Ansible/nginx
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

First commit

Browse source
This commit is contained in:
Dryusdan 2020-05-28 09:41:32 +02:00
parent a99da690f6
commit d63fe26d1e
50 changed files with 5575 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

32
exemple.yml Normal file
View file

@ -0,0 +1,32 @@
nginx_le_reload: drycronkey
nginx_certs_renew_cron: drycronkey
nginx_vhost:
- name: www.dryusdan.fr-80.conf
server_name: www.dryusdan.fr
listen: 80
ipv6: true
template: redirect
redirect: "https://$host$request_uri"
redirect_code: 301
- name: www.dryusdan.fr-443.conf
server_name: www.dryusdan.fr
listen: 443
ipv6: true
ssl: true
letsencrypt: true
client_max_body_size: '10M'
template: proxy
proxy: 10.10.10.1:2987
include_conf:
- headers.conf
- name: cash.dryusdan.fr-80.conf
server_name: cash.dryusdan.fr
listen: 80
ipv6: false
root: /var/www/cash_dryusdan_fr/public
index: index.php
template: php
fastcgi_param:
- name: HTTPS
value: on

72
files/check_cert.sh Normal file
View file

@ -0,0 +1,72 @@
#!/bin/bash
RELOAD_NGINX=0
## Variables
CSI="\033["
CEND="${CSI}0m"
CRED="${CSI}1;31m"
CGREEN="${CSI}1;32m"
CYELLOW="${CSI}1;33m"
CBLUE="${CSI}1;34m"
## Functions
f_log() {
LOG_TYPE=$1
LOG_MESSAGE=$2
case "${LOG_TYPE}" in
"INF")
echo -e "${CBLUE}[NOTICE] $(date +%Y/%m/%d-%H:%M:%S) ${LOG_MESSAGE}${CEND}"
;;
"SUC")
echo -e "${CGREEN}[SUCCESS] $(date +%Y/%m/%d-%H:%M:%S) ${LOG_MESSAGE}${CEND}"
;;
"WRN")
echo -e "${CYELLOW}[WARNING] $(date +%Y/%m/%d-%H:%M:%S) ${LOG_MESSAGE}${CEND}"
;;
"ERR")
echo -e "${CRED}[ERROR] $(date +%Y/%m/%d-%H:%M:%S) ${LOG_MESSAGE}${CEND}"
;;
esac
}
f_check_certs() {
LIST_DOMAINS=$(ls /etc/nginx/ssl/certificates | grep .crt | grep -v issuer | sed 's|.crt||g')
for domain in ${LIST_DOMAINS}; do
CERTFILE=/etc/nginx/ssl/certificates/${domain}.crt
KEYFILE=/etc/nginx/ssl/certificates/${domain}.key
SSL_ALGO="$(openssl x509 -text -in ${CERTFILE} | grep "Public Key Algorithm" | awk '{print $4}')"
SSL_SIZE="$(openssl x509 -text -in ${CERTFILE} | grep "Public-Key" | sed 's/^.*(\(.*\) bit)$/\1/')"
if [ "${SSL_ALGO}" == "rsaEncryption" ]; then
SSL_TYPE="rsa${SSL_SIZE}"
elif [ "${SSL_ALGO}" == "id-ecPublicKey" ]; then
SSL_TYPE="ec${SSL_SIZE}"
fi
openssl x509 -checkend 864000 -noout -in "${CERTFILE}"
if [ $? == 0 ]; then
f_log INF "Certificate for ${domain} is good for another 10 days!"
else
f_log INF "Generate New Certificate for ${domain}"
lego -a -m ssl@dryusdan.fr -d ${domain} --path /etc/nginx/ssl --webroot /var/www/letsencrypt/ -k ${SSL_TYPE} renew
if [ -e ${CERTFILE} ]; then
RELOAD_NGINX=1
f_log INF "New Certificate for ${domain} generated"
else
f_log ERR "New Certificate for ${domain} not generated"
fi
fi
done
}
f_check_certs
if [ ${RELOAD_NGINX} -eq 1 ]; then
nginx -s reload
fi

34
files/etc/logrotate.d/nginx Normal file
View file

@ -0,0 +1,34 @@
/var/log/nginx/*.access.log {
daily
missingok
rotate 365
compress
delaycompress
notifempty
create 0640 www-data adm
sharedscripts
olddir /var/log/archive-nginx
prerotate
endscript
postrotate
[ ! -f /var/run/nginx.pid ] || kill -USR1 `cat /var/run/nginx.pid`
endscript
}
/var/log/nginx/*.error.log {
daily
missingok
rotate 7
compress
delaycompress
notifempty
create 0640 www-data adm
sharedscripts
olddir /var/log/archive-nginx
prerotate
endscript
postrotate
[ ! -f /var/run/nginx.pid ] || kill -USR1 `cat /var/run/nginx.pid`
endscript
}

294
files/etc/nginx/conf.d/blacklist Normal file
View file

@ -0,0 +1,294 @@
deny 37.230.213.0/24; # 2018-05-22 spam campaign
deny 95.181.218.128/25; # 2018-05-22 spam campaign
deny 185.101.68.0/25; # 2018-05-22 spam campaign
deny 185.101.69.0/25; # 2018-05-22 spam campaign
deny 46.243.173.0/25; # 2018-05-22 spam campaign
deny 5.62.152.0/25; # 2018-05-22 spam campaign
deny 5.62.152.128/26; # 2018-05-22 spam campaign
deny 5.62.152.192/27; # 2018-05-22 spam campaign
deny 5.62.152.224/28; # 2018-05-22 spam campaign
deny 5.62.152.240/29; # 2018-05-22 spam campaign
deny 5.62.152.248/30; # 2018-05-22 spam campaign
deny 5.62.152.252/31; # 2018-05-22 spam campaign
deny 5.62.152.254/32; # 2018-05-22 spam campaign
deny 178.57.65.128/25; # 2018-05-22 spam campaign
deny 178.57.68.0/25; # 2018-05-22 spam campaign
deny 185.101.71.0/24; # 2018-05-22 spam campaign
deny 95.181.219.0/25; # 2018-05-22 spam campaign
deny 5.8.38.0/24; # 2018-05-22 spam campaign
deny 37.9.40.0/24; # 2018-05-22 spam campaign
deny 5.62.159.0/24; # 2018-05-22 spam campaign
deny 5.189.205.0/25; # 2018-05-22 spam campaign
deny 37.230.212.0/24; # 2018-05-22 spam campaign
deny 5.189.204.0/25; # 2018-05-22 spam campaign
deny 178.57.66.128/25; # 2018-05-22 spam campaign
deny 185.101.70.0/24; # 2018-05-22 spam campaign
deny 178.57.68.128/25; # 2018-05-22 spam campaign
deny 5.62.154.0/25; # 2018-05-22 spam campaign
deny 178.57.65.0/25; # 2018-05-22 spam campaign
deny 185.101.69.128/25; # 2018-05-22 spam campaign
deny 5.62.157.0/24; # 2018-05-22 spam campaign
deny 5.62.156.0/24; # 2018-05-22 spam campaign
deny 5.62.158.0/24; # 2018-05-22 spam campaign
deny 95.181.218.0/25; # 2018-05-22 spam campaign
deny 5.62.154.128/25; # 2018-05-22 spam campaign
deny 5.189.201.128/25; # 2018-05-22 spam campaign
deny 185.13.32.0/25; # 2018-05-22 spam campaign
deny 37.9.41.0/24; # 2018-05-22 spam campaign
deny 5.189.202.0/25; # 2018-05-22 spam campaign
deny 5.189.207.0/25; # 2018-05-22 spam campaign
deny 5.62.153.0/24; # 2018-05-22 spam campaign
deny 141.101.201.0/25; # 2018-05-22 spam campaign
deny 178.57.66.0/25; # 2018-05-22 spam campaign
deny 95.181.217.128/25; # 2018-05-22 spam campaign
deny 5.189.202.128/25; # 2018-05-22 spam campaign
deny 95.181.217.0/25; # 2018-05-22 spam campaign
deny 37.18.42.128/25; # 2018-05-22 spam campaign
deny 188.68.1.0/25; # 2018-05-22 spam campaign
deny 188.68.1.128/26; # 2018-05-22 spam campaign
deny 188.68.1.192/27; # 2018-05-22 spam campaign
deny 188.68.1.224/28; # 2018-05-22 spam campaign
deny 188.68.1.240/29; # 2018-05-22 spam campaign
deny 188.68.1.248/30; # 2018-05-22 spam campaign
deny 188.68.1.252/31; # 2018-05-22 spam campaign
deny 188.68.1.254/32; # 2018-05-22 spam campaign
deny 91.243.93.0/24; # 2018-05-22 spam campaign
deny 146.185.203.0/25; # 2018-05-22 spam campaign
deny 46.243.173.128/25; # 2018-05-22 spam campaign
deny 146.185.201.128/25; # 2018-05-22 spam campaign
deny 188.72.126.0/25; # 2018-05-22 spam campaign
deny 141.101.201.128/25; # 2018-05-22 spam campaign
deny 178.57.67.128/25; # 2018-05-22 spam campaign
deny 79.110.25.0/25; # 2018-05-22 spam campaign
deny 188.72.96.0/25; # 2018-05-22 spam campaign
deny 91.243.91.0/25; # 2018-05-22 spam campaign
deny 37.9.47.0/24; # 2018-05-22 spam campaign
deny 5.8.37.128/25; # 2018-05-22 spam campaign
deny 146.185.202.0/25; # 2018-05-22 spam campaign
deny 91.204.15.128/25; # 2018-05-22 spam campaign
deny 5.8.39.128/25; # 2018-05-22 spam campaign
deny 146.185.201.0/25; # 2018-05-22 spam campaign
deny 185.89.100.0/25; # 2018-05-22 spam campaign
deny 185.14.195.0/25; # 2018-05-22 spam campaign
deny 91.204.15.0/25; # 2018-05-22 spam campaign
deny 46.161.63.128/25; # 2018-05-22 spam campaign
deny 5.101.218.0/25; # 2018-05-22 spam campaign
deny 46.161.62.128/25; # 2018-05-22 spam campaign
deny 93.179.88.0/25; # 2018-05-22 spam campaign
deny 5.101.216.128/25; # 2018-05-22 spam campaign
deny 185.14.194.128/25; # 2018-05-22 spam campaign
deny 185.89.101.128/25; # 2018-05-22 spam campaign
deny 146.185.200.128/25; # 2018-05-22 spam campaign
deny 5.101.216.0/25; # 2018-05-22 spam campaign
deny 185.89.101.0/25; # 2018-05-22 spam campaign
deny 5.8.36.128/25; # 2018-05-22 spam campaign
deny 146.185.203.128/25; # 2018-05-22 spam campaign
deny 5.8.37.0/25; # 2018-05-22 spam campaign
deny 185.2.32.128/25; # 2018-05-22 spam campaign
deny 91.243.90.0/25; # 2018-05-22 spam campaign
deny 5.62.155.0/25; # 2018-05-22 spam campaign
deny 5.62.155.128/26; # 2018-05-22 spam campaign
deny 5.62.155.192/27; # 2018-05-22 spam campaign
deny 5.62.155.224/28; # 2018-05-22 spam campaign
deny 5.62.155.240/29; # 2018-05-22 spam campaign
deny 5.62.155.248/30; # 2018-05-22 spam campaign
deny 5.62.155.252/31; # 2018-05-22 spam campaign
deny 5.62.155.254/32; # 2018-05-22 spam campaign
deny 95.181.219.128/25; # 2018-05-22 spam campaign
deny 95.181.216.0/25; # 2018-05-22 spam campaign
deny 37.18.42.0/25; # 2018-05-22 spam campaign
deny 5.8.36.0/25; # 2018-05-22 spam campaign
deny 146.185.202.128/25; # 2018-05-22 spam campaign
deny 188.72.126.128/25; # 2018-05-22 spam campaign
deny 5.8.39.0/25; # 2018-05-22 spam campaign
deny 91.204.14.128/25; # 2018-05-22 spam campaign
deny 91.243.91.128/25; # 2018-05-22 spam campaign
deny 91.243.90.128/25; # 2018-05-22 spam campaign
deny 37.9.46.0/24; # 2018-05-22 spam campaign
deny 193.93.195.0/24; # 2018-05-22 spam campaign
deny 185.106.104.0/23; # 2018-05-22 spam campaign
deny 91.200.80.128/25; # 2018-05-22 spam campaign
deny 185.46.85.0/25; # 2018-05-22 spam campaign
deny 185.50.250.0/24; # 2018-05-22 spam campaign
deny 79.110.18.0/24; # 2018-05-22 spam campaign
deny 46.161.57.0/25; # 2018-05-22 spam campaign
deny 185.2.32.0/25; # 2018-05-22 spam campaign
deny 91.200.81.128/25; # 2018-05-22 spam campaign
deny 185.14.195.128/25; # 2018-05-22 spam campaign
deny 91.200.80.0/25; # 2018-05-22 spam campaign
deny 46.148.112.0/24; # 2018-05-22 spam campaign
deny 5.101.218.128/25; # 2018-05-22 spam campaign
deny 79.110.28.128/25; # 2018-05-22 spam campaign
deny 185.71.0.0/24; # 2018-05-22 spam campaign
deny 193.93.192.0/24; # 2018-05-22 spam campaign
deny 185.71.3.0/24; # 2018-05-22 spam campaign
deny 185.71.1.0/24; # 2018-05-22 spam campaign
deny 37.9.44.0/24; # 2018-05-22 spam campaign
deny 185.71.2.0/24; # 2018-05-22 spam campaign
deny 93.179.90.0/25; # 2018-05-22 spam campaign
deny 185.46.86.128/25; # 2018-05-22 spam campaign
deny 188.68.3.0/24; # 2018-05-22 spam campaign
deny 91.200.83.0/25; # 2018-05-22 spam campaign
deny 193.9.158.0/25; # 2018-05-22 spam campaign
deny 46.148.127.0/24; # 2018-05-22 spam campaign
deny 91.200.82.0/25; # 2018-05-22 spam campaign
deny 185.46.85.128/25; # 2018-05-22 spam campaign
deny 5.189.200.0/25; # 2018-05-22 spam campaign
deny 185.14.194.0/25; # 2018-05-22 spam campaign
deny 91.243.89.0/24; # 2018-05-22 spam campaign
deny 46.161.62.0/25; # 2018-05-22 spam campaign
deny 185.14.193.0/24; # 2018-05-22 spam campaign
deny 185.14.192.0/24; # 2018-05-22 spam campaign
deny 193.9.158.128/25; # 2018-05-22 spam campaign
deny 79.110.19.0/24; # 2018-05-22 spam campaign
deny 37.9.45.0/24; # 2018-05-22 spam campaign
deny 178.159.107.0/24; # 2018-05-22 spam campaign
deny 91.200.81.0/25; # 2018-05-22 spam campaign
deny 91.204.14.0/25; # 2018-05-22 spam campaign
deny 91.243.94.0/24; # 2018-05-22 spam campaign
deny 5.189.206.0/25; # 2018-05-22 spam campaign
deny 79.110.17.0/24; # 2018-05-22 spam campaign
deny 188.72.96.128/25; # 2018-05-22 spam campaign
deny 79.110.28.0/25; # 2018-05-22 spam campaign
deny 91.243.92.0/24; # 2018-05-22 spam campaign
deny 185.50.251.0/24; # 2018-05-22 spam campaign
deny 146.185.205.128/25; # 2018-05-22 spam campaign
deny 178.57.67.0/25; # 2018-05-22 spam campaign
deny 185.89.100.128/25; # 2018-05-22 spam campaign
deny 146.185.204.0/25; # 2018-05-22 spam campaign
deny 79.110.25.0/24; # 2018-05-22 spam campaign
deny 5.101.217.128/25; # 2018-05-22 spam campaign
deny 185.13.33.0/24; # 2018-05-22 spam campaign
deny 95.85.68.0/24; # 2018-05-22 spam campaign
deny 95.85.69.0/24; # 2018-05-22 spam campaign
deny 185.251.22.0/23; # 2018-05-22 spam campaign
deny 185.251.182.0/23; # 2018-05-22 spam campaign
deny 46.161.60.0/25; # 2018-05-22 spam campaign
deny 5.101.220.0/25; # 2018-05-22 spam campaign
deny 5.189.203.0/25; # 2018-05-22 spam campaign
deny 193.93.194.0/24; # 2018-05-22 spam campaign
deny 5.101.219.128/25; # 2018-05-22 spam campaign
deny 46.161.57.128/25; # 2018-05-22 spam campaign
deny 5.101.222.0/25; # 2018-05-22 spam campaign
deny 193.93.193.0/24; # 2018-05-22 spam campaign
deny 146.185.200.0/25; # 2018-05-22 spam campaign
deny 5.189.201.0/25; # 2018-05-22 spam campaign
deny 5.101.221.0/25; # 2018-05-22 spam campaign
deny 141.101.132.128/25; # 2018-05-22 spam campaign
deny 146.185.205.0/25; # 2018-05-22 spam campaign
deny 5.189.200.128/25; # 2018-05-22 spam campaign
deny 5.101.221.128/25; # 2018-05-22 spam campaign
deny 5.101.222.128/25; # 2018-05-22 spam campaign
deny 5.101.219.0/25; # 2018-05-22 spam campaign
deny 5.101.220.128/25; # 2018-05-22 spam campaign
deny 185.250.42.0/23; # 2018-05-22 spam campaign
deny 5.8.46.128/25; # 2018-05-22 spam campaign
deny 5.189.206.128/25; # 2018-05-22 spam campaign
deny 95.85.71.0/24; # 2018-05-22 spam campaign
deny 185.252.186.0/23; # 2018-05-22 spam campaign
deny 188.72.127.128/25; # 2018-05-22 spam campaign
deny 185.251.14.0/23; # 2018-05-22 spam campaign
deny 185.251.70.0/23; # 2018-05-22 spam campaign
deny 5.101.217.0/25; # 2018-05-22 spam campaign
deny 185.46.86.0/25; # 2018-05-22 spam campaign
deny 146.185.204.128/25; # 2018-05-22 spam campaign
deny 141.101.132.0/25; # 2018-05-22 spam campaign
deny 188.72.127.0/25; # 2018-05-22 spam campaign
deny 146.185.206.0/25; # 2018-05-22 spam campaign
deny 185.46.84.128/25; # 2018-05-22 spam campaign
deny 5.189.207.128/25; # 2018-05-22 spam campaign
deny 5.8.46.0/25; # 2018-05-22 spam campaign
deny 95.85.70.0/24; # 2018-05-22 spam campaign
deny 5.189.205.128/25; # 2018-05-22 spam campaign
deny 146.185.206.128/25; # 2018-05-22 spam campaign
deny 46.161.63.0/25; # 2018-05-22 spam campaign
deny 188.68.0.0/22; # 2018-05-22 spam campaign
deny 5.62.152.0/22; # 2018-05-22 spam campaign
deny 178.57.65.0/24; # 2018-05-22 spam campaign
deny 178.57.66.0/23; # 2018-05-22 spam campaign
deny 178.57.68.0/24; # 2018-05-22 spam campaign
deny 188.72.96.0/24; # 2018-05-22 spam campaign
deny 188.72.126.0/24; # 2018-05-22 spam campaign
deny 141.101.132.0/24; # 2018-05-22 spam campaign
deny 141.101.201.0/24; # 2018-05-22 spam campaign
deny 146.185.200.0/24; # 2018-05-22 spam campaign
deny 146.185.201.0/24; # 2018-05-22 spam campaign
deny 146.185.202.0/24; # 2018-05-22 spam campaign
deny 146.185.203.0/24; # 2018-05-22 spam campaign
deny 146.185.204.0/24; # 2018-05-22 spam campaign
deny 146.185.205.0/24; # 2018-05-22 spam campaign
deny 146.185.206.0/24; # 2018-05-22 spam campaign
deny 178.159.97.0/24; # 2018-05-22 spam campaign
deny 178.57.65.0/24; # 2018-05-22 spam campaign
deny 178.57.66.0/24; # 2018-05-22 spam campaign
deny 178.57.67.0/24; # 2018-05-22 spam campaign
deny 178.57.68.0/24; # 2018-05-22 spam campaign
deny 179.61.200.0/23; # 2018-05-22 spam campaign
deny 181.214.37.0/24; # 2018-05-22 spam campaign
deny 185.101.68.0/24; # 2018-05-22 spam campaign
deny 185.101.71.0/24; # 2018-05-22 spam campaign
deny 185.14.192.0/24; # 2018-05-22 spam campaign
deny 185.14.193.0/24; # 2018-05-22 spam campaign
deny 185.14.195.0/24; # 2018-05-22 spam campaign
deny 185.2.32.0/24; # 2018-05-22 spam campaign
deny 185.46.84.0/22; # 2018-05-22 spam campaign
deny 185.50.250.0/24; # 2018-05-22 spam campaign
deny 185.50.251.0/24; # 2018-05-22 spam campaign
deny 185.71.0.0/22; # 2018-05-22 spam campaign
deny 188.68.0.0/24; # 2018-05-22 spam campaign
deny 188.68.1.0/24; # 2018-05-22 spam campaign
deny 188.68.3.0/24; # 2018-05-22 spam campaign
deny 188.72.126.0/24; # 2018-05-22 spam campaign
deny 188.72.127.0/24; # 2018-05-22 spam campaign
deny 188.72.96.0/24; # 2018-05-22 spam campaign
deny 191.101.24.0/24; # 2018-05-22 spam campaign
deny 191.101.54.0/23; # 2018-05-22 spam campaign
deny 193.105.171.0/24; # 2018-05-22 spam campaign
deny 193.9.158.0/24; # 2018-05-22 spam campaign
deny 193.93.192.0/24; # 2018-05-22 spam campaign
deny 193.93.195.0/24; # 2018-05-22 spam campaign
deny 37.9.42.0/24; # 2018-05-22 spam campaign
deny 46.148.112.0/24; # 2018-05-22 spam campaign
deny 46.148.120.0/24; # 2018-05-22 spam campaign
deny 46.148.127.0/24; # 2018-05-22 spam campaign
deny 46.161.56.0/24; # 2018-05-22 spam campaign
deny 46.161.57.0/24; # 2018-05-22 spam campaign
deny 46.161.58.0/24; # 2018-05-22 spam campaign
deny 46.161.59.0/24; # 2018-05-22 spam campaign
deny 46.161.60.0/24; # 2018-05-22 spam campaign
deny 46.161.61.0/24; # 2018-05-22 spam campaign
deny 46.161.62.0/24; # 2018-05-22 spam campaign
deny 46.161.63.0/24; # 2018-05-22 spam campaign
deny 46.243.173.0/24; # 2018-05-22 spam campaign
deny 5.188.216.0/24; # 2018-05-22 spam campaign
deny 79.110.17.0/24; # 2018-05-22 spam campaign
deny 79.110.18.0/24; # 2018-05-22 spam campaign
deny 79.110.19.0/24; # 2018-05-22 spam campaign
deny 79.110.22.0/24; # 2018-05-22 spam campaign
deny 79.110.25.0/24; # 2018-05-22 spam campaign
deny 79.133.107.0/24; # 2018-05-22 spam campaign
deny 91.200.164.0/22; # 2018-05-22 spam campaign
deny 91.200.80.0/24; # 2018-05-22 spam campaign
deny 91.200.81.0/24; # 2018-05-22 spam campaign
deny 91.200.82.0/24; # 2018-05-22 spam campaign
deny 91.200.83.0/24; # 2018-05-22 spam campaign
deny 91.216.3.0/24; # 2018-05-22 spam campaign
deny 91.243.90.0/24; # 2018-05-22 spam campaign
deny 91.243.91.0/24; # 2018-05-22 spam campaign
deny 91.243.93.0/24; # 2018-05-22 spam campaign
deny 93.179.88.0/24; # 2018-05-22 spam campaign
deny 93.179.89.0/24; # 2018-05-22 spam campaign
deny 93.179.90.0/24; # 2018-05-22 spam campaign
deny 93.179.91.0/24; # 2018-05-22 spam campaign
deny 95.181.176.0/24; # 2018-05-22 spam campaign
deny 95.181.177.0/24; # 2018-05-22 spam campaign
deny 95.181.182.0/24; # 2018-05-22 spam campaign
deny 95.181.183.0/24; # 2018-05-22 spam campaign
deny 95.181.216.0/24; # 2018-05-22 spam campaign
deny 95.181.217.0/24; # 2018-05-22 spam campaign
deny 95.181.219.0/24; # 2018-05-22 spam campaign
deny 95.85.80.0/24; # 2018-05-22 spam campaign
deny 95.85.81.0/24; # 2018-05-22 spam campaign
deny 191.96.164.0/24; # 2018-05-22 spam campaign
deny 5.8.45.0/24; # 2018-05-22 spam campaign

3
files/etc/nginx/conf.d/headers.conf Normal file
View file

@ -0,0 +1,3 @@
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Frame-Options "SAMEORIGIN" always;

1
files/etc/nginx/conf.d/hsts.conf Normal file
View file

@ -0,0 +1 @@
add_header Strict-Transport-Security "max-age=31536000";

4
files/etc/nginx/conf.d/ocsp.conf Normal file
View file

@ -0,0 +1,4 @@
ssl_stapling on;
ssl_stapling_verify on;
resolver 10.10.10.9 10.10.11.8 valid=300s;
resolver_timeout 5s;

29
files/etc/nginx/conf.d/proxy.conf Normal file
View file

@ -0,0 +1,29 @@
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Remote-Port $remote_port;
proxy_set_header Proxy "";
proxy_pass_header Server;
proxy_redirect off;
proxy_intercept_errors on;
#proxy_buffering on;
#proxy_buffer_size 1k;
#proxy_buffers 16 8k;
#client_body_timeout 30;
#client_header_timeout 10;
#keepalive_timeout 30;
#send_timeout 60;
#keepalive_requests 100;
#sendfile on;
#tcp_nopush on;
#tcp_nodelay on;
error_page 502 /errors/502.html;
error_page 502 /errors/502.html;

11
files/etc/nginx/conf.d/ssl.conf Normal file
View file

@ -0,0 +1,11 @@
ssl_dhparam /etc/nginx/ssl/private/dhparam.pem;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ecdh_curve X25519:P-521:P-384:P-256;
ssl_ciphers "EECDH+CHACHA20:EECDH+AESGCM";
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 15m;
ssl_session_tickets off;

1
files/etc/nginx/conf.d/ssl_letsencrypt.conf Normal file
View file

@ -0,0 +1 @@
ssl_trusted_certificate /etc/nginx/ssl/private/letsencrypt-certs.pem;

26
files/etc/nginx/conf/fastcgi.conf Normal file
View file

@ -0,0 +1,26 @@
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param REQUEST_SCHEME $scheme;
fastcgi_param HTTPS $https if_not_empty;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;

26
files/etc/nginx/conf/fastcgi.conf.default Normal file
View file

@ -0,0 +1,26 @@
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param REQUEST_SCHEME $scheme;
fastcgi_param HTTPS $https if_not_empty;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;

25
files/etc/nginx/conf/fastcgi_params Normal file
View file

@ -0,0 +1,25 @@
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param REQUEST_SCHEME $scheme;
fastcgi_param HTTPS $https if_not_empty;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;

25
files/etc/nginx/conf/fastcgi_params.default Normal file
View file

@ -0,0 +1,25 @@
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param REQUEST_SCHEME $scheme;
fastcgi_param HTTPS $https if_not_empty;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;

109
files/etc/nginx/conf/koi-utf Normal file
View file

@ -0,0 +1,109 @@
# This map is not a full koi8-r <> utf8 map: it does not contain
# box-drawing and some other characters. Besides this map contains
# several koi8-u and Byelorussian letters which are not in koi8-r.
# If you need a full and standard map, use contrib/unicode2nginx/koi-utf
# map instead.
charset_map koi8-r utf-8 {
80 E282AC ; # euro
95 E280A2 ; # bullet
9A C2A0 ; # &nbsp;
9E C2B7 ; # &middot;
A3 D191 ; # small yo
A4 D194 ; # small Ukrainian ye
A6 D196 ; # small Ukrainian i
A7 D197 ; # small Ukrainian yi
AD D291 ; # small Ukrainian soft g
AE D19E ; # small Byelorussian short u
B0 C2B0 ; # &deg;
B3 D081 ; # capital YO
B4 D084 ; # capital Ukrainian YE
B6 D086 ; # capital Ukrainian I
B7 D087 ; # capital Ukrainian YI
B9 E28496 ; # numero sign
BD D290 ; # capital Ukrainian soft G
BE D18E ; # capital Byelorussian short U
BF C2A9 ; # (C)
C0 D18E ; # small yu
C1 D0B0 ; # small a
C2 D0B1 ; # small b
C3 D186 ; # small ts
C4 D0B4 ; # small d
C5 D0B5 ; # small ye
C6 D184 ; # small f
C7 D0B3 ; # small g
C8 D185 ; # small kh
C9 D0B8 ; # small i
CA D0B9 ; # small j
CB D0BA ; # small k
CC D0BB ; # small l
CD D0BC ; # small m
CE D0BD ; # small n
CF D0BE ; # small o
D0 D0BF ; # small p
D1 D18F ; # small ya
D2 D180 ; # small r
D3 D181 ; # small s
D4 D182 ; # small t
D5 D183 ; # small u
D6 D0B6 ; # small zh
D7 D0B2 ; # small v
D8 D18C ; # small soft sign
D9 D18B ; # small y
DA D0B7 ; # small z
DB D188 ; # small sh
DC D18D ; # small e
DD D189 ; # small shch
DE D187 ; # small ch
DF D18A ; # small hard sign
E0 D0AE ; # capital YU
E1 D090 ; # capital A
E2 D091 ; # capital B
E3 D0A6 ; # capital TS
E4 D094 ; # capital D
E5 D095 ; # capital YE
E6 D0A4 ; # capital F
E7 D093 ; # capital G
E8 D0A5 ; # capital KH
E9 D098 ; # capital I
EA D099 ; # capital J
EB D09A ; # capital K
EC D09B ; # capital L
ED D09C ; # capital M
EE D09D ; # capital N
EF D09E ; # capital O
F0 D09F ; # capital P
F1 D0AF ; # capital YA
F2 D0A0 ; # capital R
F3 D0A1 ; # capital S
F4 D0A2 ; # capital T
F5 D0A3 ; # capital U
F6 D096 ; # capital ZH
F7 D092 ; # capital V
F8 D0AC ; # capital soft sign
F9 D0AB ; # capital Y
FA D097 ; # capital Z
FB D0A8 ; # capital SH
FC D0AD ; # capital E
FD D0A9 ; # capital SHCH
FE D0A7 ; # capital CH
FF D0AA ; # capital hard sign
}

103
files/etc/nginx/conf/koi-win Normal file
View file

@ -0,0 +1,103 @@
charset_map koi8-r windows-1251 {
80 88 ; # euro
95 95 ; # bullet
9A A0 ; # &nbsp;
9E B7 ; # &middot;
A3 B8 ; # small yo
A4 BA ; # small Ukrainian ye
A6 B3 ; # small Ukrainian i
A7 BF ; # small Ukrainian yi
AD B4 ; # small Ukrainian soft g
AE A2 ; # small Byelorussian short u
B0 B0 ; # &deg;
B3 A8 ; # capital YO
B4 AA ; # capital Ukrainian YE
B6 B2 ; # capital Ukrainian I
B7 AF ; # capital Ukrainian YI
B9 B9 ; # numero sign
BD A5 ; # capital Ukrainian soft G
BE A1 ; # capital Byelorussian short U
BF A9 ; # (C)
C0 FE ; # small yu
C1 E0 ; # small a
C2 E1 ; # small b
C3 F6 ; # small ts
C4 E4 ; # small d
C5 E5 ; # small ye
C6 F4 ; # small f
C7 E3 ; # small g
C8 F5 ; # small kh
C9 E8 ; # small i
CA E9 ; # small j
CB EA ; # small k
CC EB ; # small l
CD EC ; # small m
CE ED ; # small n
CF EE ; # small o
D0 EF ; # small p
D1 FF ; # small ya
D2 F0 ; # small r
D3 F1 ; # small s
D4 F2 ; # small t
D5 F3 ; # small u
D6 E6 ; # small zh
D7 E2 ; # small v
D8 FC ; # small soft sign
D9 FB ; # small y
DA E7 ; # small z
DB F8 ; # small sh
DC FD ; # small e
DD F9 ; # small shch
DE F7 ; # small ch
DF FA ; # small hard sign
E0 DE ; # capital YU
E1 C0 ; # capital A
E2 C1 ; # capital B
E3 D6 ; # capital TS
E4 C4 ; # capital D
E5 C5 ; # capital YE
E6 D4 ; # capital F
E7 C3 ; # capital G
E8 D5 ; # capital KH
E9 C8 ; # capital I
EA C9 ; # capital J
EB CA ; # capital K
EC CB ; # capital L
ED CC ; # capital M
EE CD ; # capital N
EF CE ; # capital O
F0 CF ; # capital P
F1 DF ; # capital YA
F2 D0 ; # capital R
F3 D1 ; # capital S
F4 D2 ; # capital T
F5 D3 ; # capital U
F6 C6 ; # capital ZH
F7 C2 ; # capital V
F8 DC ; # capital soft sign
F9 DB ; # capital Y
FA C7 ; # capital Z
FB D8 ; # capital SH
FC DD ; # capital E
FD D9 ; # capital SHCH
FE D7 ; # capital CH
FF DA ; # capital hard sign
}

97
files/etc/nginx/conf/mime.types Normal file
View file

@ -0,0 +1,97 @@
types {
text/html html htm shtml;
text/css css;
text/xml xml;
image/gif gif;
image/jpeg jpeg jpg;
application/javascript js;
application/atom+xml atom;
application/rss+xml rss;
text/mathml mml;
text/plain txt;
text/vnd.sun.j2me.app-descriptor jad;
text/vnd.wap.wml wml;
text/x-component htc;
image/png png;
image/svg+xml svg svgz;
image/tiff tif tiff;
image/vnd.wap.wbmp wbmp;
image/webp webp;
image/x-icon ico;
image/x-jng jng;
image/x-ms-bmp bmp;
font/woff woff;
font/woff2 woff2;
application/java-archive jar war ear;
application/json json;
application/mac-binhex40 hqx;
application/msword doc;
application/pdf pdf;
application/postscript ps eps ai;
application/rtf rtf;
application/vnd.apple.mpegurl m3u8;
application/vnd.google-earth.kml+xml kml;
application/vnd.google-earth.kmz kmz;
application/vnd.ms-excel xls;
application/vnd.ms-fontobject eot;
application/vnd.ms-powerpoint ppt;
application/vnd.oasis.opendocument.graphics odg;
application/vnd.oasis.opendocument.presentation odp;
application/vnd.oasis.opendocument.spreadsheet ods;
application/vnd.oasis.opendocument.text odt;
application/vnd.openxmlformats-officedocument.presentationml.presentation
pptx;
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
xlsx;
application/vnd.openxmlformats-officedocument.wordprocessingml.document
docx;
application/vnd.wap.wmlc wmlc;
application/x-7z-compressed 7z;
application/x-cocoa cco;
application/x-java-archive-diff jardiff;
application/x-java-jnlp-file jnlp;
application/x-makeself run;
application/x-perl pl pm;
application/x-pilot prc pdb;
application/x-rar-compressed rar;
application/x-redhat-package-manager rpm;
application/x-sea sea;
application/x-shockwave-flash swf;
application/x-stuffit sit;
application/x-tcl tcl tk;
application/x-x509-ca-cert der pem crt;
application/x-xpinstall xpi;
application/xhtml+xml xhtml;
application/xspf+xml xspf;
application/zip zip;
application/octet-stream bin exe dll;
application/octet-stream deb;
application/octet-stream dmg;
application/octet-stream iso img;
application/octet-stream msi msp msm;
audio/midi mid midi kar;
audio/mpeg mp3;
audio/ogg ogg;
audio/x-m4a m4a;
audio/x-realaudio ra;
video/3gpp 3gpp 3gp;
video/mp2t ts;
video/mp4 mp4;
video/mpeg mpeg mpg;
video/quicktime mov;
video/webm webm;
video/x-flv flv;
video/x-m4v m4v;
video/x-mng mng;
video/x-ms-asf asx asf;
video/x-ms-wmv wmv;
video/x-msvideo avi;
}

97
files/etc/nginx/conf/mime.types.default Normal file
View file

@ -0,0 +1,97 @@
types {
text/html html htm shtml;
text/css css;
text/xml xml;
image/gif gif;
image/jpeg jpeg jpg;
application/javascript js;
application/atom+xml atom;
application/rss+xml rss;
text/mathml mml;
text/plain txt;
text/vnd.sun.j2me.app-descriptor jad;
text/vnd.wap.wml wml;
text/x-component htc;
image/png png;
image/svg+xml svg svgz;
image/tiff tif tiff;
image/vnd.wap.wbmp wbmp;
image/webp webp;
image/x-icon ico;
image/x-jng jng;
image/x-ms-bmp bmp;
font/woff woff;
font/woff2 woff2;
application/java-archive jar war ear;
application/json json;
application/mac-binhex40 hqx;
application/msword doc;
application/pdf pdf;
application/postscript ps eps ai;
application/rtf rtf;
application/vnd.apple.mpegurl m3u8;
application/vnd.google-earth.kml+xml kml;
application/vnd.google-earth.kmz kmz;
application/vnd.ms-excel xls;
application/vnd.ms-fontobject eot;
application/vnd.ms-powerpoint ppt;
application/vnd.oasis.opendocument.graphics odg;
application/vnd.oasis.opendocument.presentation odp;
application/vnd.oasis.opendocument.spreadsheet ods;
application/vnd.oasis.opendocument.text odt;
application/vnd.openxmlformats-officedocument.presentationml.presentation
pptx;
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
xlsx;
application/vnd.openxmlformats-officedocument.wordprocessingml.document
docx;
application/vnd.wap.wmlc wmlc;
application/x-7z-compressed 7z;
application/x-cocoa cco;
application/x-java-archive-diff jardiff;
application/x-java-jnlp-file jnlp;
application/x-makeself run;
application/x-perl pl pm;
application/x-pilot prc pdb;
application/x-rar-compressed rar;
application/x-redhat-package-manager rpm;
application/x-sea sea;
application/x-shockwave-flash swf;
application/x-stuffit sit;
application/x-tcl tcl tk;
application/x-x509-ca-cert der pem crt;
application/x-xpinstall xpi;
application/xhtml+xml xhtml;
application/xspf+xml xspf;
application/zip zip;
application/octet-stream bin exe dll;
application/octet-stream deb;
application/octet-stream dmg;
application/octet-stream iso img;
application/octet-stream msi msp msm;
audio/midi mid midi kar;
audio/mpeg mp3;
audio/ogg ogg;
audio/x-m4a m4a;
audio/x-realaudio ra;
video/3gpp 3gpp 3gp;
video/mp2t ts;
video/mp4 mp4;
video/mpeg mpeg mpg;
video/quicktime mov;
video/webm webm;
video/x-flv flv;
video/x-m4v m4v;
video/x-mng mng;
video/x-ms-asf asx asf;
video/x-ms-wmv wmv;
video/x-msvideo avi;
}

117
files/etc/nginx/conf/nginx.conf.default Normal file
View file

@ -0,0 +1,117 @@
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
server {
listen 80;
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root html;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
# HTTPS server
#
#server {
# listen 443 ssl;
# server_name localhost;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
#}
}

17
files/etc/nginx/conf/scgi_params Normal file
View file

@ -0,0 +1,17 @@
scgi_param REQUEST_METHOD $request_method;
scgi_param REQUEST_URI $request_uri;
scgi_param QUERY_STRING $query_string;
scgi_param CONTENT_TYPE $content_type;
scgi_param DOCUMENT_URI $document_uri;
scgi_param DOCUMENT_ROOT $document_root;
scgi_param SCGI 1;
scgi_param SERVER_PROTOCOL $server_protocol;
scgi_param REQUEST_SCHEME $scheme;
scgi_param HTTPS $https if_not_empty;
scgi_param REMOTE_ADDR $remote_addr;
scgi_param REMOTE_PORT $remote_port;
scgi_param SERVER_PORT $server_port;
scgi_param SERVER_NAME $server_name;

17
files/etc/nginx/conf/scgi_params.default Normal file
View file

@ -0,0 +1,17 @@
scgi_param REQUEST_METHOD $request_method;
scgi_param REQUEST_URI $request_uri;
scgi_param QUERY_STRING $query_string;
scgi_param CONTENT_TYPE $content_type;
scgi_param DOCUMENT_URI $document_uri;
scgi_param DOCUMENT_ROOT $document_root;
scgi_param SCGI 1;
scgi_param SERVER_PROTOCOL $server_protocol;
scgi_param REQUEST_SCHEME $scheme;
scgi_param HTTPS $https if_not_empty;
scgi_param REMOTE_ADDR $remote_addr;
scgi_param REMOTE_PORT $remote_port;
scgi_param SERVER_PORT $server_port;
scgi_param SERVER_NAME $server_name;

17
files/etc/nginx/conf/uwsgi_params Normal file
View file

@ -0,0 +1,17 @@
uwsgi_param QUERY_STRING $query_string;
uwsgi_param REQUEST_METHOD $request_method;
uwsgi_param CONTENT_TYPE $content_type;
uwsgi_param CONTENT_LENGTH $content_length;
uwsgi_param REQUEST_URI $request_uri;
uwsgi_param PATH_INFO $document_uri;
uwsgi_param DOCUMENT_ROOT $document_root;
uwsgi_param SERVER_PROTOCOL $server_protocol;
uwsgi_param REQUEST_SCHEME $scheme;
uwsgi_param HTTPS $https if_not_empty;
uwsgi_param REMOTE_ADDR $remote_addr;
uwsgi_param REMOTE_PORT $remote_port;
uwsgi_param SERVER_PORT $server_port;
uwsgi_param SERVER_NAME $server_name;

17
files/etc/nginx/conf/uwsgi_params.default Normal file
View file

@ -0,0 +1,17 @@
uwsgi_param QUERY_STRING $query_string;
uwsgi_param REQUEST_METHOD $request_method;
uwsgi_param CONTENT_TYPE $content_type;
uwsgi_param CONTENT_LENGTH $content_length;
uwsgi_param REQUEST_URI $request_uri;
uwsgi_param PATH_INFO $document_uri;
uwsgi_param DOCUMENT_ROOT $document_root;
uwsgi_param SERVER_PROTOCOL $server_protocol;
uwsgi_param REQUEST_SCHEME $scheme;
uwsgi_param HTTPS $https if_not_empty;
uwsgi_param REMOTE_ADDR $remote_addr;
uwsgi_param REMOTE_PORT $remote_port;
uwsgi_param SERVER_PORT $server_port;
uwsgi_param SERVER_NAME $server_name;

126
files/etc/nginx/conf/win-utf Normal file
View file

@ -0,0 +1,126 @@
# This map is not a full windows-1251 <> utf8 map: it does not
# contain Serbian and Macedonian letters. If you need a full map,
# use contrib/unicode2nginx/win-utf map instead.
charset_map windows-1251 utf-8 {
82 E2809A ; # single low-9 quotation mark
84 E2809E ; # double low-9 quotation mark
85 E280A6 ; # ellipsis
86 E280A0 ; # dagger
87 E280A1 ; # double dagger
88 E282AC ; # euro
89 E280B0 ; # per mille
91 E28098 ; # left single quotation mark
92 E28099 ; # right single quotation mark
93 E2809C ; # left double quotation mark
94 E2809D ; # right double quotation mark
95 E280A2 ; # bullet
96 E28093 ; # en dash
97 E28094 ; # em dash
99 E284A2 ; # trade mark sign
A0 C2A0 ; # &nbsp;
A1 D18E ; # capital Byelorussian short U
A2 D19E ; # small Byelorussian short u
A4 C2A4 ; # currency sign
A5 D290 ; # capital Ukrainian soft G
A6 C2A6 ; # borken bar
A7 C2A7 ; # section sign
A8 D081 ; # capital YO
A9 C2A9 ; # (C)
AA D084 ; # capital Ukrainian YE
AB C2AB ; # left-pointing double angle quotation mark
AC C2AC ; # not sign
AD C2AD ; # soft hypen
AE C2AE ; # (R)
AF D087 ; # capital Ukrainian YI
B0 C2B0 ; # &deg;
B1 C2B1 ; # plus-minus sign
B2 D086 ; # capital Ukrainian I
B3 D196 ; # small Ukrainian i
B4 D291 ; # small Ukrainian soft g
B5 C2B5 ; # micro sign
B6 C2B6 ; # pilcrow sign
B7 C2B7 ; # &middot;
B8 D191 ; # small yo
B9 E28496 ; # numero sign
BA D194 ; # small Ukrainian ye
BB C2BB ; # right-pointing double angle quotation mark
BF D197 ; # small Ukrainian yi
C0 D090 ; # capital A
C1 D091 ; # capital B
C2 D092 ; # capital V
C3 D093 ; # capital G
C4 D094 ; # capital D
C5 D095 ; # capital YE
C6 D096 ; # capital ZH
C7 D097 ; # capital Z
C8 D098 ; # capital I
C9 D099 ; # capital J
CA D09A ; # capital K
CB D09B ; # capital L
CC D09C ; # capital M
CD D09D ; # capital N
CE D09E ; # capital O
CF D09F ; # capital P
D0 D0A0 ; # capital R
D1 D0A1 ; # capital S
D2 D0A2 ; # capital T
D3 D0A3 ; # capital U
D4 D0A4 ; # capital F
D5 D0A5 ; # capital KH
D6 D0A6 ; # capital TS
D7 D0A7 ; # capital CH
D8 D0A8 ; # capital SH
D9 D0A9 ; # capital SHCH
DA D0AA ; # capital hard sign
DB D0AB ; # capital Y
DC D0AC ; # capital soft sign
DD D0AD ; # capital E
DE D0AE ; # capital YU
DF D0AF ; # capital YA
E0 D0B0 ; # small a
E1 D0B1 ; # small b
E2 D0B2 ; # small v
E3 D0B3 ; # small g
E4 D0B4 ; # small d
E5 D0B5 ; # small ye
E6 D0B6 ; # small zh
E7 D0B7 ; # small z
E8 D0B8 ; # small i
E9 D0B9 ; # small j
EA D0BA ; # small k
EB D0BB ; # small l
EC D0BC ; # small m
ED D0BD ; # small n
EE D0BE ; # small o
EF D0BF ; # small p
F0 D180 ; # small r
F1 D181 ; # small s
F2 D182 ; # small t
F3 D183 ; # small u
F4 D184 ; # small f
F5 D185 ; # small kh
F6 D186 ; # small ts
F7 D187 ; # small ch
F8 D188 ; # small sh
F9 D189 ; # small shch
FA D18A ; # small hard sign
FB D18B ; # small y
FC D18C ; # small soft sign
FD D18D ; # small e
FE D18E ; # small yu
FF D18F ; # small ya
}

21
files/etc/nginx/html/50x.html Normal file
View file

@ -0,0 +1,21 @@
<!DOCTYPE html>
<html>
<head>
<title>Error</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>An error occurred.</h1>
<p>Sorry, the page you are looking for is currently unavailable.<br/>
Please try again later.</p>
<p>If you are the system administrator of this resource then you should check
the error log for details.</p>
<p><em>Faithfully yours, nginx.</em></p>
</body>
</html>

25
files/etc/nginx/html/index.html Normal file
View file

@ -0,0 +1,25 @@
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>

28
files/etc/nginx/sites-available/default Normal file
View file

@ -0,0 +1,28 @@
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
server_name _ default;
access_log off;
error_log off;
location /.well-known/acme-challenge {
root /var/www/letsencrypt/;
allow all;
}
}
server {
listen 127.0.0.1:8080;
listen [::1]:8080;
stub_status on;
location /stub_status {
stub_status;
}
}

1
files/etc/nginx/sites-enabled/default Symbolic link
View file

@ -0,0 +1 @@
../sites-available/default

29
files/etc/systemd/system/nginx.service Normal file
View file

@ -0,0 +1,29 @@
# Stop dance for nginx
# =======================
#
# ExecStop sends SIGSTOP (graceful stop) to the nginx process.
# If, after 5s (--retry QUIT/5) nginx is still running, systemd takes control
# and sends SIGTERM (fast shutdown) to the main process.
# After another 5s (TimeoutStopSec=5), and if nginx is alive, systemd sends
# SIGKILL to all the remaining processes in the process group (KillMode=mixed).
#
# nginx signals reference doc:
# http://nginx.org/en/docs/control.html
#
[Unit]
Description=A high performance web server and a reverse proxy server
Documentation=man:nginx(8)
After=network.target nss-lookup.target
[Service]
Type=forking
PIDFile=/run/nginx.pid
ExecStartPre=/usr/sbin/nginx -t -c /etc/nginx/conf/nginx.conf -q -g 'daemon on; master_process on;'
ExecStart=/usr/sbin/nginx -c /etc/nginx/conf/nginx.conf -g 'daemon on; master_process on;'
ExecReload=/usr/sbin/nginx -c /etc/nginx/conf/nginx.conf -g 'daemon on; master_process on;' -s reload
ExecStop=-/sbin/start-stop-daemon --quiet --stop --retry QUIT/5 --pidfile /run/nginx.pid
TimeoutStopSec=5
KillMode=mixed
[Install]
WantedBy=multi-user.target

1181
files/html/errors/502.html Normal file
View file

File diff suppressed because it is too large Load diff

1181
files/html/errors/503.html Normal file
View file

File diff suppressed because it is too large Load diff

1182
files/html/index.html Normal file
View file

File diff suppressed because it is too large Load diff

52
tasks/configure-vhost.yml Normal file
View file

@ -0,0 +1,52 @@
---
- name: Ensure nginx is started
service:
name: nginx
state: started
enabled: true
ignore_errors: true
register: nginx_started
- name: Nginx started failed | Delete file for repair nginx
file:
state: absent
path: "/etc/nginx/sites-enabled/"
when: nginx_started is failed
- name: Nginx started failed | recreate folder for repair nginx
file:
state: directory
path: "/etc/nginx/sites-enabled/"
when: nginx_started is failed
- name: Nginx started failed | create default link for repair nginx
file:
src: "/etc/nginx/sites-available/default"
dest: "/etc/nginx/sites-enabled/default"
state: link
when: nginx_started is failed
- name: Nginx started failed | Restart Nginx
service:
name: nginx
state: started
when: nginx_started is failed
- name: "Create certificate for {{ item.name }}"
shell: "certbot certonly --non-interactive --webroot --email {{ letsencrypt_email }} --agree-tos --webroot-path=/var/www/letsencrypt -d {{ item.name }} --rsa-key-size 4096;"
when:
- item.ssl
- item.useLetsencrypt
- item.state = "present"
loop: nginx_vhost
- name: "Add Vhost {{ item.name }}"
template:
src: "vhost/{{ item.template }}.j2"
dest: "/etc/nginx/sites-available/{{ item.name }}"
notify:
- reload nginx
when:
- item.state = "present"
loop: nginx_vhost

39
tasks/install-Debian-letsencrypt.yml Normal file
View file

@ -0,0 +1,39 @@
---
- name: Install Nginx and dependencies
apt:
pkg: "{{item}}"
state: latest
update_cache: yes
with_items:
- certbot
- name: Get let's encrypt cert
command: "curl https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem https://letsencrypt.org/certs/lets-encrypt-x4-cross-signed.pem -o /etc/nginx/ssl/private/letsencrypt-certs.pem"
- name: Creates a cron file under /etc/cron.d
cron:
name: cerbot-renew
weekday: 1
minute: 30
hour: 2
user: root
job: "certbot renew >> /var/log/le-renew.log && curl -fsS --retry 3 --resolve cron.drycat.fr:443:10.10.10.1 https://cron.drycat.fr/ping/{{ nginx_certs_renew_cron }} > /dev/null"
- name: Creates a cron file under /etc/cron.d
cron:
name: Reload server
weekday: 1
minute: 50
hour: 2
user: root
job: "/bin/systemctl reload nginx && curl -fsS --retry 3 --resolve cron.drycat.fr:443:10.10.10.1 https://cron.drycat.fr/ping/{{ nginx_le_reload }} > /dev/null"
- name: "Add Dryusdan's configuration"
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: root
group: root
mode: '0640'
loop:
- { 'src': 'etc/nginx/conf.d/ssl_letsencrypt.conf', 'dest':'/etc/nginx/conf.d/ssl_letsencrypt.conf' }

16
tasks/install-Debian-prometheus.yml Normal file
View file

@ -0,0 +1,16 @@
---
- name: Install Prometheus-nginx-exporter on Debian 10
apt:
pkg: "{{item}}"
state: latest
update_cache: yes
with_items:
- prometheus-nginx-exporter
- libnginx-mod-rtmp
when: ansible_distribution == 'Debian' and ansible_distribution_version == '10'
- name: import discovery file to server
template:
src: sd_file.yml.j2
dest: "{{ prometheus_sd_directory }}/nginx_{{ ansible_nodename }}.yml"
delegate_to: "{{ prometheus_server }}"

138
tasks/install-Debian.yml Normal file
View file

@ -0,0 +1,138 @@
---
- name: Nginx already installed ?
shell: dpkg-query -W 'nginx-full'
ignore_errors: true
register: nginx
- name: update apt-cache
apt: update_cache=yes
when: nginx is failed
- name: Update repositories cache and install package
apt: pkg=apt-transport-https state=latest update_cache=yes
- name: Install Nginx and dependencies
apt:
pkg: "{{item}}"
state: latest
update_cache: yes
with_items:
- nginx-full
- libnginx-mod-http-headers-more-filter
- libnginx-mod-http-cache-purge
- libnginx-mod-http-uploadprogress
- libnginx-mod-stream
- python
- python-dev
- gcc
- dialog
- libaugeas0
- augeas-lenses
- libssl-dev
- libffi-dev
- ca-certificates
- python-pip
- python-virtualenv
- git
- libpython-dev
- zlib1g-dev
- name: Creates directory
file:
path: /etc/nginx/ssl/private
state: directory
when: nginx is failed
- name: Generate dhparam 4096
openssl_dhparam:
path: /etc/nginx/ssl/private/dhparam.pem
size: 4096
when: nginx is failed
- name: Create folder
file:
path: "{{ item }}"
state: directory
loop:
- /var/www/letsencrypt
- /var/log/archive-nginx
- /etc/nginx/conf
- /etc/nginx/html
- /etc/nginx/ssl
- /etc/nginx/modules-available
- /etc/nginx/modules-enabled
- /etc/nginx/ssl/private/
- /var/www/html/
- /var/www/html/errors
- name: Remove official default configuration
file:
path: "{{ item }}"
state: absent
loop:
- /etc/logrotate.d/nginx
- /etc/nginx/sites-available/default
- /etc/nginx/fastcgi.conf
- /etc/nginx/koi-utf
- /etc/nginx/koi-win
- /etc/nginx/mime.types
- /etc/nginx/nginx.conf
- /etc/nginx/proxy_params
- /etc/nginx/scgi_params
- /etc/nginx/snippets
- /etc/nginx/uwsgi_params
- /etc/nginx/win-utf
- name: "Add Dryusdan's configuration"
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: root
group: root
mode: '0640'
loop:
- { 'src': 'etc/logrotate.d/nginx', 'dest':'/etc/logrotate.d/nginx' }
- { 'src': 'etc/systemd/system/nginx.service', 'dest':'/etc/systemd/system/nginx.service' }
- { 'src': 'etc/nginx/sites-enabled/default', 'dest': '/etc/nginx/sites-enabled/default' }
- { 'src': 'etc/nginx/html/index.html', 'dest': '/etc/nginx/html/index.html' }
- { 'src': 'etc/nginx/html/50x.html', 'dest': '/etc/nginx/html/50x.html' }
- { 'src': 'etc/nginx/conf.d/blacklist', 'dest': '/etc/nginx/conf.d/blacklist' }
- { 'src': 'etc/nginx/conf.d/headers.conf', 'dest': '/etc/nginx/conf.d/headers.conf' }
- { 'src': 'etc/nginx/conf.d/hsts.conf', 'dest': '/etc/nginx/conf.d/hsts.conf' }
- { 'src': 'etc/nginx/conf.d/ocsp.conf', 'dest': '/etc/nginx/conf.d/ocsp.conf' }
- { 'src': 'etc/nginx/conf.d/proxy.conf', 'dest': '/etc/nginx/conf.d/proxy.conf' }
- { 'src': 'etc/nginx/conf.d/ssl.conf', 'dest': '/etc/nginx/conf.d/ssl.conf' }
- { 'src': 'etc/nginx/conf/fastcgi.conf', 'dest': '/etc/nginx/conf/fastcgi.conf' }
- { 'src': 'etc/nginx/conf/fastcgi_params', 'dest': '/etc/nginx/conf/fastcgi_params' }
- { 'src': 'etc/nginx/conf/koi-utf', 'dest': '/etc/nginx/conf/koi-utf' }
- { 'src': 'etc/nginx/conf/koi-win', 'dest': '/etc/nginx/conf/koi-win' }
- { 'src': 'etc/nginx/conf/mime.types', 'dest': '/etc/nginx/conf/mime.types' }
- { 'src': 'etc/nginx/conf/scgi_params', 'dest': '/etc/nginx/conf/scgi_params' }
- { 'src': 'etc/nginx/conf/uwsgi_params', 'dest': '/etc/nginx/conf/uwsgi_params' }
- { 'src': 'etc/nginx/conf/win-utf', 'dest': '/etc/nginx/conf/win-utf' }
- { 'src': 'html/index.html', 'dest': '/var/www/html/index.html' }
- name: Add Nginx.conf
template:
src: nginx.conf.j2
dest: /etc/nginx/conf/nginx.conf
mode: 0644
owner: root
group: root
- name: "Add errors html file"
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: www-data
group: www-data
mode: '0640'
loop:
- { 'src': 'html/errors/502.html', 'dest': '/var/www/html/errors/502.html' }
- { 'src': 'html/errors/503.html', 'dest': '/var/www/html/errors/503.html' }
- name: reload systemd
systemd:
daemon_reload: yes

30
tasks/main.yml Normal file
View file

@ -0,0 +1,30 @@
---
- include_tasks: install-Debian.yml
when: ansible_os_family == 'Debian'
tags:
- install
- reconfigure
- include_tasks: install-Debian-letsencrypt.yml
when: ansible_os_family == 'Debian'
tags:
- letsencrypt
- include_tasks: install-Debian-prometheus.yml
when: ansible_os_family == 'Debian'
tags:
- prometheus
- include_tasks: configure-vhost.yml
tags:
- vhost
- include_tasks: remove-vhost.yml
tags:
- resign
- include_tasks: uninstall-nginx-Debian.yml
when: ansible_os_family == 'Debian'
tags:
- uninstall

25
tasks/remove-vhost.yml Normal file
View file

@ -0,0 +1,25 @@
---
- name: "Remove symlink {{ item.name }}"
file:
state: absent
path: "/etc/nginx/sites-enabled/{{ item.name }}"
when:
- item.state = "absent"
loop: nginx_vhost
- name: "Remove website conf {{ item.name }}"
file:
state: absent
path: "/etc/nginx/sites-available/{{ item.name }}"
when:
- item.state = "absent"
loop: nginx_vhost
- name: "Revoke Let's Encrypt cert for {{ item.name }}"
shell: "certbot revoke --delete-after-revoke --cert-path /etc/letsencrypt/live/{{ item.name }}/cert.pem"
when:
- item.ssl == "On"
- item.useLetsencrypt == "yes"
- item.state = "absent"
loop: nginx_vhost

35
tasks/uninstall-nginx-Debian.yml Normal file
View file

@ -0,0 +1,35 @@
---
- name: "Remove Nginx"
apt:
pkg: "{{item}}"
state: latest
update_cache: yes
with_items:
- nginx-full
- libnginx-mod-http-headers-more-filter
- libnginx-mod-http-cache-purge
- libnginx-mod-http-uploadprogress
- libnginx-mod-stream
- python
- python-dev
- gcc
- dialog
- libaugeas0
- augeas-lenses
- libssl-dev
- libffi-dev
- ca-certificates
- python-pip
- python-virtualenv
- git
- libpython-dev
- zlib1g-dev
- name: "Remove directory"
file:
state: directory
path: "{{ item }}"
with_items:
- "/etc/nginx"
- "/var/cache/nginx"
- "/var/log/nginx"

124
templates/nginx.conf.j2 Normal file
View file

@ -0,0 +1,124 @@
user www-data;
worker_processes 4;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
worker_rlimit_nofile 8704;
events {
worker_connections 8192;
multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_disable msie6;
keepalive_requests 100;
keepalive_timeout 65;
types_hash_max_size 2048;
server_tokens off;
#server_names_hash_max_size 2048;
proxy_headers_hash_max_size 2048;
proxy_max_temp_file_size {{ nginx_proxy_map_temp_file_size | default("2048m")}};
proxy_headers_hash_bucket_size 256;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/conf/mime.types;
default_type application/octet-stream;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
#more_set_headers 'Server: secret';
aio threads;
aio_write on;
limit_conn_zone $binary_remote_addr zone=limit_per_ip:10m;
limit_conn limit_per_ip 128;
limit_req_zone $binary_remote_addr zone=allips:10m rate=150r/s;
limit_req zone=allips burst=150 nodelay;
gzip on;
gzip_comp_level 6;
gzip_min_length 512;
gzip_buffers 4 8k;
gzip_proxied any;
gzip_vary on;
gzip_disable "msie6";
gzip_types
text/css
text/javascript
text/xml
text/plain
text/x-component
application/javascript
application/x-javascript
application/json
application/xml
application/rss+xml
application/vnd.ms-fontobject
font/truetype
font/opentype
image/svg+xml;
# brotli on;
# brotli_static on;
# brotli_buffers 16 8k;
# brotli_comp_level 6;
# brotli_types
# text/css
# text/javascript
# text/xml
# text/plain
# text/x-component
# application/javascript
# application/x-javascript
# application/json
# application/xml
# application/rss+xml
# application/vnd.ms-fontobject
# font/truetype
# font/opentype
# image/svg+xml;
##
# Virtual Host Configs
##
#include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}

2
templates/sd_file.yml.j2 Normal file
View file

@ -0,0 +1,2 @@
- targets:
- "{{ ansible_nodename }}:{{ prometheus_exporter_listen_port }}"

16
templates/vhosts/partials/header.j2 Normal file
View file

@ -0,0 +1,16 @@
listen {{ item.listen }} {% if item.ssl is defined and item.ssl = true %} ssl http2 {%endif%};
{%if item.ipv6 is defined and item.ipv6 = true %}
listen [::]:{{ item.listen }} {% if item.ssl is defined and item.ssl = true %} ssl http2 {%endif%};
{%endif %}
server_name {{ item.key }};
client_max_body_size {{ client_max_body_size|default('2M') }}
{% if item.include_conf is defined %}
{% for conf in item.include_conf %}
include /etc/nginx/conf.d/{{ conf }};
{% endfor %}
{% endif %}

6
templates/vhosts/partials/letsencrypt-webroot.j2 Normal file
View file

@ -0,0 +1,6 @@
{%if item.letsencrypt is defined and item.letsencrypt = true %}
location /.well-known/acme-challenge {
root /var/www/letsencrypt/;
allow all;
}
{% endif %}

9
templates/vhosts/partials/logoff-favicon-robots.txt.j2 Normal file
View file

@ -0,0 +1,9 @@
location = /robots.txt {
allow all;
log_not_found off;
access_log /dev/null;
}
location = /favicon.ico {
log_not_found off;
access_log /dev/null;
}

6
templates/vhosts/partials/map.j2 Normal file
View file

@ -0,0 +1,6 @@
{% if item.map is defined %}
map {{ item.map.string }} {{ item.map.variable }} {
{{ item.map.parameters|ident(4) }}
}
{% endif %}

25
templates/vhosts/partials/ssl.j2 Normal file
View file

@ -0,0 +1,25 @@
{% if item.ssl is defined and item.ssl = true %}
{% if item.letsencrypt is defined and item.letsencrypt = true %}
ssl_certificate /etc/letsencrypt/live/{{ item.server_name }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ item.server_name/privkey.pem;
{% else %}
ssl_certificate {{ item.ssl_certificate }};
ssl_certificate_key {{ item.ssl_certificate_key }};
{% endif %}
{% if item.letsencrypt is defined and item.letsencrypt = true %}
include /etc/nginx/conf.d/ssl_letsencrypt.conf;
{% endif %}
include /etc/nginx/conf.d/ssl.conf;
include /etc/nginx/conf.d/hsts.conf;
include /etc/nginx/conf.d/ocsp.conf;
{% endif %}

7
templates/vhosts/partials/upstream.j2 Normal file
View file

@ -0,0 +1,7 @@
{% if item.upstream is defined %}
upstream {{ item.upstream.name }} {
{% for server in item.upstream.server %}
server {{ server }}
{% endfor %}
}
{% endif %}

46
templates/vhosts/php.j2 Normal file
View file

@ -0,0 +1,46 @@
{% include 'partials/map.j2' %}
{% include 'partials/upstream.j2' %}
server {
{% include 'partials/header.j2' %}
root {{ item.root|default('/var/www/html');
index {{ item.index|default('index.html index.htm')}};
access_log /var/log/nginx/{{ item.server_name }}.access.log buffer=20m flush=5m;
error_log /var/log/nginx/{{ item.server_name }}.error.log warn;
{% include 'partials/ssl.j2' %}
{% if item.extra_parameters is defined %}
{{ item.extra_parameters|indent(4) }}
{% endif %}
{% if item.cache is defined and item.cache = true %}
open_file_cache max=2000 inactive=5m;
open_file_cache_valid 2m;
open_file_cache_min_uses 2;
open_file_cache_errors on;
{% endif %}
{% include 'partials/letsencrypt-webroot.j2' %}
{% include 'partials/logoff-favicon-robots.txt.j2' %}
{% if item.location is defined %}
{{ item.location|indent(4) }}
{% endif %}
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/run/php/{{ item.key }}.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
{%if item.fastcgi_param is defined %}
{%for param in item.fastcgi_param %}
fastcgi_param {{ param.name }} {{ param.value }};
{%endfor %}
{%endif%}
include fastcgi_params;
}
}

35
templates/vhosts/proxy.j2 Normal file
View file

@ -0,0 +1,35 @@
{% include 'partials/map.j2' %}
{% include 'partials/upstream.j2' %}
server {
{% include 'partials/header.j2' %}
access_log /var/log/nginx/{{ item.server_name }}.access.log;
error_log /var/log/nginx/{{ item.server_name }}.error.log;
include /etc/nginx/conf.d/proxy.conf;
{% if item.extra_parameters is defined %}
{{ item.extra_parameters|indent(4) }}
{% endif %}
{% include 'partials/letsencrypt-webroot.j2' %}
{% include 'partials/logoff-favicon-robots.txt.j2' %}
location /errors/ {
alias /var/www/html/errors/;
internal;
}
location / {
proxy_pass {{ item.proxy }};
}
{% if item.location is defined %}
{{ item.location|indent(4) }}
{% endif %}
{% if item.extra_parameters is defined %}
{{ item.extra_parameters|indent(4) }}
{% endif %}
}

16
templates/vhosts/redirect.j2 Normal file
View file

@ -0,0 +1,16 @@
{% include 'partials/map.j2' %}
{% include 'partials/upstream.j2' %}
server {
{% include 'partials/header.j2' %}
access_log /dev/null;
error_log /dev/null;
{% include 'partials/letsencrypt-webroot.j2' %}
location / {
return {{ item.return_code|default('301') }} {{ item.return }};
}
{% if item.extra_parameters is defined %}
{{ item.extra_parameters|indent(4) }}
{% endif %}
}