17f1b2a20a
It creates a folder, the nginx vhost for certbot and HTTP redirects, and also runs certbot and recreates the nginx vhost that includes the TLS cert
31 lines
1.0 KiB
Plaintext
31 lines
1.0 KiB
Plaintext
<% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
|
|
server {
|
|
listen 443 ssl;
|
|
server_name <%= @server_name %>;
|
|
|
|
access_log /var/log/nginx/<%= @server_name %>.access.log;
|
|
error_log /var/log/nginx/<%= @server_name %>.error.log;
|
|
|
|
root <%= @docroot %>;
|
|
index index.php;
|
|
|
|
location / {
|
|
try_files $uri $uri/ /index.php?$args;
|
|
}
|
|
|
|
location ~ \.php$ {
|
|
try_files $uri =404;
|
|
include fastcgi_params;
|
|
fastcgi_pass 127.0.0.1:9002;
|
|
fastcgi_param SCRIPT_FILENAME <%= @docroot %>$fastcgi_script_name;
|
|
# Remove the HTTP_PROXY parameter, protect from the HTTPoxy vulnerability
|
|
# https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/
|
|
fastcgi_param HTTP_PROXY "";
|
|
}
|
|
|
|
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains";
|
|
ssl_certificate <%= @ssl_cert %>;
|
|
ssl_certificate_key <%= @ssl_key %>;
|
|
}
|
|
<% end -%>
|