From 50359e72307619990a32ca423a80fdab8e1be58e Mon Sep 17 00:00:00 2001
From: Mark J Crane <markjcrane@gmail.com>
Date: Sun, 26 Mar 2017 10:06:51 -0600
Subject: [PATCH] Add 127.0.0.1:80, 443, and rewrite rules to the nginx config

---
 freebsd/resources/nginx.sh             |   3 +-
 freebsd/resources/nginx/fusionpbx.conf | 223 ++++++++++++++++++++++++-
 2 files changed, 218 insertions(+), 8 deletions(-)

diff --git a/freebsd/resources/nginx.sh b/freebsd/resources/nginx.sh
index a65b854..df6d9a5 100755
--- a/freebsd/resources/nginx.sh
+++ b/freebsd/resources/nginx.sh
@@ -28,7 +28,7 @@ if [ ."$php_version" = ."7" ]; then
 fi
 
 #enable fusionpbx nginx config
-#cp nginx/fusionpbx.conf /usr/local/etc/nginx/conf.d/fusionpbx
+cp nginx/fusionpbx.conf /usr/local/etc/nginx/conf.d/fusionpbx
 
 #self signed certificate
 #ln -s /etc/ssl/private/ssl-cert-snakeoil.key /etc/ssl/private/nginx.key
@@ -44,4 +44,3 @@ mkdir -p /var/www/letsencrypt/
 service php-fpm restart
 service nginx restart
 
-
diff --git a/freebsd/resources/nginx/fusionpbx.conf b/freebsd/resources/nginx/fusionpbx.conf
index a06010a..32742d6 100644
--- a/freebsd/resources/nginx/fusionpbx.conf
+++ b/freebsd/resources/nginx/fusionpbx.conf
@@ -1,21 +1,28 @@
 server {
-        listen  80;
-        server_name  fusionpbx;
+        listen  127.0.0.1:80;
+        server_name  127.0.0.1;
  
+        #set the log files
         error_log /var/log/nginx/error.log info;
         access_log /var/log/nginx/access.log;
 
+        #set the default index files
         location / {
             root   /usr/local/www/fusionpbx;
             index  index.php index.html index.htm;
         }
- 
+
+        #nginx settings
+        client_max_body_size 128M;
+        client_body_buffer_size 128k;
+
+        #http error handling
         error_page   500 502 503 504  /50x.html;
         location = /50x.html {
             root   /usr/local/www/nginx-dist;
         }
  
-       # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
+        #pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
         location ~ \.php$ {
             fastcgi_pass   127.0.0.1:9000;
             fastcgi_index  index.php;
@@ -23,7 +30,211 @@ server {
             include        fastcgi_params;
         }
  
-        location ~ /\.ht {
-            deny  all;
+        #disable viewing of .htaccess, htpassword, and .db
+        location ~ /\.htaccess {
+                deny  all;
+        }
+        location ~ .htpassword {
+                deny all;
+        }
+        location ~^.+.(db)$ {
+                deny all;
         }
 }
+
+server {
+        listen  80;
+        server_name  fusionpbx;
+ 
+	#set the log files
+        error_log /var/log/nginx/error.log info;
+        access_log /var/log/nginx/access.log;
+
+	#set the default index files 
+        location / {
+            root   /usr/local/www/fusionpbx;
+            index  index.php index.html index.htm;
+        }
+
+	#rewrite rule - send to https with an exception for provisioning
+	#if ($uri !~* ^.*provision.*$) {
+	#	rewrite ^(.*) https://$host$1 permanent;
+	#	break;
+	#}
+
+	#rewrite rule - REST api
+	if ($uri ~* ^.*/api/.*$) {
+		rewrite ^(.*)/api/(.*)$ $1/api/index.php?rewrite_uri=$2 last;
+		break;
+	}
+ 
+        #algo
+        rewrite "^.*/provision/algom([A-Fa-f0-9]{12})\.conf" /app/provision/?mac=$1&file=algom%7b%24mac%7d.conf last;
+
+	#mitel
+	rewrite "^.*/provision/MN_([A-Fa-f0-9]{12})\.cfg" /app/provision/index.php?mac=$1&file=MN_%7b%24mac%7d.cfg last;
+	rewrite "^.*/provision/MN_Generic.cfg" /app/provision/index.php?mac=08000f000000&file=MN_Generic.cfg last;
+
+	#grandstream
+	rewrite "^.*/provision/cfg([A-Fa-f0-9]{12})(\.(xml|cfg))?$" /app/provision/?mac=$1;
+
+	#aastra
+	rewrite "^.*/provision/aastra.cfg$" /app/provision/?mac=$1&file=aastra.cfg;
+	#rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.(cfg))?$" /app/provision/?mac=$1 last;
+
+	#yealink common
+	rewrite "^.*/provision/(y[0-9]{12})(\.cfg)?$" /app/provision/index.php?file=$1.cfg;
+
+	#yealink mac
+	rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.(xml|cfg))?$" /app/provision/index.php?mac=$1 last;
+
+	#polycom
+	rewrite "^.*/provision/000000000000.cfg$" "/app/provision/?mac=$1&file={%24mac}.cfg";
+	#rewrite "^.*/provision/sip_330(\.(ld))$" /includes/firmware/sip_330.$2;
+	rewrite "^.*/provision/features.cfg$" /app/provision/?mac=$1&file=features.cfg;
+	rewrite "^.*/provision/([A-Fa-f0-9]{12})-sip.cfg$" /app/provision/?mac=$1&file=sip.cfg;
+	rewrite "^.*/provision/([A-Fa-f0-9]{12})-phone.cfg$" /app/provision/?mac=$1;
+	rewrite "^.*/provision/([A-Fa-f0-9]{12})-registration.cfg$" "/app/provision/?mac=$1&file={%24mac}-registration.cfg";
+	rewrite "^.*/provision/([A-Fa-f0-9]{12})-directory.xml$" "/app/provision/?mac=$1&file={%24mac}-directory.xml";
+
+	#cisco
+	rewrite "^.*/provision/file/(.*\.(xml|cfg))" /app/provision/?file=$1 last;
+
+	#Escene
+	rewrite "^.*/provision/([0-9]{1,11})_Extern.xml$"       "/app/provision/?ext=$1&file={%24mac}_extern.xml" last;
+	rewrite "^.*/provision/([0-9]{1,11})_Phonebook.xml$" "/app/provision/?ext=$1&file={%24mac}_phonebook.xml" last;
+
+	#nginx settings
+	client_max_body_size 128M;
+	client_body_buffer_size 128k;
+
+	#http error handling
+        error_page   500 502 503 504  /50x.html;
+        location = /50x.html {
+            root   /usr/local/www/nginx-dist;
+        }
+ 
+        #pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
+        location ~ \.php$ {
+            fastcgi_pass   127.0.0.1:9000;
+            fastcgi_index  index.php;
+            fastcgi_param  SCRIPT_FILENAME  /usr/local/www/fusionpbx$fastcgi_script_name;
+            include        fastcgi_params;
+        }
+ 
+	#disable viewing of .htaccess, htpassword, and .db
+        location ~ /\.htaccess {
+        	deny  all;
+        }
+	location ~ .htpassword {
+		deny all;
+	}
+	location ~^.+.(db)$ {
+		deny all;
+	}
+}
+
+server {
+        listen  443;
+        server_name  fusionpbx;
+
+	#set tls configuration
+	#ssl                     on;
+	#ssl_certificate         /etc/ssl/certs/nginx.crt;
+	#ssl_certificate_key     /etc/ssl/private/nginx.key;
+	#ssl_protocols           TLSv1 TLSv1.1 TLSv1.2;
+        #ssl_ciphers HIGH:!ADH:!MD5:!aNULL;
+
+	#letsencrypt
+	location /.well-known/acme-challenge {
+        	root /var/www/letsencrypt;
+	}
+
+        #set the log files
+        error_log /var/log/nginx/error.log info;
+        access_log /var/log/nginx/access.log;
+
+        #set the default index files
+        location / {
+            root   /usr/local/www/fusionpbx;
+            index  index.php index.html index.htm;
+        }
+
+        #rewrite rule - send to https with an exception for provisioning
+        #if ($uri !~* ^.*provision.*$) {
+        #       rewrite ^(.*) https://$host$1 permanent;
+        #       break;
+        #}
+
+        #rewrite rule - REST api
+        if ($uri ~* ^.*/api/.*$) {
+                rewrite ^(.*)/api/(.*)$ $1/api/index.php?rewrite_uri=$2 last;
+                break;
+        }
+
+        #algo
+        rewrite "^.*/provision/algom([A-Fa-f0-9]{12})\.conf" /app/provision/?mac=$1&file=algom%7b%24mac%7d.conf last;
+
+        #mitel
+        rewrite "^.*/provision/MN_([A-Fa-f0-9]{12})\.cfg" /app/provision/index.php?mac=$1&file=MN_%7b%24mac%7d.cfg last;
+        rewrite "^.*/provision/MN_Generic.cfg" /app/provision/index.php?mac=08000f000000&file=MN_Generic.cfg last;
+
+        #grandstream
+        rewrite "^.*/provision/cfg([A-Fa-f0-9]{12})(\.(xml|cfg))?$" /app/provision/?mac=$1;
+
+        #aastra
+        rewrite "^.*/provision/aastra.cfg$" /app/provision/?mac=$1&file=aastra.cfg;
+        #rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.(cfg))?$" /app/provision/?mac=$1 last;
+
+        #yealink common
+        rewrite "^.*/provision/(y[0-9]{12})(\.cfg)?$" /app/provision/index.php?file=$1.cfg;
+
+        #yealink mac
+        rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.(xml|cfg))?$" /app/provision/index.php?mac=$1 last;
+
+        #polycom
+        rewrite "^.*/provision/000000000000.cfg$" "/app/provision/?mac=$1&file={%24mac}.cfg";
+        #rewrite "^.*/provision/sip_330(\.(ld))$" /includes/firmware/sip_330.$2;
+        rewrite "^.*/provision/features.cfg$" /app/provision/?mac=$1&file=features.cfg;
+        rewrite "^.*/provision/([A-Fa-f0-9]{12})-sip.cfg$" /app/provision/?mac=$1&file=sip.cfg;
+        rewrite "^.*/provision/([A-Fa-f0-9]{12})-phone.cfg$" /app/provision/?mac=$1;
+        rewrite "^.*/provision/([A-Fa-f0-9]{12})-registration.cfg$" "/app/provision/?mac=$1&file={%24mac}-registration.cfg";
+        rewrite "^.*/provision/([A-Fa-f0-9]{12})-directory.xml$" "/app/provision/?mac=$1&file={%24mac}-directory.xml";
+
+        #cisco
+        rewrite "^.*/provision/file/(.*\.(xml|cfg))" /app/provision/?file=$1 last;
+
+        #Escene
+        rewrite "^.*/provision/([0-9]{1,11})_Extern.xml$"       "/app/provision/?ext=$1&file={%24mac}_extern.xml" last;
+        rewrite "^.*/provision/([0-9]{1,11})_Phonebook.xml$" "/app/provision/?ext=$1&file={%24mac}_phonebook.xml" last;
+
+        #nginx settings
+        client_max_body_size 128M;
+        client_body_buffer_size 128k;
+
+        #http error handling
+        error_page   500 502 503 504  /50x.html;
+        location = /50x.html {
+            root   /usr/local/www/nginx-dist;
+        }
+
+        #pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
+        location ~ \.php$ {
+            fastcgi_pass   127.0.0.1:9000;
+            fastcgi_index  index.php;
+            fastcgi_param  SCRIPT_FILENAME  /usr/local/www/fusionpbx$fastcgi_script_name;
+            include        fastcgi_params;
+        }
+
+        #disable viewing of .htaccess, htpassword, and .db
+        location ~ /\.htaccess {
+                deny  all;
+        }
+        location ~ .htpassword {
+                deny all;
+        }
+        location ~^.+.(db)$ {
+                deny all;
+        }
+
+}