2023-02-07 19:52:54 +01:00
|
|
|
# This server block is the publicly exposed ServNest control interface
|
|
|
|
|
2023-04-11 16:14:20 +02:00
|
|
|
log_format servnest '|$time_local| [$ip_start]@$server_name $status $body_bytes_sent "$request"';
|
2023-01-29 21:14:36 +01:00
|
|
|
server {
|
|
|
|
listen [::1]:42443 ssl http2;
|
|
|
|
listen 127.0.0.1:42443 ssl http2;
|
|
|
|
server_name servnest.test;
|
|
|
|
|
|
|
|
root /srv/servnest/core;
|
|
|
|
|
|
|
|
include inc/errors.conf;
|
|
|
|
|
|
|
|
more_set_headers "Content-Security-Policy : default-src 'none'; style-src 'self'; frame-ancestors 'none'; form-action 'self';";
|
|
|
|
|
2023-02-07 19:52:54 +01:00
|
|
|
# Main ServNest interface
|
2023-01-29 21:14:36 +01:00
|
|
|
location / {
|
|
|
|
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
|
|
|
fastcgi_pass unix:/run/php-fpm/servnest.sock;
|
|
|
|
include inc/fastcgi.conf;
|
|
|
|
try_files /router.php =500;
|
|
|
|
}
|
|
|
|
|
2023-02-07 19:52:54 +01:00
|
|
|
# The router doesn't manage CSS files
|
2023-01-29 21:14:36 +01:00
|
|
|
location /css {
|
|
|
|
alias /srv/servnest/core/css;
|
|
|
|
}
|
|
|
|
|
|
|
|
location /docs {
|
|
|
|
alias /srv/servnest/docs;
|
|
|
|
}
|
|
|
|
|
2023-04-11 16:14:20 +02:00
|
|
|
access_log /var/log/nginx/servnest-access.log servnest if=$loggable;
|
|
|
|
|
2023-02-07 19:52:54 +01:00
|
|
|
# For a public server, these should point to a Let's Encrypt-trusted key pair
|
2023-04-20 11:32:57 +02:00
|
|
|
ssl_certificate /etc/ssl/certs/servnest.test.crt;
|
|
|
|
ssl_certificate_key /etc/ssl/private/servnest.test.key;
|
2023-01-29 21:14:36 +01:00
|
|
|
}
|
2023-04-11 16:14:20 +02:00
|
|
|
map $request_method $loggable { # Log only POST requests
|
|
|
|
"POST" 1;
|
|
|
|
default 0;
|
|
|
|
}
|
|
|
|
map $remote_addr $ip_start {
|
|
|
|
"~^(?P<ipv6_start>[^:]+:[^:]+)" $ipv6_start; # Log 4 first bytes for IPv6
|
|
|
|
"~^(?P<ipv4_start>[^.]+\.[^.]+\.[^.]+)" $ipv4_start; # Log 3 first bytes for IPv4
|
|
|
|
default $remote_addr;
|
|
|
|
}
|