diff options
author | jeschli <jeschli@gmail.com> | 2018-06-19 09:52:04 +0200 |
---|---|---|
committer | jeschli <jeschli@gmail.com> | 2018-06-19 09:52:04 +0200 |
commit | 324a8615f19c267d67b8a96d8e74b648c875ba04 (patch) | |
tree | 8f7444a8e69ae254354a83a119d1c62bfaf95989 /lass/2configs/websites/util.nix | |
parent | 2a3f60d6fb3cd8d5f1ead4e5ff43fc9364eedad3 (diff) | |
parent | 8eca9165ce6ffaba1076a916bfa475eb935f0a6f (diff) |
Merge remote-tracking branch 'origin/staging/jeschli'
Diffstat (limited to 'lass/2configs/websites/util.nix')
-rw-r--r-- | lass/2configs/websites/util.nix | 69 |
1 files changed, 56 insertions, 13 deletions
diff --git a/lass/2configs/websites/util.nix b/lass/2configs/websites/util.nix index 62055d0fd..816449c14 100644 --- a/lass/2configs/websites/util.nix +++ b/lass/2configs/websites/util.nix @@ -16,11 +16,7 @@ rec { in { services.nginx.virtualHosts.${domain} = { enableACME = true; - enableSSL = true; - extraConfig = '' - listen 80; - listen [::]:80; - ''; + addSSL = true; serverAliases = domains; locations."/".extraConfig = '' root /srv/http/${domain}; @@ -28,18 +24,68 @@ rec { }; }; + servephpBB = domains: + let + domain = head domains; + + in { + services.nginx.virtualHosts."${domain}" = { + serverAliases = domains; + extraConfig = '' + index index.php; + root /srv/http/${domain}/; + access_log /tmp/nginx_acc.log; + error_log /tmp/nginx_err.log; + error_page 404 /404.html; + error_page 500 502 503 504 /50x.html; + client_max_body_size 100m; + ''; + locations."/".extraConfig = '' + try_files $uri $uri/ /index.php?$args; + ''; + locations."~ \.php(?:$|/)".extraConfig = '' + fastcgi_split_path_info ^(.+\.php)(/.+)$; + include ${pkgs.nginx}/conf/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param HTTPS on; + fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice + fastcgi_pass unix:/srv/http/${domain}/phpfpm.pool; + fastcgi_intercept_errors on; + ''; + #Directives to send expires headers and turn off 404 error logging. + locations."~* ^.+\.(xml|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$".extraConfig = '' + access_log off; + log_not_found off; + expires max; + ''; + }; + services.phpfpm.poolConfigs."${domain}" = '' + listen = /srv/http/${domain}/phpfpm.pool + user = nginx + group = nginx + pm = dynamic + pm.max_children = 25 + pm.start_servers = 5 + pm.min_spare_servers = 3 + pm.max_spare_servers = 20 + listen.owner = nginx + listen.group = nginx + php_admin_value[error_log] = 'stderr' + php_admin_flag[log_errors] = on + catch_workers_output = yes + ''; + }; + serveOwncloud = domains: let domain = head domains; in { services.nginx.virtualHosts."${domain}" = { enableACME = true; - enableSSL = true; + addSSL = true; serverAliases = domains; extraConfig = '' - listen 80; - listen [::]:80; - # Add headers to serve security related headers add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; add_header X-Content-Type-Options nosniff; @@ -148,12 +194,9 @@ rec { in { services.nginx.virtualHosts."${domain}" = { enableACME = true; - enableSSL = true; + addSSL = true; serverAliases = domains; extraConfig = '' - listen 80; - listen [::]:80; - root /srv/http/${domain}/; index index.php; access_log /tmp/nginx_acc.log; |