Commit 0ce5c6ea authored by omega8cc's avatar omega8cc

Restore ability to automatic fallback to wildcard listen directive in Nginx and fix spacing.

parent 2b6a6ca5
......@@ -98,11 +98,11 @@
<?php
$nginx_has_gzip = drush_get_option('nginx_has_gzip');
if ($nginx_has_gzip) {
print " gzip_static on;\n";
print " gzip_static on;\n";
}
$nginx_has_upload_progress = drush_get_option('nginx_has_upload_progress');
if ($nginx_has_upload_progress) {
print " upload_progress uploads 1m;\n";
print " upload_progress uploads 1m;\n";
}
?>
......@@ -179,10 +179,17 @@ map $args $is_denied {
$ip_address = !empty($ip_address) ? $ip_address : '*';
?>
server {
limit_conn gulag 10; # like mod_evasive - this allows max 10 simultaneous connections from one IP address
<?php foreach ($server->ip_addresses as $ip) :?>
listen <?php print $ip . ':' . $http_port; ?>;
<?php endforeach; ?>
limit_conn gulag 18; # like mod_evasive - this allows max 18 simultaneous connections from one IP address
<?php
if ($ip_address == '*') {
print " listen {$ip_address}:{$http_port};\n";
}
else {
foreach ($server->ip_addresses as $ip) {
print " listen {$ip}:{$http_port};\n";
}
}
?>
server_name _;
location / {
root /var/www/nginx-default;
......
......@@ -4,52 +4,65 @@ if ($ssl_redirection || $this->redirection) {
// Redirect all aliases to the main http url using separate vhosts blocks to avoid if{} in Nginx.
foreach ($this->aliases as $alias_url) {
print "server {\n";
foreach ($server->ip_addresses as $ip) {
print " listen {$ip}:{$http_port};\n";
print " limit_conn gulag 18;\n";
if ($ip_address == '*') {
print " listen {$ip_address}:{$http_port};\n";
}
print " server_name {$alias_url};\n";
print " access_log off;\n";
print " rewrite ^ \$scheme://{$this->uri}\$request_uri? permanent;\n";
else {
foreach ($server->ip_addresses as $ip) {
print " listen {$ip}:{$http_port};\n";
}
}
print " server_name {$alias_url};\n";
print " access_log off;\n";
print " rewrite ^ \$scheme://{$this->uri}\$request_uri? permanent;\n";
print "}\n";
}
}
?>
server {
include <?php print "{$server->include_path}"; ?>/fastcgi_params.conf;
limit_conn gulag 18; # like mod_evasive - this allows max 18 simultaneous connections from one IP address
<?php foreach ($server->ip_addresses as $ip) :?>
listen <?php print $ip . ':' . $http_port; ?>;
<?php endforeach; ?>
server_name <?php print $this->uri; ?><?php if (!$this->redirection && is_array($this->aliases)) : foreach ($this->aliases as $alias_url) : if (trim($alias_url)) : ?> <?php print $alias_url; ?><?php endif; endforeach; endif; ?>;
root <?php print "{$this->root}"; ?>;
<?php print $extra_config; ?>
include <?php print "{$server->include_path}"; ?>/fastcgi_params.conf;
limit_conn gulag 18; # like mod_evasive - this allows max 18 simultaneous connections from one IP address
<?php
if ($ip_address == '*') {
print " listen {$ip_address}:{$http_port};\n";
}
else {
foreach ($server->ip_addresses as $ip) {
print " listen {$ip}:{$http_port};\n";
}
}
?>
server_name <?php print $this->uri; ?><?php if (!$this->redirection && is_array($this->aliases)) : foreach ($this->aliases as $alias_url) : if (trim($alias_url)) : ?> <?php print $alias_url; ?><?php endif; endforeach; endif; ?>;
root <?php print "{$this->root}"; ?>;
<?php print $extra_config; ?>
<?php
$nginx_has_upload_progress = drush_get_option('nginx_has_upload_progress');
if ($this->redirection || $ssl_redirection) {
if ($ssl_redirection && !$this->redirection) {
// redirect aliases in non-ssl to the same alias on ssl.
print "\n rewrite ^ https://\$host\$request_uri? permanent;\n";
print "\n rewrite ^ https://\$host\$request_uri? permanent;\n";
}
elseif ($ssl_redirection && $this->redirection) {
// redirect all aliases + main uri to the main https uri.
print "\n rewrite ^ https://{$this->uri}\$request_uri? permanent;\n";
print "\n rewrite ^ https://{$this->uri}\$request_uri? permanent;\n";
}
elseif (!$ssl_redirection && $this->redirection) {
if ($server->nginx_has_upload_progress) {
print " include " . $server->include_path . "/nginx_advanced_include.conf;\n";
print " include " . $server->include_path . "/nginx_advanced_include.conf;\n";
}
else {
print " include " . $server->include_path . "/nginx_simple_include.conf;\n";
print " include " . $server->include_path . "/nginx_simple_include.conf;\n";
}
}
}
else {
if ($server->nginx_has_upload_progress) {
print " include " . $server->include_path . "/nginx_advanced_include.conf;\n";
print " include " . $server->include_path . "/nginx_advanced_include.conf;\n";
}
else {
print " include " . $server->include_path . "/nginx_simple_include.conf;\n";
print " include " . $server->include_path . "/nginx_simple_include.conf;\n";
}
}
?>
......
......@@ -2,10 +2,19 @@
$ip_address = !empty($ip_address) ? $ip_address : '*';
?>
server {
listen <?php print $ip_address . ':' . $http_port; ?>;
limit_conn gulag 18;
<?php
if ($ip_address == '*') {
print " listen {$ip_address}:{$http_port};\n";
}
else {
foreach ($server->ip_addresses as $ip) {
print " listen {$ip}:{$http_port};\n";
}
}
?>
server_name <?php print $this->uri . ' ' . implode(' ', $this->aliases); ?>;
root /var/www/nginx-default;
index index.html index.htm;
### Dont't reveal Aegir front-end URL here.
}
......@@ -5,15 +5,13 @@
#######################################################
server {
limit_conn gulag 10; # like mod_evasive - this allows max 10 simultaneous connections from one IP address
limit_conn gulag 18; # like mod_evasive - this allows max 18 simultaneous connections from one IP address
<?php foreach ($server->ip_addresses as $ip) :?>
listen <?php print $ip . ':' . $http_ssl_port; ?>;
<?php
endforeach;
?>
listen <?php print $ip . ':' . $http_ssl_port; ?>;
<?php endforeach; ?>
server_name _;
location / {
root /var/www/nginx-default;
index index.html index.htm;
root /var/www/nginx-default;
index index.html index.htm;
}
}
......@@ -4,48 +4,49 @@
<?php if ($this->redirection): ?>
<?php foreach ($this->aliases as $alias_url): ?>
server {
listen <?php print "{$ip_address}:{$http_ssl_port}"; ?>;
server_name <?php print $alias_url; ?>;
ssl on;
ssl_certificate <?php print $ssl_cert; ?>;
ssl_certificate_key <?php print $ssl_cert_key; ?>;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers HIGH:!ADH:!MD5;
ssl_prefer_server_ciphers on;
keepalive_timeout 70;
rewrite ^ $scheme://<?php print $this->uri; ?>$request_uri? permanent;
limit_conn gulag 18;
listen <?php print "{$ip_address}:{$http_ssl_port}"; ?>;
server_name <?php print $alias_url; ?>;
ssl on;
ssl_certificate <?php print $ssl_cert; ?>;
ssl_certificate_key <?php print $ssl_cert_key; ?>;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers HIGH:!ADH:!MD5;
ssl_prefer_server_ciphers on;
keepalive_timeout 70;
rewrite ^ $scheme://<?php print $this->uri; ?>$request_uri? permanent;
}
<?php endforeach; ?>
<?php endif ?>
server {
include <?php print "{$server->include_path}"; ?>/fastcgi_ssl_params.conf;
limit_conn gulag 18; # like mod_evasive - this allows max 18 simultaneous connections from one IP address
listen <?php print "{$ip_address}:{$http_ssl_port}"; ?>;
server_name <?php print $this->uri; ?><?php if (!$this->redirection && is_array($this->aliases)) : foreach ($this->aliases as $alias_url) : if (trim($alias_url)) : ?> <?php print $alias_url; ?><?php endif; endforeach; endif; ?>;
root <?php print "{$this->root}"; ?>;
ssl on;
ssl_certificate <?php print $ssl_cert; ?>;
ssl_certificate_key <?php print $ssl_cert_key; ?>;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers HIGH:!ADH:!MD5;
ssl_prefer_server_ciphers on;
keepalive_timeout 70;
<?php print $extra_config; ?>
include <?php print "{$server->include_path}"; ?>/fastcgi_ssl_params.conf;
limit_conn gulag 18; # like mod_evasive - this allows max 18 simultaneous connections from one IP address
listen <?php print "{$ip_address}:{$http_ssl_port}"; ?>;
server_name <?php print $this->uri; ?><?php if (!$this->redirection && is_array($this->aliases)) : foreach ($this->aliases as $alias_url) : if (trim($alias_url)) : ?> <?php print $alias_url; ?><?php endif; endforeach; endif; ?>;
root <?php print "{$this->root}"; ?>;
ssl on;
ssl_certificate <?php print $ssl_cert; ?>;
ssl_certificate_key <?php print $ssl_cert_key; ?>;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers HIGH:!ADH:!MD5;
ssl_prefer_server_ciphers on;
keepalive_timeout 70;
<?php print $extra_config; ?>
<?php
$nginx_has_upload_progress = drush_get_option('nginx_has_upload_progress');
if ($nginx_has_upload_progress) {
print " include " . $server->include_path . "/nginx_advanced_include.conf;\n";
}
else {
print " include " . $server->include_path . "/nginx_simple_include.conf;\n";
}
if ($nginx_has_upload_progress) {
print " include " . $server->include_path . "/nginx_advanced_include.conf;\n";
}
else {
print " include " . $server->include_path . "/nginx_simple_include.conf;\n";
}
?>
}
<?php endif; ?>
<?php
// Generate the standard virtual host too.
include('http/nginx/vhost.tpl.php');
// Generate the standard virtual host too.
include('http/nginx/vhost.tpl.php');
?>
......@@ -2,26 +2,25 @@
<?php if ($this->ssl_enabled && $this->ssl_key) : ?>
server {
include <?php print "{$server->include_path}"; ?>/fastcgi_ssl_params.conf;
limit_conn gulag 10; # like mod_evasive - this allows max 10 simultaneous connections from one IP address
listen <?php print "{$ip_address}:{$http_ssl_port}"; ?>;
server_name <?php print $this->uri . ' ' . implode(' ', $this->aliases); ?>;
root /var/www/nginx-default;
index index.html index.htm;
ssl on;
ssl_certificate <?php print $ssl_cert; ?>;
ssl_certificate_key <?php print $ssl_cert_key; ?>;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers HIGH:!ADH:!MD5;
ssl_prefer_server_ciphers on;
keepalive_timeout 70;
### Dont't reveal Aegir front-end URL here.
include <?php print "{$server->include_path}"; ?>/fastcgi_ssl_params.conf;
limit_conn gulag 18;
listen <?php print "{$ip_address}:{$http_ssl_port}"; ?>;
server_name <?php print $this->uri . ' ' . implode(' ', $this->aliases); ?>;
root /var/www/nginx-default;
index index.html index.htm;
ssl on;
ssl_certificate <?php print $ssl_cert; ?>;
ssl_certificate_key <?php print $ssl_cert_key; ?>;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers HIGH:!ADH:!MD5;
ssl_prefer_server_ciphers on;
keepalive_timeout 70;
### Dont't reveal Aegir front-end URL here.
}
<?php endif; ?>
<?php
// Generate the standard virtual host too.
include('http/nginx/vhost_disabled.tpl.php');
<?php
// Generate the standard virtual host too.
include('http/nginx/vhost_disabled.tpl.php');
?>
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment