Add 127.0.0.1:80, 443, and rewrite rules to the nginx config

2017-03-26 10:06:51 -06:00 · 2017-03-26 10:06:51 -06:00 · 50359e7230
parent 318abae8d7
commit 50359e7230
2 changed files with 218 additions and 8 deletions
--- a/freebsd/resources/nginx.sh
+++ b/freebsd/resources/nginx.sh
@ -28,7 +28,7 @@ if [ ."$php_version" = ."7" ]; then
 fi

 #enable fusionpbx nginx config
-#cp nginx/fusionpbx.conf /usr/local/etc/nginx/conf.d/fusionpbx
+cp nginx/fusionpbx.conf /usr/local/etc/nginx/conf.d/fusionpbx

 #self signed certificate
 #ln -s /etc/ssl/private/ssl-cert-snakeoil.key /etc/ssl/private/nginx.key
@ -44,4 +44,3 @@ mkdir -p /var/www/letsencrypt/
 service php-fpm restart
 service nginx restart

-
--- a/freebsd/resources/nginx/fusionpbx.conf
+++ b/freebsd/resources/nginx/fusionpbx.conf
@ -1,21 +1,28 @@
 server {
-        listen  80;
-        server_name  fusionpbx;
+        listen  127.0.0.1:80;
+        server_name  127.0.0.1;
 
+        #set the log files
        error_log /var/log/nginx/error.log info;
        access_log /var/log/nginx/access.log;

+        #set the default index files
        location / {
            root   /usr/local/www/fusionpbx;
            index  index.php index.html index.htm;
        }

+        #nginx settings
+        client_max_body_size 128M;
+        client_body_buffer_size 128k;
+
+        #http error handling
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   /usr/local/www/nginx-dist;
        }
 
-       # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
+        #pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        location ~ \.php$ {
            fastcgi_pass   127.0.0.1:9000;
            fastcgi_index  index.php;
@ -23,7 +30,211 @@ server {
            include        fastcgi_params;
        }
 
-        location ~ /\.ht {
-            deny  all;
+        #disable viewing of .htaccess, htpassword, and .db
+        location ~ /\.htaccess {
+                deny  all;
+        }
+        location ~ .htpassword {
+                deny all;
+        }
+        location ~^.+.(db)$ {
+                deny all;
        }
 }
+
+server {
+        listen  80;
+        server_name  fusionpbx;
+ 
+	#set the log files
+        error_log /var/log/nginx/error.log info;
+        access_log /var/log/nginx/access.log;
+
+	#set the default index files 
+        location / {
+            root   /usr/local/www/fusionpbx;
+            index  index.php index.html index.htm;
+        }
+
+	#rewrite rule - send to https with an exception for provisioning
+	#if ($uri !~* ^.*provision.*$) {
+	#	rewrite ^(.*) https://$host$1 permanent;
+	#	break;
+	#}
+
+	#rewrite rule - REST api
+	if ($uri ~* ^.*/api/.*$) {
+		rewrite ^(.*)/api/(.*)$ $1/api/index.php?rewrite_uri=$2 last;
+		break;
+	}
+ 
+        #algo
+        rewrite "^.*/provision/algom([A-Fa-f0-9]{12})\.conf" /app/provision/?mac=$1&file=algom%7b%24mac%7d.conf last;
+
+	#mitel
+	rewrite "^.*/provision/MN_([A-Fa-f0-9]{12})\.cfg" /app/provision/index.php?mac=$1&file=MN_%7b%24mac%7d.cfg last;
+	rewrite "^.*/provision/MN_Generic.cfg" /app/provision/index.php?mac=08000f000000&file=MN_Generic.cfg last;
+
+	#grandstream
+	rewrite "^.*/provision/cfg([A-Fa-f0-9]{12})(\.(xml|cfg))?$" /app/provision/?mac=$1;
+
+	#aastra
+	rewrite "^.*/provision/aastra.cfg$" /app/provision/?mac=$1&file=aastra.cfg;
+	#rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.(cfg))?$" /app/provision/?mac=$1 last;
+
+	#yealink common
+	rewrite "^.*/provision/(y[0-9]{12})(\.cfg)?$" /app/provision/index.php?file=$1.cfg;
+
+	#yealink mac
+	rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.(xml|cfg))?$" /app/provision/index.php?mac=$1 last;
+
+	#polycom
+	rewrite "^.*/provision/000000000000.cfg$" "/app/provision/?mac=$1&file={%24mac}.cfg";
+	#rewrite "^.*/provision/sip_330(\.(ld))$" /includes/firmware/sip_330.$2;
+	rewrite "^.*/provision/features.cfg$" /app/provision/?mac=$1&file=features.cfg;
+	rewrite "^.*/provision/([A-Fa-f0-9]{12})-sip.cfg$" /app/provision/?mac=$1&file=sip.cfg;
+	rewrite "^.*/provision/([A-Fa-f0-9]{12})-phone.cfg$" /app/provision/?mac=$1;
+	rewrite "^.*/provision/([A-Fa-f0-9]{12})-registration.cfg$" "/app/provision/?mac=$1&file={%24mac}-registration.cfg";
+	rewrite "^.*/provision/([A-Fa-f0-9]{12})-directory.xml$" "/app/provision/?mac=$1&file={%24mac}-directory.xml";
+
+	#cisco
+	rewrite "^.*/provision/file/(.*\.(xml|cfg))" /app/provision/?file=$1 last;
+
+	#Escene
+	rewrite "^.*/provision/([0-9]{1,11})_Extern.xml$"       "/app/provision/?ext=$1&file={%24mac}_extern.xml" last;
+	rewrite "^.*/provision/([0-9]{1,11})_Phonebook.xml$" "/app/provision/?ext=$1&file={%24mac}_phonebook.xml" last;
+
+	#nginx settings
+	client_max_body_size 128M;
+	client_body_buffer_size 128k;
+
+	#http error handling
+        error_page   500 502 503 504  /50x.html;
+        location = /50x.html {
+            root   /usr/local/www/nginx-dist;
+        }
+ 
+        #pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
+        location ~ \.php$ {
+            fastcgi_pass   127.0.0.1:9000;
+            fastcgi_index  index.php;
+            fastcgi_param  SCRIPT_FILENAME  /usr/local/www/fusionpbx$fastcgi_script_name;
+            include        fastcgi_params;
+        }
+ 
+	#disable viewing of .htaccess, htpassword, and .db
+        location ~ /\.htaccess {
+        	deny  all;
+        }
+	location ~ .htpassword {
+		deny all;
+	}
+	location ~^.+.(db)$ {
+		deny all;
+	}
+}
+
+server {
+        listen  443;
+        server_name  fusionpbx;
+
+	#set tls configuration
+	#ssl                     on;
+	#ssl_certificate         /etc/ssl/certs/nginx.crt;
+	#ssl_certificate_key     /etc/ssl/private/nginx.key;
+	#ssl_protocols           TLSv1 TLSv1.1 TLSv1.2;
+        #ssl_ciphers HIGH:!ADH:!MD5:!aNULL;
+
+	#letsencrypt
+	location /.well-known/acme-challenge {
+        	root /var/www/letsencrypt;
+	}
+
+        #set the log files
+        error_log /var/log/nginx/error.log info;
+        access_log /var/log/nginx/access.log;
+
+        #set the default index files
+        location / {
+            root   /usr/local/www/fusionpbx;
+            index  index.php index.html index.htm;
+        }
+
+        #rewrite rule - send to https with an exception for provisioning
+        #if ($uri !~* ^.*provision.*$) {
+        #       rewrite ^(.*) https://$host$1 permanent;
+        #       break;
+        #}
+
+        #rewrite rule - REST api
+        if ($uri ~* ^.*/api/.*$) {
+                rewrite ^(.*)/api/(.*)$ $1/api/index.php?rewrite_uri=$2 last;
+                break;
+        }
+
+        #algo
+        rewrite "^.*/provision/algom([A-Fa-f0-9]{12})\.conf" /app/provision/?mac=$1&file=algom%7b%24mac%7d.conf last;
+
+        #mitel
+        rewrite "^.*/provision/MN_([A-Fa-f0-9]{12})\.cfg" /app/provision/index.php?mac=$1&file=MN_%7b%24mac%7d.cfg last;
+        rewrite "^.*/provision/MN_Generic.cfg" /app/provision/index.php?mac=08000f000000&file=MN_Generic.cfg last;
+
+        #grandstream
+        rewrite "^.*/provision/cfg([A-Fa-f0-9]{12})(\.(xml|cfg))?$" /app/provision/?mac=$1;
+
+        #aastra
+        rewrite "^.*/provision/aastra.cfg$" /app/provision/?mac=$1&file=aastra.cfg;
+        #rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.(cfg))?$" /app/provision/?mac=$1 last;
+
+        #yealink common
+        rewrite "^.*/provision/(y[0-9]{12})(\.cfg)?$" /app/provision/index.php?file=$1.cfg;
+
+        #yealink mac
+        rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.(xml|cfg))?$" /app/provision/index.php?mac=$1 last;
+
+        #polycom
+        rewrite "^.*/provision/000000000000.cfg$" "/app/provision/?mac=$1&file={%24mac}.cfg";
+        #rewrite "^.*/provision/sip_330(\.(ld))$" /includes/firmware/sip_330.$2;
+        rewrite "^.*/provision/features.cfg$" /app/provision/?mac=$1&file=features.cfg;
+        rewrite "^.*/provision/([A-Fa-f0-9]{12})-sip.cfg$" /app/provision/?mac=$1&file=sip.cfg;
+        rewrite "^.*/provision/([A-Fa-f0-9]{12})-phone.cfg$" /app/provision/?mac=$1;
+        rewrite "^.*/provision/([A-Fa-f0-9]{12})-registration.cfg$" "/app/provision/?mac=$1&file={%24mac}-registration.cfg";
+        rewrite "^.*/provision/([A-Fa-f0-9]{12})-directory.xml$" "/app/provision/?mac=$1&file={%24mac}-directory.xml";
+
+        #cisco
+        rewrite "^.*/provision/file/(.*\.(xml|cfg))" /app/provision/?file=$1 last;
+
+        #Escene
+        rewrite "^.*/provision/([0-9]{1,11})_Extern.xml$"       "/app/provision/?ext=$1&file={%24mac}_extern.xml" last;
+        rewrite "^.*/provision/([0-9]{1,11})_Phonebook.xml$" "/app/provision/?ext=$1&file={%24mac}_phonebook.xml" last;
+
+        #nginx settings
+        client_max_body_size 128M;
+        client_body_buffer_size 128k;
+
+        #http error handling
+        error_page   500 502 503 504  /50x.html;
+        location = /50x.html {
+            root   /usr/local/www/nginx-dist;
+        }
+
+        #pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
+        location ~ \.php$ {
+            fastcgi_pass   127.0.0.1:9000;
+            fastcgi_index  index.php;
+            fastcgi_param  SCRIPT_FILENAME  /usr/local/www/fusionpbx$fastcgi_script_name;
+            include        fastcgi_params;
+        }
+
+        #disable viewing of .htaccess, htpassword, and .db
+        location ~ /\.htaccess {
+                deny  all;
+        }
+        location ~ .htpassword {
+                deny all;
+        }
+        location ~^.+.(db)$ {
+                deny all;
+        }
+
+}