You've already forked ansible-role-directadmin
276 lines
10 KiB
YAML
276 lines
10 KiB
YAML
- name: Ensure Custom SSL config for NGINX is created
|
|
copy:
|
|
dest: /etc/nginx/webapps.ssl.conf.custom
|
|
content: |
|
|
location ~ /(\.htaccess|\.htpasswd|\.user\.ini|\.env|\.git) {
|
|
deny all;
|
|
}
|
|
location ^~ /.well-known/acme-challenge {
|
|
root /var/www/html/;
|
|
index index.php index.html index.htm;
|
|
location ~ ^/.well-known/acme-challenge/ {
|
|
access_log off;
|
|
set $my_server_addr $server_addr;
|
|
if ($server_addr ~ ^[0-9a-fA-F:]+$) { set $my_server_addr [$server_addr]; }
|
|
proxy_pass https://$my_server_addr:8081;
|
|
proxy_set_header X-Client-IP $remote_addr;
|
|
proxy_set_header X-Accel-Internal /.well-known/acme-challenge/nginx_static_files;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_hide_header Upgrade;
|
|
}
|
|
location ~ ^/.well-known/acme-challenge/nginx_static_files/ {
|
|
access_log /var/log/nginx/access_log_proxy;
|
|
alias /var/www/html/;
|
|
internal;
|
|
}
|
|
}
|
|
location ^~ /roundcube {
|
|
root /var/www/html/;
|
|
index index.php index.html index.htm;
|
|
location ~ ^/roundcube/ {
|
|
access_log off;
|
|
set $my_server_addr $server_addr;
|
|
if ($server_addr ~ ^[0-9a-fA-F:]+$) { set $my_server_addr [$server_addr]; }
|
|
proxy_pass https://$my_server_addr:8081;
|
|
proxy_set_header X-Client-IP $remote_addr;
|
|
proxy_set_header X-Accel-Internal /roundcube/nginx_static_files;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_hide_header Upgrade;
|
|
}
|
|
location ~ ^/roundcube/nginx_static_files/ {
|
|
access_log /var/log/nginx/access_log_proxy;
|
|
alias /var/www/html/;
|
|
internal;
|
|
}
|
|
}
|
|
location ^~ /phpMyAdmin {
|
|
root /var/www/html/;
|
|
index index.php index.html index.htm;
|
|
location ~ ^/phpMyAdmin/ {
|
|
access_log off;
|
|
set $my_server_addr $server_addr;
|
|
if ($server_addr ~ ^[0-9a-fA-F:]+$) { set $my_server_addr [$server_addr]; }
|
|
proxy_pass https://$my_server_addr:8081;
|
|
proxy_set_header X-Client-IP $remote_addr;
|
|
proxy_set_header X-Accel-Internal /phpMyAdmin/nginx_static_files;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_hide_header Upgrade;
|
|
}
|
|
location ~ ^/phpMyAdmin/nginx_static_files/ {
|
|
access_log /var/log/nginx/access_log_proxy;
|
|
alias /var/www/html/;
|
|
internal;
|
|
}
|
|
}
|
|
location ~ ^/phpmyadmin {
|
|
rewrite ^/* /phpMyAdmin last;
|
|
}
|
|
location ~ ^/pma {
|
|
rewrite ^/* /phpMyAdmin last;
|
|
}
|
|
location ~ ^/webmail {
|
|
rewrite ^/* /roundcube last;
|
|
}
|
|
|
|
- name: Create Webmail V-Host (Nginx)
|
|
copy:
|
|
dest: /usr/local/directadmin/data/templates/custom/nginx_server.conf
|
|
content: |
|
|
server
|
|
{
|
|
listen |IP|:|PORT_80|;
|
|
|MULTI_IP|
|
|
|
|
server_name webmail.|DOMAIN|;
|
|
|
|
root /var/www/html/roundcube;
|
|
index index.php index.html index.htm;
|
|
access_log /var/log/nginx/domains/|DOMAIN|.log;
|
|
access_log /var/log/nginx/domains/|DOMAIN|.bytes bytes;
|
|
error_log /var/log/nginx/domains/|DOMAIN|.error.log;
|
|
|
|
|*if HAVE_PHP1_FPM="1"|
|
|
# use fastcgi for all php files
|
|
location ~ \.php$
|
|
{
|
|
try_files $uri =404;
|
|
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
|
include /etc/nginx/fastcgi_params;
|
|
fastcgi_index index.php;
|
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
|
include /etc/nginx/nginx_limits.conf;
|
|
|
|
if (-f $request_filename)
|
|
{
|
|
fastcgi_pass unix:/usr/local/php|PHP1_RELEASE|/sockets/webapps.sock;
|
|
}
|
|
}
|
|
|*endif|
|
|
|
|
|*if HAVE_NGINX_PROXY="1"|
|
|
location /
|
|
{
|
|
# access_log off;
|
|
proxy_pass http://127.0.0.1:|PORT_8080|;
|
|
proxy_set_header X-Client-IP $remote_addr;
|
|
proxy_set_header X-Accel-Internal /nginx_static_files;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
}
|
|
location /nginx_static_files/
|
|
{
|
|
# access_log /var/log/nginx/access_log_proxy;
|
|
alias /var/www/html/roundcube/;
|
|
internal;
|
|
}
|
|
|*endif|
|
|
|
|
# deny access to apache .htaccess files
|
|
location ~ /\.ht
|
|
{
|
|
deny all;
|
|
}
|
|
}
|
|
notify:
|
|
- "directadmin : Rewrite confs"
|
|
when: >
|
|
directadmin_webserver == 'nginx' or
|
|
directadmin_webserver == 'nginx_apache'
|
|
|
|
- name: Create Webmail V-Host (Secure - Nginx)
|
|
copy:
|
|
dest: /usr/local/directadmin/data/templates/custom/nginx_server_secure.conf
|
|
content: |
|
|
|CUSTOM1|
|
|
|?DOCROOT=`HOME`/domains/`DOMAIN`/private_html|
|
|
|?REALDOCROOT=`HOME`/domains/`DOMAIN`/private_html|
|
|
|?OPEN_BASEDIR_PATH=`HOME`/:/tmp:/opt/alt/php`PHP1_RELEASE`/usr/share/pear/:/dev/urandom:/var/tmp:/usr/local/lib/php/|
|
|
|?HOST_DOMAIN=`DOMAIN`|
|
|
|*if HOST_POINTER|
|
|
|?HOST_DOMAIN=`HOST_POINTER`|
|
|
|*endif|
|
|
server
|
|
{
|
|
|CUSTOM|
|
|
|
|
listen |IP|:|PORT_443| ssl|SPACE_HTTP2|;
|
|
|MULTI_IP|
|
|
|
|
server_name |HOST_DOMAIN| www.|HOST_DOMAIN| |SERVER_ALIASES|;
|
|
|
|
access_log /var/log/nginx/domains/|DOMAIN|.log;
|
|
access_log /var/log/nginx/domains/|DOMAIN|.bytes bytes;
|
|
error_log /var/log/nginx/domains/|DOMAIN|.error.log;
|
|
|
|
root |DOCROOT|;
|
|
|
|
index index.php index.html index.htm;
|
|
|
|
ssl_certificate |CERT|;
|
|
ssl_certificate_key |KEY|;
|
|
|
|
|FORCE_SSL_REDIRECT|
|
|
|
|
|NGINX_PHP_CONF|
|
|
|
|
|*if HAVE_NGINX_PROXY="1"|
|
|
location /
|
|
{
|
|
|CUSTOM2|
|
|
|LOCATION_INSERT|
|
|
# access_log off;
|
|
proxy_buffering |PROXY_BUFFERING|;
|
|
proxy_pass https://|PROXY_IP|:|PORT_8081|;
|
|
proxy_set_header X-Client-IP $remote_addr;
|
|
proxy_set_header X-Accel-Internal /nginx_static_files;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_hide_header Upgrade;
|
|
}
|
|
location /nginx_static_files/
|
|
{
|
|
# access_log /var/log/nginx/access_log_proxy;
|
|
alias |DOCROOT|/;
|
|
internal;
|
|
}
|
|
|*else|
|
|
|NGINX_REDIRECTS|
|
|
|PROTECTED_DIRECTORIES|
|
|
|HOTLINK_PROTECTION|
|
|
|EXTRA_LOCATIONS|
|
|
|*endif|
|
|
|
|
|CUSTOM3|
|
|
|
|
include /etc/nginx/webapps.ssl.conf.custom;
|
|
|
|
|CUSTOM4|
|
|
}
|
|
server
|
|
{
|
|
listen |IP|:|PORT_443| ssl|SPACE_HTTP2|;
|
|
|MULTI_IP|
|
|
|
|
server_name webmail.|DOMAIN|;
|
|
|
|
root /var/www/html/roundcube;
|
|
index index.php index.html index.htm;
|
|
access_log /var/log/nginx/domains/|DOMAIN|.log;
|
|
access_log /var/log/nginx/domains/|DOMAIN|.bytes bytes;
|
|
error_log /var/log/nginx/domains/|DOMAIN|.error.log;
|
|
|
|
ssl_certificate |CERT|;
|
|
ssl_certificate_key |KEY|;
|
|
|
|
|
|
|*if HAVE_PHP1_FPM="1"|
|
|
# use fastcgi for all php files
|
|
location ~ \.php$
|
|
{
|
|
try_files $uri =404;
|
|
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
|
include /etc/nginx/fastcgi_params;
|
|
fastcgi_index index.php;
|
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
|
include /etc/nginx/nginx_limits.conf;
|
|
|
|
if (-f $request_filename)
|
|
{
|
|
fastcgi_pass unix:/usr/local/php|PHP1_RELEASE|/sockets/webapps.sock;
|
|
}
|
|
}
|
|
|*endif|
|
|
|
|
|*if HAVE_NGINX_PROXY="1"|
|
|
location /
|
|
{
|
|
# access_log off;
|
|
proxy_pass http://127.0.0.1:|PORT_8080|;
|
|
proxy_set_header X-Client-IP $remote_addr;
|
|
proxy_set_header X-Accel-Internal /nginx_static_files;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
}
|
|
location /nginx_static_files/
|
|
{
|
|
# access_log /var/log/nginx/access_log_proxy;
|
|
alias /var/www/html/roundcube/;
|
|
internal;
|
|
}
|
|
|*endif|
|
|
|
|
# deny access to apache .htaccess files
|
|
location ~ /\.ht
|
|
{
|
|
deny all;
|
|
}
|
|
}
|
|
|
|
notify:
|
|
- "directadmin : Rewrite confs"
|
|
when: >
|
|
directadmin_webserver == 'nginx' or
|
|
directadmin_webserver == 'nginx_apache' |