servnest
/
servnest-mkosi
1
1
Fork 0
Code Issues Pull Requests Releases Activity
servnest-mkosi/install/nginx/sites/interface.conf

47 lines
1.3 KiB
Plaintext
Raw Blame History

# This server block is the publicly exposed ServNest control interface
log_format servnest '|$time_local| [$ip_start]@$server_name $status $body_bytes_sent "$request"';
server {
listen [::1]:42443 ssl http2;
listen 127.0.0.1:42443 ssl http2;
server_name servnest.test;
root /srv/servnest/core;
include inc/errors.conf;
more_set_headers "Content-Security-Policy : default-src 'none'; style-src 'self'; frame-ancestors 'none'; form-action 'self';";
# Main ServNest interface
location / {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/run/php-fpm/servnest.sock;
include inc/fastcgi.conf;
try_files /router.php =500;
}
# The router doesn't manage CSS files
location /css {
alias /srv/servnest/core/css;
}
location /docs {
alias /srv/servnest/docs;
}
access_log /var/log/nginx/servnest-access.log servnest if=$loggable;
# For a public server, these should point to a Let's Encrypt-trusted key pair
ssl_certificate /etc/ssl/certs/servnest.test.crt;
ssl_certificate_key /etc/ssl/private/servnest.test.key;
}
map $request_method $loggable { # Log only POST requests
"POST" 1;
default 0;
}
map $remote_addr $ip_start {
"~^(?P<ipv6_start>[^:]+:[^:]+)" $ipv6_start; # Log 4 first bytes for IPv6
"~^(?P<ipv4_start>[^.]+\.[^.]+\.[^.]+)" $ipv4_start; # Log 3 first bytes for IPv4
default $remote_addr;
}
Reference in New Issue View Git Blame Copy Permalink