Last active
August 16, 2022 16:32
-
-
Save Traineratwot/e7ec49ec6aeb9e59f3af13d5d6092f1f to your computer and use it in GitHub Desktop.
Шаблон конфига NGIXN для fastpanel под CMS modx и аналогичные
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{{ if .VirtualHost.Settings -}} | |
{{- if .VirtualHost.Settings.ReqLimit -}} | |
limit_req_zone $binary_remote_addr zone={{ .VirtualHost.Domain }}:{{.VirtualHost.Settings.ZoneSize }}k rate={{ .VirtualHost.Settings.ReqLimitValue }}r/{{ .VirtualHost.Settings.RateString }}; | |
{{- end -}} | |
{{- end }} | |
server { | |
{{- if ne .VirtualHost.MainDomain.String "" }} | |
server_name {{ .VirtualHost.MainDomain.String }}; | |
{{- else }} | |
server_name {{ .VirtualHost.Domain }} {{ .VirtualHost.JoinAliases " " }} {{ if .VirtualHost.Autosubdomains -}} *.{{ .VirtualHost.Domain }}{{ end -}}; | |
{{- end }} | |
{{- if not .VirtualHost.HttpsRedirect }} | |
{{- range .VirtualHost.Ips }} | |
{{- if .IsV6 }} | |
listen [{{ .Value }}]:80; | |
{{- else }} | |
listen {{ .Value }}:80; | |
{{- end }} | |
{{- end }} | |
{{- end }} | |
{{- if .VirtualHost.Certificate }} | |
{{- if ne .VirtualHost.Certificate.Type "request" }} | |
{{- range .VirtualHost.Ips }} | |
{{- if .IsV6 }} | |
listen [{{ .Value }}]:443 ssl {{ if $.VirtualHost.Http2 }} http2 {{ end }}; | |
{{- else }} | |
listen {{ .Value }}:443 ssl {{ if $.VirtualHost.Http2 }} http2 {{ end }}; | |
{{- end -}} | |
{{- end }} | |
ssl_certificate "/var/www/httpd-cert/{{ .VirtualHost.Certificate.Name }}.crt"; | |
ssl_certificate_key "/var/www/httpd-cert/{{ .VirtualHost.Certificate.Name }}.key"; | |
{{- if .VirtualHost.Hsts }} | |
add_header Strict-Transport-Security "max-age=31536000" always; | |
{{- end }} | |
{{- end }} | |
{{- end }} | |
charset {{ .VirtualHost.Charset | ToLower }}; | |
{{ if .VirtualHost.HttpAuth }} | |
auth_basic "closed site"; | |
auth_basic_user_file {{ .VirtualHost.IndexDir }}/.httpauth; | |
{{- end }} | |
{{- if .VirtualHost.Gzip }} | |
gzip on; | |
gzip_proxied expired no-cache no-store private auth; | |
gzip_types text/css text/xml application/javascript text/plain application/json image/svg+xml image/x-icon; | |
{{- if ne .VirtualHost.GzipCompLevel 0 }} | |
gzip_comp_level {{ .VirtualHost.GzipCompLevel }}; | |
{{ end -}} | |
{{ end -}} | |
{{ if .VirtualHost.Autosubdomains }} | |
set $subdomain ""; | |
if ($host ~* ^([a-z0-9-\.]+)\.{{ .VirtualHost.Domain }}) { | |
set $subdomain $1; | |
} | |
if ($host ~* ^www.{{ .VirtualHost.Domain }}) { | |
set $subdomain ""; | |
} | |
{{ if ne .VirtualHost.SubDirectory "" }} | |
set $root_path {{ .VirtualHost.IndexDir }}/{{ .VirtualHost.SubDirectory }}/$subdomain; | |
{{ else }} | |
set $root_path {{ .VirtualHost.IndexDir }}/$subdomain; | |
{{ end }} | |
{{ else -}} | |
{{ if ne .VirtualHost.SubDirectory "" -}} | |
set $root_path {{ .VirtualHost.IndexDir }}/{{ .VirtualHost.SubDirectory }}; | |
{{ else }} | |
set $root_path {{ .VirtualHost.IndexDir }}; | |
{{- end -}} | |
{{- end }} | |
root $root_path; | |
disable_symlinks if_not_owner from=$root_path; | |
# правильная обработка ошибок с использовнием страниц фреймворка | |
error_page 403 = @core; | |
error_page 404 = @core; | |
location / { | |
{{- if .VirtualHost.Settings }} | |
{{- if .VirtualHost.Settings.ReqLimit }} | |
limit_req zone={{ .VirtualHost.Domain }} {{ if .VirtualHost.Settings.BurstFlag -}}burst={{ .VirtualHost.Settings.Burst }} {{ if .VirtualHost.Settings.NoDelay -}}nodelay{{ end -}}{{ end }}; | |
{{- end }} | |
{{- end }} | |
index {{ .VirtualHost.IndexPage }}; | |
# Безопастно разрешаем Яндекс вебвизор | |
set $frame_options 'DENY'; | |
if ($http_referer !~ '^https?:\/\/([^\/]+\.)?({{ .VirtualHost.Domain }}|webvisor\.com|metri[ck]a\.yandex\.(com|ru|by|com\.tr))\/'){ | |
set $frame_options 'SAMEORIGIN'; | |
} | |
add_header X-Frame-Options $frame_options; | |
# точка входа в приложение | |
try_files $uri $uri/ @core; | |
} | |
# защита MODX | |
location ~ ^/(\.(?!well_known)|_build|_gitify|_backup|core|config.core.php) { | |
return 404; | |
} | |
# защита composer | |
location /vendor { | |
return 404; | |
} | |
# защита ядра | |
location /core { | |
return 404; | |
} | |
# защита файлов окружения | |
location /\.env.* { | |
return 404; | |
} | |
# Главные блок переадресации на index.php | |
location @core { | |
rewrite ^/(.*)$ /index.php?q=$1&$args last; | |
} | |
location ~ \.php$ { | |
try_files $uri =404; | |
{{- if .VirtualHost.Settings }} | |
{{- if .VirtualHost.Settings.ReqLimit }} | |
limit_req zone={{ .VirtualHost.Domain }} {{ if .VirtualHost.Settings.BurstFlag -}}burst={{ .VirtualHost.Settings.Burst }} {{ if .VirtualHost.Settings.NoDelay -}}nodelay{{ end -}}{{ end }}; | |
{{- end }} | |
{{- end }} | |
include /etc/nginx/fastcgi_params; | |
fastcgi_pass unix:/var/run/{{ .VirtualHost.Domain }}.sock; | |
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; | |
fastcgi_param DOCUMENT_ROOT $realpath_root; | |
} | |
{{ if .VirtualHost.StaticFileHandler }} | |
{{- if eq .VirtualHost.StaticExtension "" }} | |
location ~* ^.+\.(jpg|jpeg|gif|png|svg|js|css|mp3|ogg|mpe?g|avi|zip|gz|bz2?|rar|swf|ico|7z|doc|docx|map|ogg|otf|pdf|tff|tif|txt|wav|webp|woff|woff2|xls|xlsx|xml)$ { | |
{{- else }} | |
location ~* ^.+\.({{ .VirtualHost.StaticExtensionNginxFormat }})$ { | |
{{- end }} | |
# правильная обработка файлов при ошибке 404 | |
try_files $uri $uri/ @core; | |
{{- if ne .VirtualHost.Expired 0 }} | |
expires {{ .VirtualHost.Expired }}d; | |
{{- end }} | |
} | |
{{- end }} | |
location @fallback { | |
fastcgi_pass unix:/var/run/{{ .VirtualHost.Domain }}.sock; | |
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | |
include /etc/nginx/fastcgi_params; | |
} | |
include "/etc/nginx/fastpanel2-sites/{{ .VirtualHost.Owner.Username }}/{{ .VirtualHost.Domain }}.includes"; | |
include /etc/nginx/fastpanel2-includes/*.conf; | |
{{ if .VirtualHost.LogsSettings.ErrorLog }} | |
error_log {{ .VirtualHost.Owner.HomeDir }}/logs/{{ .VirtualHost.Domain }}-frontend.error.log; | |
{{- else }} | |
error_log /dev/null crit; | |
{{- end }} | |
{{- if .VirtualHost.LogsSettings.AccessLog }} | |
access_log {{ .VirtualHost.Owner.HomeDir }}/logs/{{ .VirtualHost.Domain }}-frontend.access.log; | |
{{- else }} | |
access_log off; | |
{{- end }} | |
} | |
{{ if .VirtualHost.HttpsRedirect }} | |
server { | |
{{- if ne .VirtualHost.MainDomain.String "" }} | |
server_name {{ .VirtualHost.MainDomain.String }}; | |
{{ else }} | |
server_name {{ .VirtualHost.Domain }} {{ .VirtualHost.JoinAliases " " }} {{ if .VirtualHost.Autosubdomains -}} *.{{ .VirtualHost.Domain }}{{ end -}}; | |
{{- end }} | |
{{- range .VirtualHost.Ips -}} | |
{{ if .IsV6 }} | |
listen [{{ .Value }}]:80; | |
{{ else }} | |
listen {{ .Value }}:80; | |
{{- end }} | |
{{- end }} | |
return 301 https://$host$request_uri; | |
{{ if .VirtualHost.LogsSettings.ErrorLog }} | |
error_log {{ .VirtualHost.Owner.HomeDir }}/logs/{{ .VirtualHost.Domain }}-frontend.error.log; | |
{{- else }} | |
error_log /dev/null crit; | |
{{- end }} | |
{{- if .VirtualHost.LogsSettings.AccessLog }} | |
access_log {{ .VirtualHost.Owner.HomeDir }}/logs/{{ .VirtualHost.Domain }}-frontend.access.log; | |
{{- else }} | |
access_log off; | |
{{- end }} | |
} | |
{{ end -}} | |
{{ if ne .VirtualHost.MainDomain.String "" }} | |
{{ if .VirtualHost.Aliases }} | |
server { | |
server_name {{ .VirtualHost.JoinRedirectServerNames " " }} {{ if .VirtualHost.Autosubdomains -}} *.{{ .VirtualHost.Domain }}{{ end -}}; | |
{{- range .VirtualHost.Ips -}} | |
{{ if .IsV6 }} | |
listen [{{ .Value }}]:80; | |
{{ else }} | |
listen {{ .Value }}:80; | |
{{- end -}} | |
{{- end }} | |
{{- if .VirtualHost.Certificate }} | |
{{- if .VirtualHost.Certificate.Enabled }} | |
{{- if ne .VirtualHost.Certificate.Type "request" }} | |
{{- range .VirtualHost.Ips -}} | |
{{- if .IsV6 }} | |
listen [{{ .Value }}]:443 ssl {{ if $.VirtualHost.Http2 -}} http2 {{ end -}}; | |
{{- else }} | |
listen {{ .Value }}:443 ssl {{ if $.VirtualHost.Http2 -}} http2 {{ end -}}; | |
{{- end }} | |
{{ end }} | |
ssl_certificate "/var/www/httpd-cert/{{ .VirtualHost.Certificate.Name }}.crt"; | |
ssl_certificate_key "/var/www/httpd-cert/{{ .VirtualHost.Certificate.Name }}.key"; | |
{{ if .VirtualHost.Hsts }} | |
add_header Strict-Transport-Security "max-age=31536000" always; | |
{{- end -}} | |
{{- end -}} | |
{{- end -}} | |
{{- end }} | |
return 301 $scheme://{{ .VirtualHost.MainDomain.String }}$request_uri; | |
{{ if .VirtualHost.LogsSettings.ErrorLog }} | |
error_log {{ .VirtualHost.Owner.HomeDir }}/logs/{{ .VirtualHost.Domain }}-frontend.error.log; | |
{{- else }} | |
error_log /dev/null crit; | |
{{- end }} | |
{{- if .VirtualHost.LogsSettings.AccessLog }} | |
access_log {{ .VirtualHost.Owner.HomeDir }}/logs/{{ .VirtualHost.Domain }}-frontend.access.log; | |
{{- else }} | |
access_log off; | |
{{- end }} | |
} | |
{{ end -}} | |
{{ end -}} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment