm/moodle.stpl @@ -0,0 +1,85 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + rewrite ^/(.*\.php)(/)(.*)$ /$1?file=/$3 last; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/7/templates/web/nginx/php-fpm/moodle.tpl b/install/rhel/7/templates/web/nginx/php-fpm/moodle.tpl new file mode 100644 index 00000000..0147c821 --- /dev/null +++ b/install/rhel/7/templates/web/nginx/php-fpm/moodle.tpl @@ -0,0 +1,82 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + rewrite ^/(.*\.php)(/)(.*)$ /$1?file=/$3 last; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Very rarely should these ever be accessed outside of your lan + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/7/templates/web/nginx/php-fpm/owncloud.stpl b/install/rhel/7/templates/web/nginx/php-fpm/owncloud.stpl index 8311ca43..3d3b7547 100644 --- a/install/rhel/7/templates/web/nginx/php-fpm/owncloud.stpl +++ b/install/rhel/7/templates/web/nginx/php-fpm/owncloud.stpl @@ -43,7 +43,7 @@ server { try_files $uri $uri/ /index.php; location ~ \.php(?:$|/) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_split_path_info ^(.+\.php)(/.+)$; include /etc/nginx/fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; diff --git a/install/rhel/7/templates/web/nginx/php-fpm/owncloud.tpl b/install/rhel/7/templates/web/nginx/php-fpm/owncloud.tpl index 57cac2f8..2e898100 100644 --- a/install/rhel/7/templates/web/nginx/php-fpm/owncloud.tpl +++ b/install/rhel/7/templates/web/nginx/php-fpm/owncloud.tpl @@ -39,7 +39,7 @@ server { try_files $uri $uri/ /index.php; location ~ \.php(?:$|/) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_split_path_info ^(.+\.php)(/.+)$; include /etc/nginx/fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; diff --git a/install/ubuntu/12.04/templates/web/nginx/php5-fpm/drupal.stpl b/install/ubuntu/12.04/templates/web/nginx/php5-fpm/drupal.stpl deleted file mode 100644 index 9a548439..00000000 --- a/install/ubuntu/12.04/templates/web/nginx/php5-fpm/drupal.stpl +++ /dev/null @@ -1,101 +0,0 @@ -server { - listen %ip%:%web_ssl_port%; - server_name %domain_idn% %alias_idn%; - root %docroot%; - index index.php index.html index.htm; - access_log /var/log/nginx/domains/%domain%.log combined; - access_log /var/log/nginx/domains/%domain%.bytes bytes; - error_log /var/log/nginx/domains/%domain%.error.log error; - - ssl on; - ssl_certificate %ssl_pem%; - ssl_certificate_key %ssl_key%; - - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - - location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) - #rewrite ^/(.*)$ /index.php?q=$1; - } - - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } - - error_page 403 /error/404.html; - error_page 404 /error/404.html; - error_page 500 502 503 504 /error/50x.html; - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location ~* "/\.(htaccess|htpasswd)$" { - deny all; - return 404; - } - - include /etc/nginx/conf.d/phpmyadmin.inc*; - include /etc/nginx/conf.d/phppgadmin.inc*; - include /etc/nginx/conf.d/webmail.inc*; - - include %home%/%user%/conf/web/nginx.%domain%.conf*; -} diff --git a/install/ubuntu/12.04/templates/web/nginx/php5-fpm/drupal.tpl b/install/ubuntu/12.04/templates/web/nginx/php5-fpm/drupal.tpl deleted file mode 100644 index 417762c1..00000000 --- a/install/ubuntu/12.04/templates/web/nginx/php5-fpm/drupal.tpl +++ /dev/null @@ -1,98 +0,0 @@ -server { - listen %ip%:%web_port%; - server_name %domain_idn% %alias_idn%; - root %docroot%; - index index.php index.html index.htm; - access_log /var/log/nginx/domains/%domain%.log combined; - access_log /var/log/nginx/domains/%domain%.bytes bytes; - error_log /var/log/nginx/domains/%domain%.error.log error; - - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - # Very rarely should these ever be accessed outside of your lan - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - - location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) - #rewrite ^/(.*)$ /index.php?q=$1; - } - - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } - - error_page 403 /error/404.html; - error_page 404 /error/404.html; - error_page 500 502 503 504 /error/50x.html; - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location ~* "/\.(htaccess|htpasswd)$" { - deny all; - return 404; - } - - include /etc/nginx/conf.d/phpmyadmin.inc*; - include /etc/nginx/conf.d/phppgadmin.inc*; - include /etc/nginx/conf.d/webmail.inc*; - - include %home%/%user%/conf/web/nginx.%domain%.conf*; -} diff --git a/install/ubuntu/12.04/templates/web/nginx/php5-fpm/drupal6.stpl b/install/ubuntu/12.04/templates/web/nginx/php5-fpm/drupal6.stpl new file mode 100644 index 00000000..62e67cc9 --- /dev/null +++ b/install/ubuntu/12.04/templates/web/nginx/php5-fpm/drupal6.stpl @@ -0,0 +1,96 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # For Drupal 6 and bwlow: + # Some modules enforce no slash (/) at the end of the URL + # Else this rewrite block wouldn't be needed (GlobalRedirect) + rewrite ^/(.*)$ /index.php?q=$1; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/12.04/templates/web/nginx/php5-fpm/drupal6.tpl b/install/ubuntu/12.04/templates/web/nginx/php5-fpm/drupal6.tpl new file mode 100644 index 00000000..52adf452 --- /dev/null +++ b/install/ubuntu/12.04/templates/web/nginx/php5-fpm/drupal6.tpl @@ -0,0 +1,93 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Very rarely should these ever be accessed outside of your lan + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # For Drupal 6 and bwlow: + # Some modules enforce no slash (/) at the end of the URL + # Else this rewrite block wouldn't be needed (GlobalRedirect) + rewrite ^/(.*)$ /index.php?q=$1; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/12.04/templates/web/nginx/php5-fpm/drupal7.stpl b/install/ubuntu/12.04/templates/web/nginx/php5-fpm/drupal7.stpl new file mode 100644 index 00000000..6ff87d84 --- /dev/null +++ b/install/ubuntu/12.04/templates/web/nginx/php5-fpm/drupal7.stpl @@ -0,0 +1,96 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /index.php; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/12.04/templates/web/nginx/php5-fpm/drupal7.tpl b/install/ubuntu/12.04/templates/web/nginx/php5-fpm/drupal7.tpl new file mode 100644 index 00000000..75719cd9 --- /dev/null +++ b/install/ubuntu/12.04/templates/web/nginx/php5-fpm/drupal7.tpl @@ -0,0 +1,93 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Very rarely should these ever be accessed outside of your lan + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /index.php; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/12.04/templates/web/nginx/php5-fpm/drupal8.stpl b/install/ubuntu/12.04/templates/web/nginx/php5-fpm/drupal8.stpl new file mode 100644 index 00000000..b334d481 --- /dev/null +++ b/install/ubuntu/12.04/templates/web/nginx/php5-fpm/drupal8.stpl @@ -0,0 +1,97 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$)|^/update.php { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /index.php; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/12.04/templates/web/nginx/php5-fpm/drupal8.tpl b/install/ubuntu/12.04/templates/web/nginx/php5-fpm/drupal8.tpl new file mode 100644 index 00000000..c927ab13 --- /dev/null +++ b/install/ubuntu/12.04/templates/web/nginx/php5-fpm/drupal8.tpl @@ -0,0 +1,94 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Very rarely should these ever be accessed outside of your lan + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$)|^/update.php { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /index.php; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/12.04/templates/web/nginx/php5-fpm/moodle.stpl b/install/ubuntu/12.04/templates/web/nginx/php5-fpm/moodle.stpl new file mode 100644 index 00000000..c67efe86 --- /dev/null +++ b/install/ubuntu/12.04/templates/web/nginx/php5-fpm/moodle.stpl @@ -0,0 +1,85 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + rewrite ^/(.*\.php)(/)(.*)$ /$1?file=/$3 last; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/12.04/templates/web/nginx/php5-fpm/moodle.tpl b/install/ubuntu/12.04/templates/web/nginx/php5-fpm/moodle.tpl new file mode 100644 index 00000000..0147c821 --- /dev/null +++ b/install/ubuntu/12.04/templates/web/nginx/php5-fpm/moodle.tpl @@ -0,0 +1,82 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + rewrite ^/(.*\.php)(/)(.*)$ /$1?file=/$3 last; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Very rarely should these ever be accessed outside of your lan + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/12.04/templates/web/nginx/php5-fpm/owncloud.stpl b/install/ubuntu/12.04/templates/web/nginx/php5-fpm/owncloud.stpl index 8311ca43..3d3b7547 100644 --- a/install/ubuntu/12.04/templates/web/nginx/php5-fpm/owncloud.stpl +++ b/install/ubuntu/12.04/templates/web/nginx/php5-fpm/owncloud.stpl @@ -43,7 +43,7 @@ server { try_files $uri $uri/ /index.php; location ~ \.php(?:$|/) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_split_path_info ^(.+\.php)(/.+)$; include /etc/nginx/fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; diff --git a/install/ubuntu/12.04/templates/web/nginx/php5-fpm/owncloud.tpl b/install/ubuntu/12.04/templates/web/nginx/php5-fpm/owncloud.tpl index 57cac2f8..2e898100 100644 --- a/install/ubuntu/12.04/templates/web/nginx/php5-fpm/owncloud.tpl +++ b/install/ubuntu/12.04/templates/web/nginx/php5-fpm/owncloud.tpl @@ -39,7 +39,7 @@ server { try_files $uri $uri/ /index.php; location ~ \.php(?:$|/) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_split_path_info ^(.+\.php)(/.+)$; include /etc/nginx/fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; diff --git a/install/ubuntu/12.10/templates/web/nginx/php5-fpm/drupal.stpl b/install/ubuntu/12.10/templates/web/nginx/php5-fpm/drupal.stpl deleted file mode 100644 index 9a548439..00000000 --- a/install/ubuntu/12.10/templates/web/nginx/php5-fpm/drupal.stpl +++ /dev/null @@ -1,101 +0,0 @@ -server { - listen %ip%:%web_ssl_port%; - server_name %domain_idn% %alias_idn%; - root %docroot%; - index index.php index.html index.htm; - access_log /var/log/nginx/domains/%domain%.log combined; - access_log /var/log/nginx/domains/%domain%.bytes bytes; - error_log /var/log/nginx/domains/%domain%.error.log error; - - ssl on; - ssl_certificate %ssl_pem%; - ssl_certificate_key %ssl_key%; - - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - - location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) - #rewrite ^/(.*)$ /index.php?q=$1; - } - - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } - - error_page 403 /error/404.html; - error_page 404 /error/404.html; - error_page 500 502 503 504 /error/50x.html; - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location ~* "/\.(htaccess|htpasswd)$" { - deny all; - return 404; - } - - include /etc/nginx/conf.d/phpmyadmin.inc*; - include /etc/nginx/conf.d/phppgadmin.inc*; - include /etc/nginx/conf.d/webmail.inc*; - - include %home%/%user%/conf/web/nginx.%domain%.conf*; -} diff --git a/install/ubuntu/12.10/templates/web/nginx/php5-fpm/drupal.tpl b/install/ubuntu/12.10/templates/web/nginx/php5-fpm/drupal.tpl deleted file mode 100644 index 417762c1..00000000 --- a/install/ubuntu/12.10/templates/web/nginx/php5-fpm/drupal.tpl +++ /dev/null @@ -1,98 +0,0 @@ -server { - listen %ip%:%web_port%; - server_name %domain_idn% %alias_idn%; - root %docroot%; - index index.php index.html index.htm; - access_log /var/log/nginx/domains/%domain%.log combined; - access_log /var/log/nginx/domains/%domain%.bytes bytes; - error_log /var/log/nginx/domains/%domain%.error.log error; - - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - # Very rarely should these ever be accessed outside of your lan - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - - location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) - #rewrite ^/(.*)$ /index.php?q=$1; - } - - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } - - error_page 403 /error/404.html; - error_page 404 /error/404.html; - error_page 500 502 503 504 /error/50x.html; - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location ~* "/\.(htaccess|htpasswd)$" { - deny all; - return 404; - } - - include /etc/nginx/conf.d/phpmyadmin.inc*; - include /etc/nginx/conf.d/phppgadmin.inc*; - include /etc/nginx/conf.d/webmail.inc*; - - include %home%/%user%/conf/web/nginx.%domain%.conf*; -} diff --git a/install/ubuntu/12.10/templates/web/nginx/php5-fpm/drupal6.stpl b/install/ubuntu/12.10/templates/web/nginx/php5-fpm/drupal6.stpl new file mode 100644 index 00000000..62e67cc9 --- /dev/null +++ b/install/ubuntu/12.10/templates/web/nginx/php5-fpm/drupal6.stpl @@ -0,0 +1,96 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # For Drupal 6 and bwlow: + # Some modules enforce no slash (/) at the end of the URL + # Else this rewrite block wouldn't be needed (GlobalRedirect) + rewrite ^/(.*)$ /index.php?q=$1; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/12.10/templates/web/nginx/php5-fpm/drupal6.tpl b/install/ubuntu/12.10/templates/web/nginx/php5-fpm/drupal6.tpl new file mode 100644 index 00000000..52adf452 --- /dev/null +++ b/install/ubuntu/12.10/templates/web/nginx/php5-fpm/drupal6.tpl @@ -0,0 +1,93 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Very rarely should these ever be accessed outside of your lan + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # For Drupal 6 and bwlow: + # Some modules enforce no slash (/) at the end of the URL + # Else this rewrite block wouldn't be needed (GlobalRedirect) + rewrite ^/(.*)$ /index.php?q=$1; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/12.10/templates/web/nginx/php5-fpm/drupal7.stpl b/install/ubuntu/12.10/templates/web/nginx/php5-fpm/drupal7.stpl new file mode 100644 index 00000000..6ff87d84 --- /dev/null +++ b/install/ubuntu/12.10/templates/web/nginx/php5-fpm/drupal7.stpl @@ -0,0 +1,96 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /index.php; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/12.10/templates/web/nginx/php5-fpm/drupal7.tpl b/install/ubuntu/12.10/templates/web/nginx/php5-fpm/drupal7.tpl new file mode 100644 index 00000000..75719cd9 --- /dev/null +++ b/install/ubuntu/12.10/templates/web/nginx/php5-fpm/drupal7.tpl @@ -0,0 +1,93 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Very rarely should these ever be accessed outside of your lan + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /index.php; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/12.10/templates/web/nginx/php5-fpm/drupal8.stpl b/install/ubuntu/12.10/templates/web/nginx/php5-fpm/drupal8.stpl new file mode 100644 index 00000000..b334d481 --- /dev/null +++ b/install/ubuntu/12.10/templates/web/nginx/php5-fpm/drupal8.stpl @@ -0,0 +1,97 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$)|^/update.php { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /index.php; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/12.10/templates/web/nginx/php5-fpm/drupal8.tpl b/install/ubuntu/12.10/templates/web/nginx/php5-fpm/drupal8.tpl new file mode 100644 index 00000000..c927ab13 --- /dev/null +++ b/install/ubuntu/12.10/templates/web/nginx/php5-fpm/drupal8.tpl @@ -0,0 +1,94 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Very rarely should these ever be accessed outside of your lan + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$)|^/update.php { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /index.php; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/12.10/templates/web/nginx/php5-fpm/moodle.stpl b/install/ubuntu/12.10/templates/web/nginx/php5-fpm/moodle.stpl new file mode 100644 index 00000000..c67efe86 --- /dev/null +++ b/install/ubuntu/12.10/templates/web/nginx/php5-fpm/moodle.stpl @@ -0,0 +1,85 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + rewrite ^/(.*\.php)(/)(.*)$ /$1?file=/$3 last; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/12.10/templates/web/nginx/php5-fpm/moodle.tpl b/install/ubuntu/12.10/templates/web/nginx/php5-fpm/moodle.tpl new file mode 100644 index 00000000..0147c821 --- /dev/null +++ b/install/ubuntu/12.10/templates/web/nginx/php5-fpm/moodle.tpl @@ -0,0 +1,82 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + rewrite ^/(.*\.php)(/)(.*)$ /$1?file=/$3 last; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Very rarely should these ever be accessed outside of your lan + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/12.10/templates/web/nginx/php5-fpm/owncloud.stpl b/install/ubuntu/12.10/templates/web/nginx/php5-fpm/owncloud.stpl index 8311ca43..3d3b7547 100644 --- a/install/ubuntu/12.10/templates/web/nginx/php5-fpm/owncloud.stpl +++ b/install/ubuntu/12.10/templates/web/nginx/php5-fpm/owncloud.stpl @@ -43,7 +43,7 @@ server { try_files $uri $uri/ /index.php; location ~ \.php(?:$|/) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_split_path_info ^(.+\.php)(/.+)$; include /etc/nginx/fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; diff --git a/install/ubuntu/12.10/templates/web/nginx/php5-fpm/owncloud.tpl b/install/ubuntu/12.10/templates/web/nginx/php5-fpm/owncloud.tpl index 57cac2f8..2e898100 100644 --- a/install/ubuntu/12.10/templates/web/nginx/php5-fpm/owncloud.tpl +++ b/install/ubuntu/12.10/templates/web/nginx/php5-fpm/owncloud.tpl @@ -39,7 +39,7 @@ server { try_files $uri $uri/ /index.php; location ~ \.php(?:$|/) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_split_path_info ^(.+\.php)(/.+)$; include /etc/nginx/fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; diff --git a/install/ubuntu/13.04/templates/web/nginx/php5-fpm/drupal.stpl b/install/ubuntu/13.04/templates/web/nginx/php5-fpm/drupal.stpl deleted file mode 100644 index 9a548439..00000000 --- a/install/ubuntu/13.04/templates/web/nginx/php5-fpm/drupal.stpl +++ /dev/null @@ -1,101 +0,0 @@ -server { - listen %ip%:%web_ssl_port%; - server_name %domain_idn% %alias_idn%; - root %docroot%; - index index.php index.html index.htm; - access_log /var/log/nginx/domains/%domain%.log combined; - access_log /var/log/nginx/domains/%domain%.bytes bytes; - error_log /var/log/nginx/domains/%domain%.error.log error; - - ssl on; - ssl_certificate %ssl_pem%; - ssl_certificate_key %ssl_key%; - - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - - location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) - #rewrite ^/(.*)$ /index.php?q=$1; - } - - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } - - error_page 403 /error/404.html; - error_page 404 /error/404.html; - error_page 500 502 503 504 /error/50x.html; - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location ~* "/\.(htaccess|htpasswd)$" { - deny all; - return 404; - } - - include /etc/nginx/conf.d/phpmyadmin.inc*; - include /etc/nginx/conf.d/phppgadmin.inc*; - include /etc/nginx/conf.d/webmail.inc*; - - include %home%/%user%/conf/web/nginx.%domain%.conf*; -} diff --git a/install/ubuntu/13.04/templates/web/nginx/php5-fpm/drupal.tpl b/install/ubuntu/13.04/templates/web/nginx/php5-fpm/drupal.tpl deleted file mode 100644 index 417762c1..00000000 --- a/install/ubuntu/13.04/templates/web/nginx/php5-fpm/drupal.tpl +++ /dev/null @@ -1,98 +0,0 @@ -server { - listen %ip%:%web_port%; - server_name %domain_idn% %alias_idn%; - root %docroot%; - index index.php index.html index.htm; - access_log /var/log/nginx/domains/%domain%.log combined; - access_log /var/log/nginx/domains/%domain%.bytes bytes; - error_log /var/log/nginx/domains/%domain%.error.log error; - - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - # Very rarely should these ever be accessed outside of your lan - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - - location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) - #rewrite ^/(.*)$ /index.php?q=$1; - } - - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } - - error_page 403 /error/404.html; - error_page 404 /error/404.html; - error_page 500 502 503 504 /error/50x.html; - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location ~* "/\.(htaccess|htpasswd)$" { - deny all; - return 404; - } - - include /etc/nginx/conf.d/phpmyadmin.inc*; - include /etc/nginx/conf.d/phppgadmin.inc*; - include /etc/nginx/conf.d/webmail.inc*; - - include %home%/%user%/conf/web/nginx.%domain%.conf*; -} diff --git a/install/ubuntu/13.04/templates/web/nginx/php5-fpm/drupal6.stpl b/install/ubuntu/13.04/templates/web/nginx/php5-fpm/drupal6.stpl new file mode 100644 index 00000000..62e67cc9 --- /dev/null +++ b/install/ubuntu/13.04/templates/web/nginx/php5-fpm/drupal6.stpl @@ -0,0 +1,96 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # For Drupal 6 and bwlow: + # Some modules enforce no slash (/) at the end of the URL + # Else this rewrite block wouldn't be needed (GlobalRedirect) + rewrite ^/(.*)$ /index.php?q=$1; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/13.04/templates/web/nginx/php5-fpm/drupal6.tpl b/install/ubuntu/13.04/templates/web/nginx/php5-fpm/drupal6.tpl new file mode 100644 index 00000000..52adf452 --- /dev/null +++ b/install/ubuntu/13.04/templates/web/nginx/php5-fpm/drupal6.tpl @@ -0,0 +1,93 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Very rarely should these ever be accessed outside of your lan + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # For Drupal 6 and bwlow: + # Some modules enforce no slash (/) at the end of the URL + # Else this rewrite block wouldn't be needed (GlobalRedirect) + rewrite ^/(.*)$ /index.php?q=$1; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/13.04/templates/web/nginx/php5-fpm/drupal7.stpl b/install/ubuntu/13.04/templates/web/nginx/php5-fpm/drupal7.stpl new file mode 100644 index 00000000..6ff87d84 --- /dev/null +++ b/install/ubuntu/13.04/templates/web/nginx/php5-fpm/drupal7.stpl @@ -0,0 +1,96 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /index.php; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/13.04/templates/web/nginx/php5-fpm/drupal7.tpl b/install/ubuntu/13.04/templates/web/nginx/php5-fpm/drupal7.tpl new file mode 100644 index 00000000..75719cd9 --- /dev/null +++ b/install/ubuntu/13.04/templates/web/nginx/php5-fpm/drupal7.tpl @@ -0,0 +1,93 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Very rarely should these ever be accessed outside of your lan + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /index.php; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/13.04/templates/web/nginx/php5-fpm/drupal8.stpl b/install/ubuntu/13.04/templates/web/nginx/php5-fpm/drupal8.stpl new file mode 100644 index 00000000..b334d481 --- /dev/null +++ b/install/ubuntu/13.04/templates/web/nginx/php5-fpm/drupal8.stpl @@ -0,0 +1,97 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$)|^/update.php { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /index.php; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/13.04/templates/web/nginx/php5-fpm/drupal8.tpl b/install/ubuntu/13.04/templates/web/nginx/php5-fpm/drupal8.tpl new file mode 100644 index 00000000..c927ab13 --- /dev/null +++ b/install/ubuntu/13.04/templates/web/nginx/php5-fpm/drupal8.tpl @@ -0,0 +1,94 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Very rarely should these ever be accessed outside of your lan + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$)|^/update.php { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /index.php; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/13.04/templates/web/nginx/php5-fpm/moodle.stpl b/install/ubuntu/13.04/templates/web/nginx/php5-fpm/moodle.stpl new file mode 100644 index 00000000..c67efe86 --- /dev/null +++ b/install/ubuntu/13.04/templates/web/nginx/php5-fpm/moodle.stpl @@ -0,0 +1,85 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + rewrite ^/(.*\.php)(/)(.*)$ /$1?file=/$3 last; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/13.04/templates/web/nginx/php5-fpm/moodle.tpl b/install/ubuntu/13.04/templates/web/nginx/php5-fpm/moodle.tpl new file mode 100644 index 00000000..0147c821 --- /dev/null +++ b/install/ubuntu/13.04/templates/web/nginx/php5-fpm/moodle.tpl @@ -0,0 +1,82 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + rewrite ^/(.*\.php)(/)(.*)$ /$1?file=/$3 last; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Very rarely should these ever be accessed outside of your lan + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/13.04/templates/web/nginx/php5-fpm/owncloud.stpl b/install/ubuntu/13.04/templates/web/nginx/php5-fpm/owncloud.stpl index 8311ca43..3d3b7547 100644 --- a/install/ubuntu/13.04/templates/web/nginx/php5-fpm/owncloud.stpl +++ b/install/ubuntu/13.04/templates/web/nginx/php5-fpm/owncloud.stpl @@ -43,7 +43,7 @@ server { try_files $uri $uri/ /index.php; location ~ \.php(?:$|/) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_split_path_info ^(.+\.php)(/.+)$; include /etc/nginx/fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; diff --git a/install/ubuntu/13.04/templates/web/nginx/php5-fpm/owncloud.tpl b/install/ubuntu/13.04/templates/web/nginx/php5-fpm/owncloud.tpl index 57cac2f8..2e898100 100644 --- a/install/ubuntu/13.04/templates/web/nginx/php5-fpm/owncloud.tpl +++ b/install/ubuntu/13.04/templates/web/nginx/php5-fpm/owncloud.tpl @@ -39,7 +39,7 @@ server { try_files $uri $uri/ /index.php; location ~ \.php(?:$|/) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_split_path_info ^(.+\.php)(/.+)$; include /etc/nginx/fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; diff --git a/install/ubuntu/13.10/templates/web/nginx/php5-fpm/drupal.stpl b/install/ubuntu/13.10/templates/web/nginx/php5-fpm/drupal.stpl deleted file mode 100644 index 9a548439..00000000 --- a/install/ubuntu/13.10/templates/web/nginx/php5-fpm/drupal.stpl +++ /dev/null @@ -1,101 +0,0 @@ -server { - listen %ip%:%web_ssl_port%; - server_name %domain_idn% %alias_idn%; - root %docroot%; - index index.php index.html index.htm; - access_log /var/log/nginx/domains/%domain%.log combined; - access_log /var/log/nginx/domains/%domain%.bytes bytes; - error_log /var/log/nginx/domains/%domain%.error.log error; - - ssl on; - ssl_certificate %ssl_pem%; - ssl_certificate_key %ssl_key%; - - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - - location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) - #rewrite ^/(.*)$ /index.php?q=$1; - } - - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } - - error_page 403 /error/404.html; - error_page 404 /error/404.html; - error_page 500 502 503 504 /error/50x.html; - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location ~* "/\.(htaccess|htpasswd)$" { - deny all; - return 404; - } - - include /etc/nginx/conf.d/phpmyadmin.inc*; - include /etc/nginx/conf.d/phppgadmin.inc*; - include /etc/nginx/conf.d/webmail.inc*; - - include %home%/%user%/conf/web/nginx.%domain%.conf*; -} diff --git a/install/ubuntu/13.10/templates/web/nginx/php5-fpm/drupal.tpl b/install/ubuntu/13.10/templates/web/nginx/php5-fpm/drupal.tpl deleted file mode 100644 index 417762c1..00000000 --- a/install/ubuntu/13.10/templates/web/nginx/php5-fpm/drupal.tpl +++ /dev/null @@ -1,98 +0,0 @@ -server { - listen %ip%:%web_port%; - server_name %domain_idn% %alias_idn%; - root %docroot%; - index index.php index.html index.htm; - access_log /var/log/nginx/domains/%domain%.log combined; - access_log /var/log/nginx/domains/%domain%.bytes bytes; - error_log /var/log/nginx/domains/%domain%.error.log error; - - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - # Very rarely should these ever be accessed outside of your lan - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - - location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) - #rewrite ^/(.*)$ /index.php?q=$1; - } - - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } - - error_page 403 /error/404.html; - error_page 404 /error/404.html; - error_page 500 502 503 504 /error/50x.html; - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location ~* "/\.(htaccess|htpasswd)$" { - deny all; - return 404; - } - - include /etc/nginx/conf.d/phpmyadmin.inc*; - include /etc/nginx/conf.d/phppgadmin.inc*; - include /etc/nginx/conf.d/webmail.inc*; - - include %home%/%user%/conf/web/nginx.%domain%.conf*; -} diff --git a/install/ubuntu/13.10/templates/web/nginx/php5-fpm/drupal6.stpl b/install/ubuntu/13.10/templates/web/nginx/php5-fpm/drupal6.stpl new file mode 100644 index 00000000..62e67cc9 --- /dev/null +++ b/install/ubuntu/13.10/templates/web/nginx/php5-fpm/drupal6.stpl @@ -0,0 +1,96 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # For Drupal 6 and bwlow: + # Some modules enforce no slash (/) at the end of the URL + # Else this rewrite block wouldn't be needed (GlobalRedirect) + rewrite ^/(.*)$ /index.php?q=$1; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/13.10/templates/web/nginx/php5-fpm/drupal6.tpl b/install/ubuntu/13.10/templates/web/nginx/php5-fpm/drupal6.tpl new file mode 100644 index 00000000..52adf452 --- /dev/null +++ b/install/ubuntu/13.10/templates/web/nginx/php5-fpm/drupal6.tpl @@ -0,0 +1,93 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Very rarely should these ever be accessed outside of your lan + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # For Drupal 6 and bwlow: + # Some modules enforce no slash (/) at the end of the URL + # Else this rewrite block wouldn't be needed (GlobalRedirect) + rewrite ^/(.*)$ /index.php?q=$1; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/13.10/templates/web/nginx/php5-fpm/drupal7.stpl b/install/ubuntu/13.10/templates/web/nginx/php5-fpm/drupal7.stpl new file mode 100644 index 00000000..6ff87d84 --- /dev/null +++ b/install/ubuntu/13.10/templates/web/nginx/php5-fpm/drupal7.stpl @@ -0,0 +1,96 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /index.php; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/13.10/templates/web/nginx/php5-fpm/drupal7.tpl b/install/ubuntu/13.10/templates/web/nginx/php5-fpm/drupal7.tpl new file mode 100644 index 00000000..75719cd9 --- /dev/null +++ b/install/ubuntu/13.10/templates/web/nginx/php5-fpm/drupal7.tpl @@ -0,0 +1,93 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Very rarely should these ever be accessed outside of your lan + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /index.php; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/13.10/templates/web/nginx/php5-fpm/drupal8.stpl b/install/ubuntu/13.10/templates/web/nginx/php5-fpm/drupal8.stpl new file mode 100644 index 00000000..b334d481 --- /dev/null +++ b/install/ubuntu/13.10/templates/web/nginx/php5-fpm/drupal8.stpl @@ -0,0 +1,97 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$)|^/update.php { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /index.php; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/13.10/templates/web/nginx/php5-fpm/drupal8.tpl b/install/ubuntu/13.10/templates/web/nginx/php5-fpm/drupal8.tpl new file mode 100644 index 00000000..c927ab13 --- /dev/null +++ b/install/ubuntu/13.10/templates/web/nginx/php5-fpm/drupal8.tpl @@ -0,0 +1,94 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Very rarely should these ever be accessed outside of your lan + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$)|^/update.php { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /index.php; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/13.10/templates/web/nginx/php5-fpm/moodle.stpl b/install/ubuntu/13.10/templates/web/nginx/php5-fpm/moodle.stpl new file mode 100644 index 00000000..c67efe86 --- /dev/null +++ b/install/ubuntu/13.10/templates/web/nginx/php5-fpm/moodle.stpl @@ -0,0 +1,85 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + rewrite ^/(.*\.php)(/)(.*)$ /$1?file=/$3 last; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/13.10/templates/web/nginx/php5-fpm/moodle.tpl b/install/ubuntu/13.10/templates/web/nginx/php5-fpm/moodle.tpl new file mode 100644 index 00000000..0147c821 --- /dev/null +++ b/install/ubuntu/13.10/templates/web/nginx/php5-fpm/moodle.tpl @@ -0,0 +1,82 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + rewrite ^/(.*\.php)(/)(.*)$ /$1?file=/$3 last; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Very rarely should these ever be accessed outside of your lan + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/13.10/templates/web/nginx/php5-fpm/owncloud.stpl b/install/ubuntu/13.10/templates/web/nginx/php5-fpm/owncloud.stpl index 8311ca43..3d3b7547 100644 --- a/install/ubuntu/13.10/templates/web/nginx/php5-fpm/owncloud.stpl +++ b/install/ubuntu/13.10/templates/web/nginx/php5-fpm/owncloud.stpl @@ -43,7 +43,7 @@ server { try_files $uri $uri/ /index.php; location ~ \.php(?:$|/) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_split_path_info ^(.+\.php)(/.+)$; include /etc/nginx/fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; diff --git a/install/ubuntu/13.10/templates/web/nginx/php5-fpm/owncloud.tpl b/install/ubuntu/13.10/templates/web/nginx/php5-fpm/owncloud.tpl index 57cac2f8..2e898100 100644 --- a/install/ubuntu/13.10/templates/web/nginx/php5-fpm/owncloud.tpl +++ b/install/ubuntu/13.10/templates/web/nginx/php5-fpm/owncloud.tpl @@ -39,7 +39,7 @@ server { try_files $uri $uri/ /index.php; location ~ \.php(?:$|/) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_split_path_info ^(.+\.php)(/.+)$; include /etc/nginx/fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; diff --git a/install/ubuntu/14.04/templates/web/nginx/php5-fpm/drupal.stpl b/install/ubuntu/14.04/templates/web/nginx/php5-fpm/drupal.stpl deleted file mode 100644 index 9a548439..00000000 --- a/install/ubuntu/14.04/templates/web/nginx/php5-fpm/drupal.stpl +++ /dev/null @@ -1,101 +0,0 @@ -server { - listen %ip%:%web_ssl_port%; - server_name %domain_idn% %alias_idn%; - root %docroot%; - index index.php index.html index.htm; - access_log /var/log/nginx/domains/%domain%.log combined; - access_log /var/log/nginx/domains/%domain%.bytes bytes; - error_log /var/log/nginx/domains/%domain%.error.log error; - - ssl on; - ssl_certificate %ssl_pem%; - ssl_certificate_key %ssl_key%; - - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - - location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) - #rewrite ^/(.*)$ /index.php?q=$1; - } - - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } - - error_page 403 /error/404.html; - error_page 404 /error/404.html; - error_page 500 502 503 504 /error/50x.html; - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location ~* "/\.(htaccess|htpasswd)$" { - deny all; - return 404; - } - - include /etc/nginx/conf.d/phpmyadmin.inc*; - include /etc/nginx/conf.d/phppgadmin.inc*; - include /etc/nginx/conf.d/webmail.inc*; - - include %home%/%user%/conf/web/nginx.%domain%.conf*; -} diff --git a/install/ubuntu/14.04/templates/web/nginx/php5-fpm/drupal.tpl b/install/ubuntu/14.04/templates/web/nginx/php5-fpm/drupal.tpl deleted file mode 100644 index 417762c1..00000000 --- a/install/ubuntu/14.04/templates/web/nginx/php5-fpm/drupal.tpl +++ /dev/null @@ -1,98 +0,0 @@ -server { - listen %ip%:%web_port%; - server_name %domain_idn% %alias_idn%; - root %docroot%; - index index.php index.html index.htm; - access_log /var/log/nginx/domains/%domain%.log combined; - access_log /var/log/nginx/domains/%domain%.bytes bytes; - error_log /var/log/nginx/domains/%domain%.error.log error; - - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - # Very rarely should these ever be accessed outside of your lan - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - - location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) - #rewrite ^/(.*)$ /index.php?q=$1; - } - - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } - - error_page 403 /error/404.html; - error_page 404 /error/404.html; - error_page 500 502 503 504 /error/50x.html; - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location ~* "/\.(htaccess|htpasswd)$" { - deny all; - return 404; - } - - include /etc/nginx/conf.d/phpmyadmin.inc*; - include /etc/nginx/conf.d/phppgadmin.inc*; - include /etc/nginx/conf.d/webmail.inc*; - - include %home%/%user%/conf/web/nginx.%domain%.conf*; -} diff --git a/install/ubuntu/14.04/templates/web/nginx/php5-fpm/drupal6.stpl b/install/ubuntu/14.04/templates/web/nginx/php5-fpm/drupal6.stpl new file mode 100644 index 00000000..62e67cc9 --- /dev/null +++ b/install/ubuntu/14.04/templates/web/nginx/php5-fpm/drupal6.stpl @@ -0,0 +1,96 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # For Drupal 6 and bwlow: + # Some modules enforce no slash (/) at the end of the URL + # Else this rewrite block wouldn't be needed (GlobalRedirect) + rewrite ^/(.*)$ /index.php?q=$1; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/14.04/templates/web/nginx/php5-fpm/drupal6.tpl b/install/ubuntu/14.04/templates/web/nginx/php5-fpm/drupal6.tpl new file mode 100644 index 00000000..52adf452 --- /dev/null +++ b/install/ubuntu/14.04/templates/web/nginx/php5-fpm/drupal6.tpl @@ -0,0 +1,93 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Very rarely should these ever be accessed outside of your lan + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # For Drupal 6 and bwlow: + # Some modules enforce no slash (/) at the end of the URL + # Else this rewrite block wouldn't be needed (GlobalRedirect) + rewrite ^/(.*)$ /index.php?q=$1; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/14.04/templates/web/nginx/php5-fpm/drupal7.stpl b/install/ubuntu/14.04/templates/web/nginx/php5-fpm/drupal7.stpl new file mode 100644 index 00000000..6ff87d84 --- /dev/null +++ b/install/ubuntu/14.04/templates/web/nginx/php5-fpm/drupal7.stpl @@ -0,0 +1,96 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /index.php; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/14.04/templates/web/nginx/php5-fpm/drupal7.tpl b/install/ubuntu/14.04/templates/web/nginx/php5-fpm/drupal7.tpl new file mode 100644 index 00000000..75719cd9 --- /dev/null +++ b/install/ubuntu/14.04/templates/web/nginx/php5-fpm/drupal7.tpl @@ -0,0 +1,93 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Very rarely should these ever be accessed outside of your lan + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /index.php; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/14.04/templates/web/nginx/php5-fpm/drupal8.stpl b/install/ubuntu/14.04/templates/web/nginx/php5-fpm/drupal8.stpl new file mode 100644 index 00000000..b334d481 --- /dev/null +++ b/install/ubuntu/14.04/templates/web/nginx/php5-fpm/drupal8.stpl @@ -0,0 +1,97 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$)|^/update.php { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /index.php; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/14.04/templates/web/nginx/php5-fpm/drupal8.tpl b/install/ubuntu/14.04/templates/web/nginx/php5-fpm/drupal8.tpl new file mode 100644 index 00000000..c927ab13 --- /dev/null +++ b/install/ubuntu/14.04/templates/web/nginx/php5-fpm/drupal8.tpl @@ -0,0 +1,94 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Very rarely should these ever be accessed outside of your lan + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$)|^/update.php { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /index.php; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/14.04/templates/web/nginx/php5-fpm/moodle.stpl b/install/ubuntu/14.04/templates/web/nginx/php5-fpm/moodle.stpl new file mode 100644 index 00000000..c67efe86 --- /dev/null +++ b/install/ubuntu/14.04/templates/web/nginx/php5-fpm/moodle.stpl @@ -0,0 +1,85 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + rewrite ^/(.*\.php)(/)(.*)$ /$1?file=/$3 last; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/14.04/templates/web/nginx/php5-fpm/moodle.tpl b/install/ubuntu/14.04/templates/web/nginx/php5-fpm/moodle.tpl new file mode 100644 index 00000000..0147c821 --- /dev/null +++ b/install/ubuntu/14.04/templates/web/nginx/php5-fpm/moodle.tpl @@ -0,0 +1,82 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + rewrite ^/(.*\.php)(/)(.*)$ /$1?file=/$3 last; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Very rarely should these ever be accessed outside of your lan + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/14.04/templates/web/nginx/php5-fpm/owncloud.stpl b/install/ubuntu/14.04/templates/web/nginx/php5-fpm/owncloud.stpl index 8311ca43..3d3b7547 100644 --- a/install/ubuntu/14.04/templates/web/nginx/php5-fpm/owncloud.stpl +++ b/install/ubuntu/14.04/templates/web/nginx/php5-fpm/owncloud.stpl @@ -43,7 +43,7 @@ server { try_files $uri $uri/ /index.php; location ~ \.php(?:$|/) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_split_path_info ^(.+\.php)(/.+)$; include /etc/nginx/fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; diff --git a/install/ubuntu/14.04/templates/web/nginx/php5-fpm/owncloud.tpl b/install/ubuntu/14.04/templates/web/nginx/php5-fpm/owncloud.tpl index 57cac2f8..2e898100 100644 --- a/install/ubuntu/14.04/templates/web/nginx/php5-fpm/owncloud.tpl +++ b/install/ubuntu/14.04/templates/web/nginx/php5-fpm/owncloud.tpl @@ -39,7 +39,7 @@ server { try_files $uri $uri/ /index.php; location ~ \.php(?:$|/) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_split_path_info ^(.+\.php)(/.+)$; include /etc/nginx/fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; diff --git a/install/ubuntu/14.10/templates/web/nginx/php5-fpm/drupal.stpl b/install/ubuntu/14.10/templates/web/nginx/php5-fpm/drupal.stpl deleted file mode 100644 index 9a548439..00000000 --- a/install/ubuntu/14.10/templates/web/nginx/php5-fpm/drupal.stpl +++ /dev/null @@ -1,101 +0,0 @@ -server { - listen %ip%:%web_ssl_port%; - server_name %domain_idn% %alias_idn%; - root %docroot%; - index index.php index.html index.htm; - access_log /var/log/nginx/domains/%domain%.log combined; - access_log /var/log/nginx/domains/%domain%.bytes bytes; - error_log /var/log/nginx/domains/%domain%.error.log error; - - ssl on; - ssl_certificate %ssl_pem%; - ssl_certificate_key %ssl_key%; - - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - - location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) - #rewrite ^/(.*)$ /index.php?q=$1; - } - - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } - - error_page 403 /error/404.html; - error_page 404 /error/404.html; - error_page 500 502 503 504 /error/50x.html; - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location ~* "/\.(htaccess|htpasswd)$" { - deny all; - return 404; - } - - include /etc/nginx/conf.d/phpmyadmin.inc*; - include /etc/nginx/conf.d/phppgadmin.inc*; - include /etc/nginx/conf.d/webmail.inc*; - - include %home%/%user%/conf/web/nginx.%domain%.conf*; -} diff --git a/install/ubuntu/14.10/templates/web/nginx/php5-fpm/drupal.tpl b/install/ubuntu/14.10/templates/web/nginx/php5-fpm/drupal.tpl deleted file mode 100644 index 417762c1..00000000 --- a/install/ubuntu/14.10/templates/web/nginx/php5-fpm/drupal.tpl +++ /dev/null @@ -1,98 +0,0 @@ -server { - listen %ip%:%web_port%; - server_name %domain_idn% %alias_idn%; - root %docroot%; - index index.php index.html index.htm; - access_log /var/log/nginx/domains/%domain%.log combined; - access_log /var/log/nginx/domains/%domain%.bytes bytes; - error_log /var/log/nginx/domains/%domain%.error.log error; - - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - # Very rarely should these ever be accessed outside of your lan - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - - location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) - #rewrite ^/(.*)$ /index.php?q=$1; - } - - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } - - error_page 403 /error/404.html; - error_page 404 /error/404.html; - error_page 500 502 503 504 /error/50x.html; - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location ~* "/\.(htaccess|htpasswd)$" { - deny all; - return 404; - } - - include /etc/nginx/conf.d/phpmyadmin.inc*; - include /etc/nginx/conf.d/phppgadmin.inc*; - include /etc/nginx/conf.d/webmail.inc*; - - include %home%/%user%/conf/web/nginx.%domain%.conf*; -} diff --git a/install/ubuntu/14.10/templates/web/nginx/php5-fpm/drupal6.stpl b/install/ubuntu/14.10/templates/web/nginx/php5-fpm/drupal6.stpl new file mode 100644 index 00000000..62e67cc9 --- /dev/null +++ b/install/ubuntu/14.10/templates/web/nginx/php5-fpm/drupal6.stpl @@ -0,0 +1,96 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # For Drupal 6 and bwlow: + # Some modules enforce no slash (/) at the end of the URL + # Else this rewrite block wouldn't be needed (GlobalRedirect) + rewrite ^/(.*)$ /index.php?q=$1; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/14.10/templates/web/nginx/php5-fpm/drupal6.tpl b/install/ubuntu/14.10/templates/web/nginx/php5-fpm/drupal6.tpl new file mode 100644 index 00000000..52adf452 --- /dev/null +++ b/install/ubuntu/14.10/templates/web/nginx/php5-fpm/drupal6.tpl @@ -0,0 +1,93 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Very rarely should these ever be accessed outside of your lan + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # For Drupal 6 and bwlow: + # Some modules enforce no slash (/) at the end of the URL + # Else this rewrite block wouldn't be needed (GlobalRedirect) + rewrite ^/(.*)$ /index.php?q=$1; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/14.10/templates/web/nginx/php5-fpm/drupal7.stpl b/install/ubuntu/14.10/templates/web/nginx/php5-fpm/drupal7.stpl new file mode 100644 index 00000000..6ff87d84 --- /dev/null +++ b/install/ubuntu/14.10/templates/web/nginx/php5-fpm/drupal7.stpl @@ -0,0 +1,96 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /index.php; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/14.10/templates/web/nginx/php5-fpm/drupal7.tpl b/install/ubuntu/14.10/templates/web/nginx/php5-fpm/drupal7.tpl new file mode 100644 index 00000000..75719cd9 --- /dev/null +++ b/install/ubuntu/14.10/templates/web/nginx/php5-fpm/drupal7.tpl @@ -0,0 +1,93 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Very rarely should these ever be accessed outside of your lan + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /index.php; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/14.10/templates/web/nginx/php5-fpm/drupal8.stpl b/install/ubuntu/14.10/templates/web/nginx/php5-fpm/drupal8.stpl new file mode 100644 index 00000000..b334d481 --- /dev/null +++ b/install/ubuntu/14.10/templates/web/nginx/php5-fpm/drupal8.stpl @@ -0,0 +1,97 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$)|^/update.php { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /index.php; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/14.10/templates/web/nginx/php5-fpm/drupal8.tpl b/install/ubuntu/14.10/templates/web/nginx/php5-fpm/drupal8.tpl new file mode 100644 index 00000000..c927ab13 --- /dev/null +++ b/install/ubuntu/14.10/templates/web/nginx/php5-fpm/drupal8.tpl @@ -0,0 +1,94 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Very rarely should these ever be accessed outside of your lan + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$)|^/update.php { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /index.php; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/14.10/templates/web/nginx/php5-fpm/moodle.stpl b/install/ubuntu/14.10/templates/web/nginx/php5-fpm/moodle.stpl new file mode 100644 index 00000000..c67efe86 --- /dev/null +++ b/install/ubuntu/14.10/templates/web/nginx/php5-fpm/moodle.stpl @@ -0,0 +1,85 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + rewrite ^/(.*\.php)(/)(.*)$ /$1?file=/$3 last; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/14.10/templates/web/nginx/php5-fpm/moodle.tpl b/install/ubuntu/14.10/templates/web/nginx/php5-fpm/moodle.tpl new file mode 100644 index 00000000..0147c821 --- /dev/null +++ b/install/ubuntu/14.10/templates/web/nginx/php5-fpm/moodle.tpl @@ -0,0 +1,82 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + rewrite ^/(.*\.php)(/)(.*)$ /$1?file=/$3 last; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Very rarely should these ever be accessed outside of your lan + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/14.10/templates/web/nginx/php5-fpm/owncloud.stpl b/install/ubuntu/14.10/templates/web/nginx/php5-fpm/owncloud.stpl index 8311ca43..3d3b7547 100644 --- a/install/ubuntu/14.10/templates/web/nginx/php5-fpm/owncloud.stpl +++ b/install/ubuntu/14.10/templates/web/nginx/php5-fpm/owncloud.stpl @@ -43,7 +43,7 @@ server { try_files $uri $uri/ /index.php; location ~ \.php(?:$|/) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_split_path_info ^(.+\.php)(/.+)$; include /etc/nginx/fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; diff --git a/install/ubuntu/14.10/templates/web/nginx/php5-fpm/owncloud.tpl b/install/ubuntu/14.10/templates/web/nginx/php5-fpm/owncloud.tpl index 57cac2f8..2e898100 100644 --- a/install/ubuntu/14.10/templates/web/nginx/php5-fpm/owncloud.tpl +++ b/install/ubuntu/14.10/templates/web/nginx/php5-fpm/owncloud.tpl @@ -39,7 +39,7 @@ server { try_files $uri $uri/ /index.php; location ~ \.php(?:$|/) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_split_path_info ^(.+\.php)(/.+)$; include /etc/nginx/fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; diff --git a/install/ubuntu/15.04/templates/web/nginx/php5-fpm/drupal.stpl b/install/ubuntu/15.04/templates/web/nginx/php5-fpm/drupal.stpl deleted file mode 100644 index 9a548439..00000000 --- a/install/ubuntu/15.04/templates/web/nginx/php5-fpm/drupal.stpl +++ /dev/null @@ -1,101 +0,0 @@ -server { - listen %ip%:%web_ssl_port%; - server_name %domain_idn% %alias_idn%; - root %docroot%; - index index.php index.html index.htm; - access_log /var/log/nginx/domains/%domain%.log combined; - access_log /var/log/nginx/domains/%domain%.bytes bytes; - error_log /var/log/nginx/domains/%domain%.error.log error; - - ssl on; - ssl_certificate %ssl_pem%; - ssl_certificate_key %ssl_key%; - - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - - location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) - #rewrite ^/(.*)$ /index.php?q=$1; - } - - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } - - error_page 403 /error/404.html; - error_page 404 /error/404.html; - error_page 500 502 503 504 /error/50x.html; - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location ~* "/\.(htaccess|htpasswd)$" { - deny all; - return 404; - } - - include /etc/nginx/conf.d/phpmyadmin.inc*; - include /etc/nginx/conf.d/phppgadmin.inc*; - include /etc/nginx/conf.d/webmail.inc*; - - include %home%/%user%/conf/web/nginx.%domain%.conf*; -} diff --git a/install/ubuntu/15.04/templates/web/nginx/php5-fpm/drupal.tpl b/install/ubuntu/15.04/templates/web/nginx/php5-fpm/drupal.tpl deleted file mode 100644 index 417762c1..00000000 --- a/install/ubuntu/15.04/templates/web/nginx/php5-fpm/drupal.tpl +++ /dev/null @@ -1,98 +0,0 @@ -server { - listen %ip%:%web_port%; - server_name %domain_idn% %alias_idn%; - root %docroot%; - index index.php index.html index.htm; - access_log /var/log/nginx/domains/%domain%.log combined; - access_log /var/log/nginx/domains/%domain%.bytes bytes; - error_log /var/log/nginx/domains/%domain%.error.log error; - - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - # Very rarely should these ever be accessed outside of your lan - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - - location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) - #rewrite ^/(.*)$ /index.php?q=$1; - } - - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } - - error_page 403 /error/404.html; - error_page 404 /error/404.html; - error_page 500 502 503 504 /error/50x.html; - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location ~* "/\.(htaccess|htpasswd)$" { - deny all; - return 404; - } - - include /etc/nginx/conf.d/phpmyadmin.inc*; - include /etc/nginx/conf.d/phppgadmin.inc*; - include /etc/nginx/conf.d/webmail.inc*; - - include %home%/%user%/conf/web/nginx.%domain%.conf*; -} diff --git a/install/ubuntu/15.04/templates/web/nginx/php5-fpm/drupal6.stpl b/install/ubuntu/15.04/templates/web/nginx/php5-fpm/drupal6.stpl new file mode 100644 index 00000000..62e67cc9 --- /dev/null +++ b/install/ubuntu/15.04/templates/web/nginx/php5-fpm/drupal6.stpl @@ -0,0 +1,96 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # For Drupal 6 and bwlow: + # Some modules enforce no slash (/) at the end of the URL + # Else this rewrite block wouldn't be needed (GlobalRedirect) + rewrite ^/(.*)$ /index.php?q=$1; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/15.04/templates/web/nginx/php5-fpm/drupal6.tpl b/install/ubuntu/15.04/templates/web/nginx/php5-fpm/drupal6.tpl new file mode 100644 index 00000000..52adf452 --- /dev/null +++ b/install/ubuntu/15.04/templates/web/nginx/php5-fpm/drupal6.tpl @@ -0,0 +1,93 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Very rarely should these ever be accessed outside of your lan + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # For Drupal 6 and bwlow: + # Some modules enforce no slash (/) at the end of the URL + # Else this rewrite block wouldn't be needed (GlobalRedirect) + rewrite ^/(.*)$ /index.php?q=$1; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/15.04/templates/web/nginx/php5-fpm/drupal7.stpl b/install/ubuntu/15.04/templates/web/nginx/php5-fpm/drupal7.stpl new file mode 100644 index 00000000..6ff87d84 --- /dev/null +++ b/install/ubuntu/15.04/templates/web/nginx/php5-fpm/drupal7.stpl @@ -0,0 +1,96 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /index.php; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/15.04/templates/web/nginx/php5-fpm/drupal7.tpl b/install/ubuntu/15.04/templates/web/nginx/php5-fpm/drupal7.tpl new file mode 100644 index 00000000..75719cd9 --- /dev/null +++ b/install/ubuntu/15.04/templates/web/nginx/php5-fpm/drupal7.tpl @@ -0,0 +1,93 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Very rarely should these ever be accessed outside of your lan + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /index.php; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/15.04/templates/web/nginx/php5-fpm/drupal8.stpl b/install/ubuntu/15.04/templates/web/nginx/php5-fpm/drupal8.stpl new file mode 100644 index 00000000..b334d481 --- /dev/null +++ b/install/ubuntu/15.04/templates/web/nginx/php5-fpm/drupal8.stpl @@ -0,0 +1,97 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$)|^/update.php { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /index.php; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/15.04/templates/web/nginx/php5-fpm/drupal8.tpl b/install/ubuntu/15.04/templates/web/nginx/php5-fpm/drupal8.tpl new file mode 100644 index 00000000..c927ab13 --- /dev/null +++ b/install/ubuntu/15.04/templates/web/nginx/php5-fpm/drupal8.tpl @@ -0,0 +1,94 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Very rarely should these ever be accessed outside of your lan + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$)|^/update.php { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /index.php; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/15.04/templates/web/nginx/php5-fpm/moodle.stpl b/install/ubuntu/15.04/templates/web/nginx/php5-fpm/moodle.stpl new file mode 100644 index 00000000..c67efe86 --- /dev/null +++ b/install/ubuntu/15.04/templates/web/nginx/php5-fpm/moodle.stpl @@ -0,0 +1,85 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + rewrite ^/(.*\.php)(/)(.*)$ /$1?file=/$3 last; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/15.04/templates/web/nginx/php5-fpm/moodle.tpl b/install/ubuntu/15.04/templates/web/nginx/php5-fpm/moodle.tpl new file mode 100644 index 00000000..0147c821 --- /dev/null +++ b/install/ubuntu/15.04/templates/web/nginx/php5-fpm/moodle.tpl @@ -0,0 +1,82 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + rewrite ^/(.*\.php)(/)(.*)$ /$1?file=/$3 last; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Very rarely should these ever be accessed outside of your lan + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/15.04/templates/web/nginx/php5-fpm/owncloud.stpl b/install/ubuntu/15.04/templates/web/nginx/php5-fpm/owncloud.stpl index 8311ca43..3d3b7547 100644 --- a/install/ubuntu/15.04/templates/web/nginx/php5-fpm/owncloud.stpl +++ b/install/ubuntu/15.04/templates/web/nginx/php5-fpm/owncloud.stpl @@ -43,7 +43,7 @@ server { try_files $uri $uri/ /index.php; location ~ \.php(?:$|/) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_split_path_info ^(.+\.php)(/.+)$; include /etc/nginx/fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; diff --git a/install/ubuntu/15.04/templates/web/nginx/php5-fpm/owncloud.tpl b/install/ubuntu/15.04/templates/web/nginx/php5-fpm/owncloud.tpl index 57cac2f8..2e898100 100644 --- a/install/ubuntu/15.04/templates/web/nginx/php5-fpm/owncloud.tpl +++ b/install/ubuntu/15.04/templates/web/nginx/php5-fpm/owncloud.tpl @@ -39,7 +39,7 @@ server { try_files $uri $uri/ /index.php; location ~ \.php(?:$|/) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_split_path_info ^(.+\.php)(/.+)$; include /etc/nginx/fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; diff --git a/install/ubuntu/15.10/templates/web/nginx/php5-fpm/drupal.stpl b/install/ubuntu/15.10/templates/web/nginx/php5-fpm/drupal.stpl deleted file mode 100644 index 9a548439..00000000 --- a/install/ubuntu/15.10/templates/web/nginx/php5-fpm/drupal.stpl +++ /dev/null @@ -1,101 +0,0 @@ -server { - listen %ip%:%web_ssl_port%; - server_name %domain_idn% %alias_idn%; - root %docroot%; - index index.php index.html index.htm; - access_log /var/log/nginx/domains/%domain%.log combined; - access_log /var/log/nginx/domains/%domain%.bytes bytes; - error_log /var/log/nginx/domains/%domain%.error.log error; - - ssl on; - ssl_certificate %ssl_pem%; - ssl_certificate_key %ssl_key%; - - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - - location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) - #rewrite ^/(.*)$ /index.php?q=$1; - } - - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } - - error_page 403 /error/404.html; - error_page 404 /error/404.html; - error_page 500 502 503 504 /error/50x.html; - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location ~* "/\.(htaccess|htpasswd)$" { - deny all; - return 404; - } - - include /etc/nginx/conf.d/phpmyadmin.inc*; - include /etc/nginx/conf.d/phppgadmin.inc*; - include /etc/nginx/conf.d/webmail.inc*; - - include %home%/%user%/conf/web/nginx.%domain%.conf*; -} diff --git a/install/ubuntu/15.10/templates/web/nginx/php5-fpm/drupal.tpl b/install/ubuntu/15.10/templates/web/nginx/php5-fpm/drupal.tpl deleted file mode 100644 index 417762c1..00000000 --- a/install/ubuntu/15.10/templates/web/nginx/php5-fpm/drupal.tpl +++ /dev/null @@ -1,98 +0,0 @@ -server { - listen %ip%:%web_port%; - server_name %domain_idn% %alias_idn%; - root %docroot%; - index index.php index.html index.htm; - access_log /var/log/nginx/domains/%domain%.log combined; - access_log /var/log/nginx/domains/%domain%.bytes bytes; - error_log /var/log/nginx/domains/%domain%.error.log error; - - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - # Very rarely should these ever be accessed outside of your lan - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - - location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) - #rewrite ^/(.*)$ /index.php?q=$1; - } - - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } - - error_page 403 /error/404.html; - error_page 404 /error/404.html; - error_page 500 502 503 504 /error/50x.html; - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location ~* "/\.(htaccess|htpasswd)$" { - deny all; - return 404; - } - - include /etc/nginx/conf.d/phpmyadmin.inc*; - include /etc/nginx/conf.d/phppgadmin.inc*; - include /etc/nginx/conf.d/webmail.inc*; - - include %home%/%user%/conf/web/nginx.%domain%.conf*; -} diff --git a/install/ubuntu/15.10/templates/web/nginx/php5-fpm/drupal6.stpl b/install/ubuntu/15.10/templates/web/nginx/php5-fpm/drupal6.stpl new file mode 100644 index 00000000..62e67cc9 --- /dev/null +++ b/install/ubuntu/15.10/templates/web/nginx/php5-fpm/drupal6.stpl @@ -0,0 +1,96 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # For Drupal 6 and bwlow: + # Some modules enforce no slash (/) at the end of the URL + # Else this rewrite block wouldn't be needed (GlobalRedirect) + rewrite ^/(.*)$ /index.php?q=$1; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/15.10/templates/web/nginx/php5-fpm/drupal6.tpl b/install/ubuntu/15.10/templates/web/nginx/php5-fpm/drupal6.tpl new file mode 100644 index 00000000..52adf452 --- /dev/null +++ b/install/ubuntu/15.10/templates/web/nginx/php5-fpm/drupal6.tpl @@ -0,0 +1,93 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Very rarely should these ever be accessed outside of your lan + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # For Drupal 6 and bwlow: + # Some modules enforce no slash (/) at the end of the URL + # Else this rewrite block wouldn't be needed (GlobalRedirect) + rewrite ^/(.*)$ /index.php?q=$1; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/15.10/templates/web/nginx/php5-fpm/drupal7.stpl b/install/ubuntu/15.10/templates/web/nginx/php5-fpm/drupal7.stpl new file mode 100644 index 00000000..6ff87d84 --- /dev/null +++ b/install/ubuntu/15.10/templates/web/nginx/php5-fpm/drupal7.stpl @@ -0,0 +1,96 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /index.php; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/15.10/templates/web/nginx/php5-fpm/drupal7.tpl b/install/ubuntu/15.10/templates/web/nginx/php5-fpm/drupal7.tpl new file mode 100644 index 00000000..75719cd9 --- /dev/null +++ b/install/ubuntu/15.10/templates/web/nginx/php5-fpm/drupal7.tpl @@ -0,0 +1,93 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Very rarely should these ever be accessed outside of your lan + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /index.php; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/15.10/templates/web/nginx/php5-fpm/drupal8.stpl b/install/ubuntu/15.10/templates/web/nginx/php5-fpm/drupal8.stpl new file mode 100644 index 00000000..b334d481 --- /dev/null +++ b/install/ubuntu/15.10/templates/web/nginx/php5-fpm/drupal8.stpl @@ -0,0 +1,97 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$)|^/update.php { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /index.php; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/15.10/templates/web/nginx/php5-fpm/drupal8.tpl b/install/ubuntu/15.10/templates/web/nginx/php5-fpm/drupal8.tpl new file mode 100644 index 00000000..c927ab13 --- /dev/null +++ b/install/ubuntu/15.10/templates/web/nginx/php5-fpm/drupal8.tpl @@ -0,0 +1,94 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Very rarely should these ever be accessed outside of your lan + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$)|^/update.php { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /index.php; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/15.10/templates/web/nginx/php5-fpm/moodle.stpl b/install/ubuntu/15.10/templates/web/nginx/php5-fpm/moodle.stpl new file mode 100644 index 00000000..c67efe86 --- /dev/null +++ b/install/ubuntu/15.10/templates/web/nginx/php5-fpm/moodle.stpl @@ -0,0 +1,85 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + rewrite ^/(.*\.php)(/)(.*)$ /$1?file=/$3 last; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/15.10/templates/web/nginx/php5-fpm/moodle.tpl b/install/ubuntu/15.10/templates/web/nginx/php5-fpm/moodle.tpl new file mode 100644 index 00000000..0147c821 --- /dev/null +++ b/install/ubuntu/15.10/templates/web/nginx/php5-fpm/moodle.tpl @@ -0,0 +1,82 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + rewrite ^/(.*\.php)(/)(.*)$ /$1?file=/$3 last; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Very rarely should these ever be accessed outside of your lan + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/15.10/templates/web/nginx/php5-fpm/owncloud.stpl b/install/ubuntu/15.10/templates/web/nginx/php5-fpm/owncloud.stpl index 8311ca43..3d3b7547 100644 --- a/install/ubuntu/15.10/templates/web/nginx/php5-fpm/owncloud.stpl +++ b/install/ubuntu/15.10/templates/web/nginx/php5-fpm/owncloud.stpl @@ -43,7 +43,7 @@ server { try_files $uri $uri/ /index.php; location ~ \.php(?:$|/) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_split_path_info ^(.+\.php)(/.+)$; include /etc/nginx/fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; diff --git a/install/ubuntu/15.10/templates/web/nginx/php5-fpm/owncloud.tpl b/install/ubuntu/15.10/templates/web/nginx/php5-fpm/owncloud.tpl index 57cac2f8..2e898100 100644 --- a/install/ubuntu/15.10/templates/web/nginx/php5-fpm/owncloud.tpl +++ b/install/ubuntu/15.10/templates/web/nginx/php5-fpm/owncloud.tpl @@ -39,7 +39,7 @@ server { try_files $uri $uri/ /index.php; location ~ \.php(?:$|/) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_split_path_info ^(.+\.php)(/.+)$; include /etc/nginx/fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info;