Add sites-enabled/h5ai.conf

sites-enabled/h5ai.conf

@@ -0,0 +1,131 @@
+server {
+    index index.php /_h5ai/public/index.php;
+
+    #Set Domain Name
+    server_name  cios.dhitechnical.com;
+    #Enable Follow Symlink
+    disable_symlinks off;
+
+    #Set the document root
+    root /mnt/zpool0_nfs/cios_www;
+
+    #Send logs to SYSLOG server
+    access_log syslog:server=172.16.1.92:12201,facility=local7,tag=nginx_access main;
+    error_log syslog:server=172.16.1.92:12201,facility=local7,tag=nginx_error error;
+
+    #CIOS Main Access Log - Full Output
+    access_log  /var/log/nginx/cios_dhitechnical_com_access.log main;
+
+    #CIOS Main Error Log - Full Output
+    error_log   /var/log/nginx/cios_dhitechnical_com_error.log warn;
+
+    #CIOS Download Log - Tight Output
+    access_log /var/log/nginx/cios_dhitechnical_com_download.log download;
+
+    #CIOS Access Log - For GoAccess Stats
+    access_log /var/log/nginx/cios/access.log main;
+
+    # Performance optimizations
+    sendfile on;
+    tcp_nopush on;
+    tcp_nodelay on;
+    keepalive_timeout 65;
+    types_hash_max_size 2048;
+
+    #Setup basic auth for root of website
+    auth_basic "Contact webmaster@dhitechnical.com for login, Or connect via FTP @ anonymous@cios.dhitechnical.com";
+    auth_basic_user_file /etc/nginx/.htpasswd;
+
+    #If ether of these documents exist then display them
+    if (-f $document_root/maintenance.html) {
+            return 503;
+    }
+    error_page 503 @maintenance;
+    location @maintenance {
+            rewrite ^(.*)$ /maintenance.html break;
+    }
+
+    #If basic auth fails, then display custom page
+    error_page 401 /401.html;
+    location = /401.html {
+        auth_basic "off";
+        root /var/www/html/error;
+        internal;
+    }
+
+    #If server returns 504 display custom page
+    error_page 504 /504.html;
+    location =/504.html {
+        auth_basic "off";
+        root /var/www/html/error;
+        internal;
+    }
+
+    #Define this location as private
+    location /_h5ai/private {
+        return 403;
+    }
+
+    # Serve static assets (CSS, JS, icons, etc.) directly1~# Serve static assets (CSS, JS, icons, etc.) directly
+    location ~* \.(?:jpg|jpeg|png|gif|ico|css|js|svg|woff2?|ttf|eot|mp4|mkv|webm|zip|tar|gz|bz2)$ {
+        access_log off;
+        expires 30d;
+        add_header Cache-Control "public";
+        try_files $uri =404;
+    }
+
+    #Main directive for CIOS h5ai, this is a PHP app, and is will use PHP-FPM via a unix socket
+    location ~ [^/]\.php(/|$) {
+    fastcgi_split_path_info ^(.+?\.php)(/.*)$;
+
+    if (!-f $document_root$fastcgi_script_name) {
+        return 404;
+    }
+    fastcgi_param HTTP_PROXY "";
+
+    fastcgi_pass unix:/run/php/php8.3-fpm.sock;
+    fastcgi_index index.php;
+
+    include fastcgi_params;
+
+    fastcgi_param  SCRIPT_FILENAME   $document_root$fastcgi_script_name;
+    fastcgi_param  PATH_INFO         $fastcgi_path_info;
+
+    # Needed for X-Accel-Redirect
+    fastcgi_param X_ACCEL_REDIRECT_PATH /_protected/;
+    fastcgi_buffering off;
+    client_max_body_size 10G;
+    client_body_timeout 300s;
+    send_timeout 300s;
+    }
+
+    #Internal location: files served via X-Accel-Redirect
+    location /_protected/ {
+        internal;
+        alias /mnt/zpool0_nfs/cios_www;
+
+    }
+
+    #This section is managed by Certbot, this defines SSL settings
+    listen 443 ssl fastopen=3;
+    ssl_certificate /etc/letsencrypt/live/cios.dhitechnical.com/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/cios.dhitechnical.com/privkey.pem;
+    include /etc/letsencrypt/options-ssl-nginx.conf;
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+
+    }
+
+    #HTTP to HTTPS redirect
+    server {
+    if ($host = cios.dhitechnical.com) {
+        return 301 https://$host$request_uri;
+    }
+
+
+    listen 80;
+    server_name  cios.dhitechnical.com;
+
+    return 404;
+    return 301 https://$host$request_uri;
+
+    }