- name: Ensure Custom SSL config for NGINX is created copy: dest: /etc/nginx/webapps.ssl.conf.custom content: | location ~ /(\.htaccess|\.htpasswd|\.user\.ini|\.env|\.git) { deny all; } location ^~ /.well-known/acme-challenge { root /var/www/html/; index index.php index.html index.htm; location ~ ^/.well-known/acme-challenge/ { access_log off; set $my_server_addr $server_addr; if ($server_addr ~ ^[0-9a-fA-F:]+$) { set $my_server_addr [$server_addr]; } proxy_pass https://$my_server_addr:8081; proxy_set_header X-Client-IP $remote_addr; proxy_set_header X-Accel-Internal /.well-known/acme-challenge/nginx_static_files; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_hide_header Upgrade; } location ~ ^/.well-known/acme-challenge/nginx_static_files/ { access_log /var/log/nginx/access_log_proxy; alias /var/www/html/; internal; } } location ^~ /roundcube { root /var/www/html/; index index.php index.html index.htm; location ~ ^/roundcube/ { access_log off; set $my_server_addr $server_addr; if ($server_addr ~ ^[0-9a-fA-F:]+$) { set $my_server_addr [$server_addr]; } proxy_pass https://$my_server_addr:8081; proxy_set_header X-Client-IP $remote_addr; proxy_set_header X-Accel-Internal /roundcube/nginx_static_files; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_hide_header Upgrade; } location ~ ^/roundcube/nginx_static_files/ { access_log /var/log/nginx/access_log_proxy; alias /var/www/html/; internal; } } location ^~ /phpMyAdmin { root /var/www/html/; index index.php index.html index.htm; location ~ ^/phpMyAdmin/ { access_log off; set $my_server_addr $server_addr; if ($server_addr ~ ^[0-9a-fA-F:]+$) { set $my_server_addr [$server_addr]; } proxy_pass https://$my_server_addr:8081; proxy_set_header X-Client-IP $remote_addr; proxy_set_header X-Accel-Internal /phpMyAdmin/nginx_static_files; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_hide_header Upgrade; } location ~ ^/phpMyAdmin/nginx_static_files/ { access_log /var/log/nginx/access_log_proxy; alias /var/www/html/; internal; } } location ~ ^/phpmyadmin { rewrite ^/* /phpMyAdmin last; } location ~ ^/pma { rewrite ^/* /phpMyAdmin last; } location ~ ^/webmail { rewrite ^/* /roundcube last; } - name: Create Webmail V-Host (Nginx) copy: dest: /usr/local/directadmin/data/templates/custom/nginx_server.conf content: | server { listen |IP|:|PORT_80|; |MULTI_IP| server_name webmail.|DOMAIN|; root /var/www/html/roundcube; index index.php index.html index.htm; access_log /var/log/nginx/domains/|DOMAIN|.log; access_log /var/log/nginx/domains/|DOMAIN|.bytes bytes; error_log /var/log/nginx/domains/|DOMAIN|.error.log; |*if HAVE_PHP1_FPM="1"| # use fastcgi for all php files location ~ \.php$ { try_files $uri =404; fastcgi_split_path_info ^(.+\.php)(/.+)$; include /etc/nginx/fastcgi_params; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include /etc/nginx/nginx_limits.conf; if (-f $request_filename) { fastcgi_pass unix:/usr/local/php|PHP1_RELEASE|/sockets/webapps.sock; } } |*endif| |*if HAVE_NGINX_PROXY="1"| location / { # access_log off; proxy_pass http://127.0.0.1:|PORT_8080|; proxy_set_header X-Client-IP $remote_addr; proxy_set_header X-Accel-Internal /nginx_static_files; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } location /nginx_static_files/ { # access_log /var/log/nginx/access_log_proxy; alias /var/www/html/roundcube/; internal; } |*endif| # deny access to apache .htaccess files location ~ /\.ht { deny all; } } notify: - "directadmin : Rewrite confs" when: > directadmin_webserver == 'nginx' or directadmin_webserver == 'nginx_apache' - name: Create Webmail V-Host (Secure - Nginx) copy: dest: /usr/local/directadmin/data/templates/custom/nginx_server_secure.conf content: | |CUSTOM1| |?DOCROOT=`HOME`/domains/`DOMAIN`/private_html| |?REALDOCROOT=`HOME`/domains/`DOMAIN`/private_html| |?OPEN_BASEDIR_PATH=`HOME`/:/tmp:/opt/alt/php`PHP1_RELEASE`/usr/share/pear/:/dev/urandom:/var/tmp:/usr/local/lib/php/| |?HOST_DOMAIN=`DOMAIN`| |*if HOST_POINTER| |?HOST_DOMAIN=`HOST_POINTER`| |*endif| server { |CUSTOM| listen |IP|:|PORT_443| ssl|SPACE_HTTP2|; |MULTI_IP| server_name |HOST_DOMAIN| www.|HOST_DOMAIN| |SERVER_ALIASES|; access_log /var/log/nginx/domains/|DOMAIN|.log; access_log /var/log/nginx/domains/|DOMAIN|.bytes bytes; error_log /var/log/nginx/domains/|DOMAIN|.error.log; root |DOCROOT|; index index.php index.html index.htm; ssl_certificate |CERT|; ssl_certificate_key |KEY|; |FORCE_SSL_REDIRECT| |NGINX_PHP_CONF| |*if HAVE_NGINX_PROXY="1"| location / { |CUSTOM2| |LOCATION_INSERT| # access_log off; proxy_buffering |PROXY_BUFFERING|; proxy_pass https://|PROXY_IP|:|PORT_8081|; proxy_set_header X-Client-IP $remote_addr; proxy_set_header X-Accel-Internal /nginx_static_files; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_hide_header Upgrade; } location /nginx_static_files/ { # access_log /var/log/nginx/access_log_proxy; alias |DOCROOT|/; internal; } |*else| |NGINX_REDIRECTS| |PROTECTED_DIRECTORIES| |HOTLINK_PROTECTION| |EXTRA_LOCATIONS| |*endif| |CUSTOM3| include /etc/nginx/webapps.ssl.conf.custom; |CUSTOM4| } server { listen |IP|:|PORT_443| ssl|SPACE_HTTP2|; |MULTI_IP| server_name webmail.|DOMAIN|; root /var/www/html/roundcube; index index.php index.html index.htm; access_log /var/log/nginx/domains/|DOMAIN|.log; access_log /var/log/nginx/domains/|DOMAIN|.bytes bytes; error_log /var/log/nginx/domains/|DOMAIN|.error.log; ssl_certificate |CERT|; ssl_certificate_key |KEY|; |*if HAVE_PHP1_FPM="1"| # use fastcgi for all php files location ~ \.php$ { try_files $uri =404; fastcgi_split_path_info ^(.+\.php)(/.+)$; include /etc/nginx/fastcgi_params; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include /etc/nginx/nginx_limits.conf; if (-f $request_filename) { fastcgi_pass unix:/usr/local/php|PHP1_RELEASE|/sockets/webapps.sock; } } |*endif| |*if HAVE_NGINX_PROXY="1"| location / { # access_log off; proxy_pass http://127.0.0.1:|PORT_8080|; proxy_set_header X-Client-IP $remote_addr; proxy_set_header X-Accel-Internal /nginx_static_files; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } location /nginx_static_files/ { # access_log /var/log/nginx/access_log_proxy; alias /var/www/html/roundcube/; internal; } |*endif| # deny access to apache .htaccess files location ~ /\.ht { deny all; } } notify: - "directadmin : Rewrite confs" when: > directadmin_webserver == 'nginx' or directadmin_webserver == 'nginx_apache'