├── LICENSE ├── README.md ├── apache2 └── php-fpm │ ├── CodeRED_CMS.sh │ ├── CodeRED_CMS.stpl │ ├── CodeRED_CMS.tpl │ ├── Django_app.sh │ ├── Django_app.stpl │ └── Django_app.tpl └── nginx ├── CodeRED_CMS_proxy_pass.stpl ├── CodeRED_CMS_proxy_pass.tpl ├── Django_proxy_pass.stpl └── Django_proxy_pass.tpl /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2020 Jumy Elerossë 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # HestiaCP Python 3 templates 2 | 3 | ## Careful! This is still in development and will probably break your server. 4 | 5 | Python templates for [HestiaCP](https://www.hestiacp.com/). 6 | 7 | This project was originally based on the work done by [anton-bozhina](https://github.com/anton-bozhina) and [refsigregory](https://github.com/refsigregory/vestacp-python-template/commits?author=refsigregory). However, a new approach has been taken. 8 | 9 | ## Disclaimer 10 | 11 | 1. This code comes without warranty of any kind. Please refer to `README.md` for more details about this and the license to which this software is bounded. 12 | 2. All this is still in experimental stage. 13 | 3. These templates will install application **in debug mode and without database connection**. Is therefore your responsibility to complete the configuration process and make the app safe. 14 | 15 | ## Requirements 16 | 17 | - HestiaCP 18 | - Python 3.6.X (you can check your Python version using `python3 --version`) 19 | 20 | I presume it can be adapted to VestaCP after small modifications. 21 | 22 | ## Tested with 23 | 24 | - [X] HestiaCP 1.1.1 25 | - [X] Ubuntu 18.04 26 | - [X] Python 3.6.9 27 | 28 | 29 | If you have tested it with a different version or different distro, feel free to contact me to provide feedback. 30 | 31 | ## Instructions for Ubuntu: 32 | 33 | 1. __Make sure you have an updated backup of your system and that it can go into maintenance if necessary__. 34 | 2. Install `pip3`, `virtualenv`, and their dependencies: 35 | ```bash 36 | sudo apt update 37 | sudo apt install python3-pip virtualenv 38 | python3 -m pip install --upgrade pip 39 | 40 | ``` 41 | 42 | 3. Download the templates to the correct location: 43 | 44 | - Apache2 templates goes into `/usr/local/hestia/data/templates/web/apache2/php-fpm/` 45 | - Chage he permissions to `.sh` files using the command `chmod +x *.sh` in the `/usr/local/hestia/data/templates/web/apache2/php-fpm/` folder. 46 | - NGINX templates goes into `/usr/local/hestia/data/templates/web/nginx/` 47 | 48 | 4. Activate the template NGINX proxy template 49 | 50 | 5. Activate the desired Apache2 template. It is recommended to set the backend template to `no-php`. 51 | 52 | 6. Complete the setup process of the terminal. This includes setting up the database, adding the users, disabling the debug/setting environment to production, modifying the allowed hosts, and so on. 53 | -------------------------------------------------------------------------------- /apache2/php-fpm/CodeRED_CMS.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Adding php wrapper 3 | user="$1" 4 | domain="$2" 5 | ip="$3" 6 | #/home 7 | home_dir="$4" 8 | #Full route to /public_html 9 | docroot="$5" 10 | 11 | 12 | workingfolder="/home/$user/web/$domain" 13 | 14 | cd $workingfolder 15 | 16 | # Create the virtual environment with Python 3 17 | virtualenv -p python3 venv 18 | 19 | # Activate the virtual environment 20 | source venv/bin/activate 21 | 22 | # Install Django and Gunicorn 23 | pip install coderedcms gunicorn psycopg2-binary 24 | 25 | # Create the Django project 26 | coderedcms start cr_cms 27 | 28 | # Install requirements.txt in case one is available 29 | # the working folder 30 | if [ -f "$workingfolder/cr_cms/requirements.txt" ]; then 31 | 32 | pip install -r /home/$user/web/$domain/cr_cms/requirements.txt 33 | 34 | fi 35 | 36 | # Make Django migration and change ownership of the created SQLite database 37 | cd cr_cms 38 | python manage.py makemigrations && python manage.py migrate 39 | chown $user:$user db.sqlite3 40 | 41 | # Add static and media folder and run collectstatic 42 | mkdir static 43 | chmod 755 static 44 | chown $user:$user static 45 | mkdir static/CACHE 46 | chmod 755 static/CACHE 47 | chown $user:$user static/CACHE 48 | mkdir media 49 | chmod 755 media 50 | chown $user:$user media 51 | python manage.py collectstatic 52 | 53 | # At this stage you can test that it works executing: 54 | # gunicorn -b 0.0.0.0:8000 cr_cms.wsgi:application 55 | # *after* adding your domain to ALLOWED_HOSTS 56 | 57 | # This following part adds Gunicorn socket and service, 58 | # and needs to be improved, particularly to allow multiple 59 | # Django applications running in the same server. 60 | 61 | # This is intended for Ubuntu. It will require some testing to check how this works 62 | # in other distros. 63 | 64 | if [ ! -f "/etc/systemd/system/$domain-gunicorn.socket" ]; then 65 | 66 | echo "[Unit] 67 | Description=gunicorn socket 68 | 69 | [Socket] 70 | ListenStream=/run/$domain-gunicorn.sock 71 | 72 | [Install] 73 | WantedBy=sockets.target" > /etc/systemd/system/$domain-gunicorn.socket 74 | 75 | fi 76 | 77 | if [ ! -f "/etc/systemd/system/$domain-gunicorn.service" ]; then 78 | 79 | echo "[Unit] 80 | Description=Gunicorn daemon for $domain 81 | Requires=$domain-gunicorn.socket 82 | After=network.target 83 | 84 | [Service] 85 | User=$user 86 | Group=$user 87 | WorkingDirectory=$workingfolder/cr_cms 88 | 89 | ExecStart=$workingfolder/venv/bin/gunicorn --access-logfile - --workers 3 --bind unix:/run/$domain-gunicorn.sock -m 007 cr_cms.wsgi:application 90 | 91 | [Install] 92 | WantedBy=multi-user.target" > /etc/systemd/system/$domain-gunicorn.service 93 | 94 | fi 95 | 96 | 97 | systemctl enable $domain-gunicorn.socket 98 | 99 | systemctl start $domain-gunicorn.socket 100 | 101 | 102 | # Start the socket 103 | curl --unix-socket /run/$domain-gunicorn.sock localhost 104 | 105 | sudo systemctl daemon-reload 106 | 107 | sudo systemctl restart $domain-gunicorn 108 | 109 | exit 0 110 | -------------------------------------------------------------------------------- /apache2/php-fpm/CodeRED_CMS.stpl: -------------------------------------------------------------------------------- 1 | 2 | 3 | ServerName %domain_idn% 4 | %alias_string% 5 | ServerAdmin %email% 6 | DocumentRoot %sdocroot% 7 | ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ 8 | Alias /vstats/ %home%/%user%/web/%domain%/stats/ 9 | Alias /error/ %home%/%user%/web/%domain%/document_errors/ 10 | #SuexecUserGroup %user% %group% 11 | CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes 12 | CustomLog /var/log/%web_system%/domains/%domain%.log combined 13 | ErrorLog /var/log/%web_system%/domains/%domain%.error.log 14 | 15 | 16 | AllowOverride All 17 | 18 | 19 | 20 | AllowOverride All 21 | SSLRequireSSL 22 | Options +Includes -Indexes +ExecCGI 23 | 24 | 25 | SSLEngine on 26 | SSLVerifyClient none 27 | SSLCertificateFile %ssl_crt% 28 | SSLCertificateKeyFile %ssl_key% 29 | %ssl_ca_str%SSLCertificateChainFile %ssl_ca% 30 | 31 | SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 32 | 33 | ProxyPass / https://localhost:8000 34 | ProxyPassReverse / https://localhost:8000 35 | ProxyPass /admin http://localhost:8000/admin 36 | ProxyPassReverse /admin http://localhost:8000/admin 37 | ProxyPass /static http://localhost:8000/static 38 | 39 | IncludeOptional %home%/%user%/conf/web/%domain%/%web_system%.ssl.conf_* 40 | 41 | 42 | -------------------------------------------------------------------------------- /apache2/php-fpm/CodeRED_CMS.tpl: -------------------------------------------------------------------------------- 1 | 2 | 3 | ServerName %domain_idn% 4 | %alias_string% 5 | ServerAdmin %email% 6 | DocumentRoot %docroot% 7 | ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ 8 | Alias /vstats/ %home%/%user%/web/%domain%/stats/ 9 | Alias /error/ %home%/%user%/web/%domain%/document_errors/ 10 | #SuexecUserGroup %user% %group% 11 | CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes 12 | CustomLog /var/log/%web_system%/domains/%domain%.log combined 13 | ErrorLog /var/log/%web_system%/domains/%domain%.error.log 14 | 15 | IncludeOptional %home%/%user%/conf/web/%domain%/apache2.forcessl.conf* 16 | 17 | 18 | AllowOverride All 19 | 20 | 21 | 22 | AllowOverride All 23 | Options +Includes -Indexes +ExecCGI 24 | 25 | 26 | SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 27 | 28 | ProxyPass / https://localhost:8000 29 | ProxyPassReverse / https://localhost:8000 30 | ProxyPass /admin http://localhost:8000/admin 31 | ProxyPassReverse /admin http://localhost:8000/admin 32 | ProxyPass /static http://localhost:8000/static 33 | 34 | IncludeOptional %home%/%user%/conf/web/%domain%/%web_system%.conf_* 35 | 36 | 37 | -------------------------------------------------------------------------------- /apache2/php-fpm/Django_app.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Adding php wrapper 3 | user="$1" 4 | domain="$2" 5 | ip="$3" 6 | #/home 7 | home_dir="$4" 8 | #Full route to /public_html 9 | docroot="$5" 10 | 11 | 12 | workingfolder="/home/$user/web/$domain" 13 | 14 | cd $workingfolder 15 | 16 | # Create the virtual environment with Python 3 17 | virtualenv -p python3 venv 18 | 19 | # Activate the virtual environment 20 | source venv/bin/activate 21 | 22 | # Install Django and Gunicorn 23 | pip install django gunicorn psycopg2-binary 24 | 25 | # Create the Django project 26 | django-admin startproject djangoapp 27 | 28 | # Django does not have a requirements.txt file 29 | # Install requirements.txt in case one is given by the user in 30 | # the working folder 31 | if [ -f "$workingfolder/djangoapp/requirements.txt" ]; then 32 | 33 | pip install -r /home/$user/web/$domain/djangoapp/requirements.txt 34 | 35 | fi 36 | 37 | # Make Django migration and change ownership of the created SQLite database 38 | cd djangoapp 39 | ./manage.py makemigrations && ./manage.py migrate 40 | chown $user:$user db.sqlite3 41 | 42 | # Add static folder and run collectstatic 43 | echo " 44 | STATIC_ROOT = os.path.join(BASE_DIR, 'static/')" >> $workingfolder/djangoapp/djangoapp/settings.py 45 | 46 | ./manage.py collectstatic 47 | 48 | # At this stage you can test that it works executing: 49 | # gunicorn -b 0.0.0.0:8000 djangoapp.wsgi:application 50 | # *after* adding your domain to ALLOWED_HOSTS 51 | 52 | # This following part adds Gunicorn socket and service, 53 | # and needs to be improved, particularly to allow multiple 54 | # Django applications running in the same server. 55 | 56 | # This is intended for Ubuntu. It will require some testing to check how this works 57 | # in other distros. 58 | 59 | if [ ! -f "/etc/systemd/system/$domain-gunicorn.socket" ]; then 60 | 61 | echo "[Unit] 62 | Description=gunicorn socket 63 | 64 | [Socket] 65 | ListenStream=/run/$domain-gunicorn.sock 66 | 67 | [Install] 68 | WantedBy=sockets.target" > /etc/systemd/system/$domain-gunicorn.socket 69 | 70 | fi 71 | 72 | if [ ! -f "/etc/systemd/system/$domain-gunicorn.service" ]; then 73 | 74 | echo "[Unit] 75 | Description=Gunicorn daemon for $domain 76 | Requires=$domain-gunicorn.socket 77 | After=network.target 78 | 79 | [Service] 80 | User=$user 81 | Group=$user 82 | WorkingDirectory=$workingfolder/djangoapp 83 | 84 | ExecStart=$workingfolder/venv/bin/gunicorn --access-logfile - --workers 3 --bind unix:/run/$domain-gunicorn.sock -m 007 djangoapp.wsgi:application 85 | 86 | [Install] 87 | WantedBy=multi-user.target" > /etc/systemd/system/$domain-gunicorn.service 88 | 89 | fi 90 | 91 | systemctl restart $domain-gunicorn.socket 92 | 93 | systemctl start $domain-gunicorn.socket 94 | 95 | systemctl enable $domain-gunicorn.socket 96 | 97 | # Start the socket 98 | curl --unix-socket /run/$domain-gunicorn.sock localhost 99 | 100 | sudo systemctl daemon-reload 101 | 102 | sudo systemctl restart gunicorn 103 | 104 | exit 0 105 | -------------------------------------------------------------------------------- /apache2/php-fpm/Django_app.stpl: -------------------------------------------------------------------------------- 1 | 2 | 3 | ServerName %domain_idn% 4 | %alias_string% 5 | ServerAdmin %email% 6 | DocumentRoot %sdocroot% 7 | ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ 8 | Alias /vstats/ %home%/%user%/web/%domain%/stats/ 9 | Alias /error/ %home%/%user%/web/%domain%/document_errors/ 10 | #SuexecUserGroup %user% %group% 11 | CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes 12 | CustomLog /var/log/%web_system%/domains/%domain%.log combined 13 | ErrorLog /var/log/%web_system%/domains/%domain%.error.log 14 | 15 | 16 | AllowOverride All 17 | 18 | 19 | 20 | AllowOverride All 21 | SSLRequireSSL 22 | Options +Includes -Indexes +ExecCGI 23 | 24 | 25 | SSLEngine on 26 | SSLVerifyClient none 27 | SSLCertificateFile %ssl_crt% 28 | SSLCertificateKeyFile %ssl_key% 29 | %ssl_ca_str%SSLCertificateChainFile %ssl_ca% 30 | 31 | SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 32 | 33 | ProxyPass / https://localhost:8000 34 | ProxyPassReverse / https://localhost:8000 35 | ProxyPass /admin http://localhost:8000/admin 36 | ProxyPassReverse /admin http://localhost:8000/admin 37 | ProxyPass /static http://localhost:8000/static 38 | 39 | IncludeOptional %home%/%user%/conf/web/%domain%/%web_system%.ssl.conf_* 40 | 41 | 42 | -------------------------------------------------------------------------------- /apache2/php-fpm/Django_app.tpl: -------------------------------------------------------------------------------- 1 | 2 | 3 | ServerName %domain_idn% 4 | %alias_string% 5 | ServerAdmin %email% 6 | DocumentRoot %docroot% 7 | ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ 8 | Alias /vstats/ %home%/%user%/web/%domain%/stats/ 9 | Alias /error/ %home%/%user%/web/%domain%/document_errors/ 10 | #SuexecUserGroup %user% %group% 11 | CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes 12 | CustomLog /var/log/%web_system%/domains/%domain%.log combined 13 | ErrorLog /var/log/%web_system%/domains/%domain%.error.log 14 | 15 | IncludeOptional %home%/%user%/conf/web/%domain%/apache2.forcessl.conf* 16 | 17 | 18 | AllowOverride All 19 | 20 | 21 | 22 | AllowOverride All 23 | Options +Includes -Indexes +ExecCGI 24 | 25 | 26 | SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 27 | 28 | ProxyPass / https://localhost:8000 29 | ProxyPassReverse / https://localhost:8000 30 | ProxyPass /admin http://localhost:8000/admin 31 | ProxyPassReverse /admin http://localhost:8000/admin 32 | ProxyPass /static http://localhost:8000/static 33 | 34 | IncludeOptional %home%/%user%/conf/web/%domain%/%web_system%.conf_* 35 | 36 | 37 | -------------------------------------------------------------------------------- /nginx/CodeRED_CMS_proxy_pass.stpl: -------------------------------------------------------------------------------- 1 | server { 2 | listen %ip%:%proxy_ssl_port% ssl http2; 3 | server_name %domain_idn% %alias_idn%; 4 | ssl_certificate %ssl_pem%; 5 | ssl_certificate_key %ssl_key%; 6 | ssl_stapling on; 7 | ssl_stapling_verify on; 8 | error_log /var/log/%web_system%/domains/%domain%.error.log error; 9 | 10 | include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*; 11 | 12 | # Maximum file upload size. 13 | client_max_body_size 64M; 14 | 15 | # Enable content compression for text types. 16 | gzip on; 17 | gzip_types text/plain text/css application/x-javascript image/svg+xml; 18 | gzip_comp_level 1; 19 | gzip_disable msie6; 20 | gzip_http_version 1.0; 21 | gzip_proxied any; 22 | gzip_vary on; 23 | 24 | location = /favicon.ico { access_log off; log_not_found off; } 25 | 26 | location /static/ { 27 | root %home%/%user%/web/%domain%/cr_cms; 28 | } 29 | 30 | # Set a longer expiry for CACHE/, because the filenames are unique. 31 | location /static/CACHE/ { 32 | access_log off; 33 | expires 864000; 34 | alias %home%/%user%/web/%domain%/cr_cms/static/CACHE/; 35 | } 36 | 37 | # Only serve /media/images/ by default, not e.g. original_images/. 38 | location /media/images/ { 39 | expires 864000; 40 | alias %home%/%user%/web/%domain%/cr_cms/media/images/; 41 | } 42 | 43 | location / { 44 | proxy_set_header Host $http_host; 45 | proxy_set_header X-Real-IP $remote_addr; 46 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 47 | proxy_set_header X-Forwarded-Proto $scheme; 48 | proxy_pass http://unix:/run/%domain%-gunicorn.sock; 49 | location ~* ^.+\.(%proxy_extentions%)$ { 50 | root %home%/%user%/web/%domain%/cr_cms/; 51 | access_log /var/log/%web_system%/domains/%domain%.log combined; 52 | access_log /var/log/%web_system%/domains/%domain%.bytes bytes; 53 | expires max; 54 | try_files $uri @fallback; 55 | } 56 | } 57 | 58 | location /error/ { 59 | alias %home%/%user%/web/%domain%/document_errors/; 60 | } 61 | 62 | location @fallback { 63 | proxy_pass https://%ip%:%web_ssl_port%; 64 | } 65 | 66 | location ~ /\.ht {return 404;} 67 | location ~ /\.svn/ {return 404;} 68 | location ~ /\.git/ {return 404;} 69 | location ~ /\.hg/ {return 404;} 70 | location ~ /\.bzr/ {return 404;} 71 | 72 | include %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*; 73 | 74 | } 75 | -------------------------------------------------------------------------------- /nginx/CodeRED_CMS_proxy_pass.tpl: -------------------------------------------------------------------------------- 1 | server { 2 | listen %ip%:%proxy_port%; 3 | server_name %domain_idn% %alias_idn%; 4 | 5 | include %home%/%user%/conf/web/%domain%/nginx.forcessl.conf*; 6 | 7 | location = /favicon.ico { access_log off; log_not_found off; } 8 | 9 | # Maximum file upload size. 10 | client_max_body_size 64M; 11 | 12 | # Enable content compression for text types. 13 | gzip on; 14 | gzip_types text/plain text/css application/x-javascript image/svg+xml; 15 | gzip_comp_level 1; 16 | gzip_disable msie6; 17 | gzip_http_version 1.0; 18 | gzip_proxied any; 19 | gzip_vary on; 20 | 21 | location /static/ { 22 | root %home%/%user%/web/%domain%/cr_cms/; 23 | } 24 | 25 | # Set a longer expiry for CACHE/, because the filenames are unique. 26 | location /static/CACHE/ { 27 | access_log off; 28 | expires 864000; 29 | alias %home%/%user%/web/%domain%/cr_cms/static/CACHE; 30 | } 31 | 32 | # Only serve /media/images/ by default, not e.g. original_images/. 33 | location /media/images/ { 34 | expires 864000; 35 | alias %home%/%user%/web/%domain%/cr_cms/media/images/; 36 | } 37 | 38 | location / { 39 | proxy_set_header Host $http_host; 40 | proxy_set_header X-Real-IP $remote_addr; 41 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 42 | proxy_set_header X-Forwarded-Proto $scheme; 43 | proxy_pass http://unix:/run/%domain%-gunicorn.sock; 44 | location ~* ^.+\.(%proxy_extentions%)$ { 45 | root %home%/%user%/web/%domain%/cr_cms/; 46 | access_log /var/log/%web_system%/domains/%domain%.log combined; 47 | access_log /var/log/%web_system%/domains/%domain%.bytes bytes; 48 | expires max; 49 | try_files $uri @fallback; 50 | } 51 | } 52 | 53 | location /error/ { 54 | alias %home%/%user%/web/%domain%/document_errors/; 55 | } 56 | 57 | location @fallback { 58 | proxy_pass http://%ip%:%web_port%; 59 | } 60 | 61 | location ~ /\.ht {return 404;} 62 | location ~ /\.svn/ {return 404;} 63 | location ~ /\.git/ {return 404;} 64 | location ~ /\.hg/ {return 404;} 65 | location ~ /\.bzr/ {return 404;} 66 | 67 | include %home%/%user%/conf/web/%domain%/nginx.conf_*; 68 | } 69 | -------------------------------------------------------------------------------- /nginx/Django_proxy_pass.stpl: -------------------------------------------------------------------------------- 1 | server { 2 | listen %ip%:%proxy_ssl_port% ssl http2; 3 | server_name %domain_idn% %alias_idn%; 4 | ssl_certificate %ssl_pem%; 5 | ssl_certificate_key %ssl_key%; 6 | ssl_stapling on; 7 | ssl_stapling_verify on; 8 | error_log /var/log/%web_system%/domains/%domain%.error.log error; 9 | 10 | include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*; 11 | 12 | location = /favicon.ico { access_log off; log_not_found off; } 13 | 14 | location /static/ { 15 | root %home%/%user%/web/%domain%/djangoapp; 16 | } 17 | 18 | location / { 19 | proxy_set_header Host $http_host; 20 | proxy_set_header X-Real-IP $remote_addr; 21 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 22 | proxy_set_header X-Forwarded-Proto $scheme; 23 | proxy_pass http://unix:/run/%domain%-gunicorn.sock; 24 | location ~* ^.+\.(%proxy_extentions%)$ { 25 | root %home%/%user%/web/%domain%/djangoapp/; 26 | access_log /var/log/%web_system%/domains/%domain%.log combined; 27 | access_log /var/log/%web_system%/domains/%domain%.bytes bytes; 28 | expires max; 29 | try_files $uri @fallback; 30 | } 31 | } 32 | 33 | location /error/ { 34 | alias %home%/%user%/web/%domain%/document_errors/; 35 | } 36 | 37 | location @fallback { 38 | proxy_pass https://%ip%:%web_ssl_port%; 39 | } 40 | 41 | location ~ /\.ht {return 404;} 42 | location ~ /\.svn/ {return 404;} 43 | location ~ /\.git/ {return 404;} 44 | location ~ /\.hg/ {return 404;} 45 | location ~ /\.bzr/ {return 404;} 46 | 47 | include %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*; 48 | 49 | } 50 | -------------------------------------------------------------------------------- /nginx/Django_proxy_pass.tpl: -------------------------------------------------------------------------------- 1 | server { 2 | listen %ip%:%proxy_port%; 3 | server_name %domain_idn% %alias_idn%; 4 | 5 | include %home%/%user%/conf/web/%domain%/nginx.forcessl.conf*; 6 | 7 | location = /favicon.ico { access_log off; log_not_found off; } 8 | 9 | location /static/ { 10 | root %home%/%user%/web/%domain%/djangoapp; 11 | } 12 | 13 | location / { 14 | proxy_set_header Host $http_host; 15 | proxy_set_header X-Real-IP $remote_addr; 16 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 17 | proxy_set_header X-Forwarded-Proto $scheme; 18 | proxy_pass http://unix:/run/%domain%-gunicorn.sock; 19 | location ~* ^.+\.(%proxy_extentions%)$ { 20 | root %home%/%user%/web/%domain%/djangoapp/; 21 | access_log /var/log/%web_system%/domains/%domain%.log combined; 22 | access_log /var/log/%web_system%/domains/%domain%.bytes bytes; 23 | expires max; 24 | try_files $uri @fallback; 25 | } 26 | } 27 | 28 | location /error/ { 29 | alias %home%/%user%/web/%domain%/document_errors/; 30 | } 31 | 32 | location @fallback { 33 | proxy_pass http://%ip%:%web_port%; 34 | } 35 | 36 | location ~ /\.ht {return 404;} 37 | location ~ /\.svn/ {return 404;} 38 | location ~ /\.git/ {return 404;} 39 | location ~ /\.hg/ {return 404;} 40 | location ~ /\.bzr/ {return 404;} 41 | 42 | include %home%/%user%/conf/web/%domain%/nginx.conf_*; 43 | } --------------------------------------------------------------------------------