From b824ba53ca29c1e282804b7612542446d61f154f Mon Sep 17 00:00:00 2001 From: Paul Lecuq Date: Wed, 2 Sep 2020 21:22:52 +0200 Subject: [PATCH] updated nginx state --- states/nginx/defaults.yaml | 1 + states/nginx/templates/types/dokuwiki.j2 | 22 ++++----- states/nginx/templates/types/nextcloud.j2 | 56 +++++++++++------------ states/nginx/templates/types/rainloop.j2 | 30 ++++++++++++ 4 files changed, 70 insertions(+), 39 deletions(-) create mode 100644 states/nginx/templates/types/rainloop.j2 diff --git a/states/nginx/defaults.yaml b/states/nginx/defaults.yaml index 37bd596..a85f750 100644 --- a/states/nginx/defaults.yaml +++ b/states/nginx/defaults.yaml @@ -8,6 +8,7 @@ nginx: dir: /etc/nginx user: www-data group: www-data + php_socket_file: /var/run/php/php7.3-fpm.sock subdirs: - auth - modules-available diff --git a/states/nginx/templates/types/dokuwiki.j2 b/states/nginx/templates/types/dokuwiki.j2 index f6073c5..2407b82 100644 --- a/states/nginx/templates/types/dokuwiki.j2 +++ b/states/nginx/templates/types/dokuwiki.j2 @@ -1,20 +1,20 @@ ## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }} server { - include http; - server_name {{ vhost_name }}; - return 301 https://$server_name$request_uri; + include http; + server_name {{ vhost_name }}; + return 301 https://$server_name$request_uri; } server { - include https; + include https; server_name {{ vhost_name }}; root {{ root_dir }}; - index index.php index.html; + index index.php index.html; location ~ /(conf|bin|inc)/ { - deny all; + deny all; } location ~ /data/ { @@ -22,9 +22,9 @@ server { } location ~ \.php?$ { - include fastcgi_params; - fastcgi_pass unix:/var/run/php/php7.3-fpm.sock; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name; + include fastcgi_params; + fastcgi_pass unix:{{ nginx.config.php_socket_file }}; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name; } -} \ No newline at end of file +} diff --git a/states/nginx/templates/types/nextcloud.j2 b/states/nginx/templates/types/nextcloud.j2 index ca74492..d178611 100644 --- a/states/nginx/templates/types/nextcloud.j2 +++ b/states/nginx/templates/types/nextcloud.j2 @@ -1,51 +1,51 @@ ## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }} server { - include http; - server_name {{ vhost_name }}; - return 301 https://$server_name$request_uri; + include http; + server_name {{ vhost_name }}; + return 301 https://$server_name$request_uri; } server { - include https; + include https; server_name {{ vhost_name }}; root {{ root_dir }}; - index index.php; - error_page 403 /core/templates/403.php; - error_page 404 /core/templates/404.php; - rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect; - rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect; - rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect; - client_max_body_size 4G; - fastcgi_buffers 64 4K; - add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; + index index.php; + error_page 403 /core/templates/403.php; + error_page 404 /core/templates/404.php; + rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect; + rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect; + rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect; + client_max_body_size 4G; + fastcgi_buffers 64 4K; + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; location / { - rewrite ^/.well-known/host-meta /public.php?service=host-meta last; - rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; - rewrite ^/.well-known/carddav /remote.php/carddav/ redirect; - rewrite ^/.well-known/caldav /remote.php/caldav/ redirect; - rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; - try_files $uri $uri/ index.php; + rewrite ^/.well-known/host-meta /public.php?service=host-meta last; + rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; + rewrite ^/.well-known/carddav /remote.php/carddav/ redirect; + rewrite ^/.well-known/caldav /remote.php/caldav/ redirect; + rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; + try_files $uri $uri/ index.php; } location = /robots.txt { - allow all; - log_not_found off; - access_log off; + allow all; + log_not_found off; + access_log off; } location ~ ^/(data|config|\.ht|db_structure\.xml|README) { - deny all; + deny all; } location ~ ^(.+?\.php)(/.*)?$ { - include fastcgi_params; - fastcgi_pass unix:/var/run/php/php7.3-fpm.sock; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name; + include fastcgi_params; + fastcgi_pass unix:{{ nginx.config.php_socket_file }}; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name; fastcgi_split_path_info ^(.+\.php)(/.+)$; - try_files $1 =404; + try_files $1 =404; } } diff --git a/states/nginx/templates/types/rainloop.j2 b/states/nginx/templates/types/rainloop.j2 new file mode 100644 index 0000000..177c294 --- /dev/null +++ b/states/nginx/templates/types/rainloop.j2 @@ -0,0 +1,30 @@ +## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }} + +server { + include http; + server_name {{ vhost_name }}; + return 301 https://$server_name$request_uri; +} + +server { + include https; + server_name {{ vhost_name }}; + root {{ root_dir }}; + + index index.php index.html; + + location ~ /(conf|bin|inc)/ { + deny all; + } + + location ~ /data/ { + internal; + } + + location ~ \.php?$ { + include fastcgi_params; + fastcgi_pass unix:{{ nginx.config.php_socket_file }}; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name; + } +}