blieberman/icingaweb2.conf.j2

## icingaweb2.conf.j2
server {
    listen 80;
    server_name icinga-{{ datacenter }}.{{ domain }};
    rewrite ^ https://$host$request_uri? permanent;
}

server {
    listen 443 ssl;
    ssl_certificate "/etc/pki/tls/certs/star.{{ domain }}-combined.crt";
    ssl_certificate_key "/etc/pki/tls/private/star.{{ domain }}.key";
    ssl_dhparam "/etc/pki/tls/misc/dhparams.pem";
    ssl_session_cache shared:SSL:1m;
    ssl_session_timeout  10m;
    ssl_protocols TLSv1.1 TLSv1.2;
    ssl_ciphers HIGH:SEED:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!RSAPSK:!aDH:!aECDH:!EDH-DSS-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!SRP;
    ssl_prefer_server_ciphers on;
    server_name icinga-{{ datacenter }}.{{ domain }};

    root /usr/share/icingaweb2/public;
    index index.php;

    location ~ /\. {
        deny all;
        access_log off;
        log_not_found off;
    }

    location ~ \..*/.*\.php$ {
        return 403;
    }

   if (!-d $request_filename) {
       rewrite ^/(.+)/$ /$1 permanent;
   }

   location / {
       try_files $1 $uri $uri/ /index.php$is_args$args;
   }

    location ~ ^/icingaweb2(.+)? {
        alias /usr/share/icingaweb2/public;
        index index.php
        try_files $1 $uri $uri/ /icingaweb2/index.php$is_args$args;
    }

    location ~ ^/index\.php(.*)$ {
       fastcgi_index index.php;
       include /etc/nginx/fastcgi_params;
       try_files $uri =404;
       fastcgi_split_path_info ^(.+\.php)(/.+)$;
       fastcgi_pass 127.0.0.1:9000;
       fastcgi_param SCRIPT_FILENAME /usr/share/icingaweb2/public/index.php;
       fastcgi_param ICINGAWEB_CONFIGDIR /etc/icingaweb2;
       fastcgi_param REMOTE_USER $remote_user;
    }

}

## php-fpm.conf.j2
;;;;;;;;;;;;;;;;;;;;;
; FPM Configuration ;
;;;;;;;;;;;;;;;;;;;;;

include=/etc/opt/php70/php-fpm.d/*.conf

;;;;;;;;;;;;;;;;;;
; Global Options ;
;;;;;;;;;;;;;;;;;;

[global]
pid = /var/opt/run/php-fpm/php-fpm.pid
error_log = /var/log/php-fpm/error.log
log_level = notice
emergency_restart_threshold = 1
daemonize = yes
	server {
	listen 80;
	server_name icinga-{{ datacenter }}.{{ domain }};
	rewrite ^ https://$host$request_uri? permanent;
	}

	server {
	listen 443 ssl;
	ssl_certificate "/etc/pki/tls/certs/star.{{ domain }}-combined.crt";
	ssl_certificate_key "/etc/pki/tls/private/star.{{ domain }}.key";
	ssl_dhparam "/etc/pki/tls/misc/dhparams.pem";
	ssl_session_cache shared:SSL:1m;
	ssl_session_timeout 10m;
	ssl_protocols TLSv1.1 TLSv1.2;
	ssl_ciphers HIGH:SEED:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!RSAPSK:!aDH:!aECDH:!EDH-DSS-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!SRP;
	ssl_prefer_server_ciphers on;
	server_name icinga-{{ datacenter }}.{{ domain }};

	root /usr/share/icingaweb2/public;
	index index.php;

	location ~ /\. {
	deny all;
	access_log off;
	log_not_found off;
	}

	location ~ \../.\.php$ {
	return 403;
	}

	if (!-d $request_filename) {
	rewrite ^/(.+)/$ /$1 permanent;
	}

	location / {
	try_files $1 $uri $uri/ /index.php$is_args$args;
	}

	location ~ ^/icingaweb2(.+)? {
	alias /usr/share/icingaweb2/public;
	index index.php
	try_files $1 $uri $uri/ /icingaweb2/index.php$is_args$args;
	}

	location ~ ^/index\.php(.*)$ {
	fastcgi_index index.php;
	include /etc/nginx/fastcgi_params;
	try_files $uri =404;
	fastcgi_split_path_info ^(.+\.php)(/.+)$;
	fastcgi_pass 127.0.0.1:9000;
	fastcgi_param SCRIPT_FILENAME /usr/share/icingaweb2/public/index.php;
	fastcgi_param ICINGAWEB_CONFIGDIR /etc/icingaweb2;
	fastcgi_param REMOTE_USER $remote_user;
	}

	}
	;;;;;;;;;;;;;;;;;;;;;
	; FPM Configuration ;
	;;;;;;;;;;;;;;;;;;;;;

	include=/etc/opt/php70/php-fpm.d/*.conf

	;;;;;;;;;;;;;;;;;;
	; Global Options ;
	;;;;;;;;;;;;;;;;;;

	[global]
	pid = /var/opt/run/php-fpm/php-fpm.pid
	error_log = /var/log/php-fpm/error.log
	log_level = notice
	emergency_restart_threshold = 1
	daemonize = yes