├── LICENSE
├── README.md
├── apache2
└── php-fpm
│ ├── CodeRED_CMS.sh
│ ├── CodeRED_CMS.stpl
│ ├── CodeRED_CMS.tpl
│ ├── Django_app.sh
│ ├── Django_app.stpl
│ └── Django_app.tpl
└── nginx
├── CodeRED_CMS_proxy_pass.stpl
├── CodeRED_CMS_proxy_pass.tpl
├── Django_proxy_pass.stpl
└── Django_proxy_pass.tpl
/LICENSE:
--------------------------------------------------------------------------------
1 | MIT License
2 |
3 | Copyright (c) 2020 Jumy Elerossë
4 |
5 | Permission is hereby granted, free of charge, to any person obtaining a copy
6 | of this software and associated documentation files (the "Software"), to deal
7 | in the Software without restriction, including without limitation the rights
8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 |
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 |
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # HestiaCP Python 3 templates
2 |
3 | ## Careful! This is still in development and will probably break your server.
4 |
5 | Python templates for [HestiaCP](https://www.hestiacp.com/).
6 |
7 | This project was originally based on the work done by [anton-bozhina](https://github.com/anton-bozhina) and [refsigregory](https://github.com/refsigregory/vestacp-python-template/commits?author=refsigregory). However, a new approach has been taken.
8 |
9 | ## Disclaimer
10 |
11 | 1. This code comes without warranty of any kind. Please refer to `README.md` for more details about this and the license to which this software is bounded.
12 | 2. All this is still in experimental stage.
13 | 3. These templates will install application **in debug mode and without database connection**. Is therefore your responsibility to complete the configuration process and make the app safe.
14 |
15 | ## Requirements
16 |
17 | - HestiaCP
18 | - Python 3.6.X (you can check your Python version using `python3 --version`)
19 |
20 | I presume it can be adapted to VestaCP after small modifications.
21 |
22 | ## Tested with
23 |
24 | - [X] HestiaCP 1.1.1
25 | - [X] Ubuntu 18.04
26 | - [X] Python 3.6.9
27 |
28 |
29 | If you have tested it with a different version or different distro, feel free to contact me to provide feedback.
30 |
31 | ## Instructions for Ubuntu:
32 |
33 | 1. __Make sure you have an updated backup of your system and that it can go into maintenance if necessary__.
34 | 2. Install `pip3`, `virtualenv`, and their dependencies:
35 | ```bash
36 | sudo apt update
37 | sudo apt install python3-pip virtualenv
38 | python3 -m pip install --upgrade pip
39 |
40 | ```
41 |
42 | 3. Download the templates to the correct location:
43 |
44 | - Apache2 templates goes into `/usr/local/hestia/data/templates/web/apache2/php-fpm/`
45 | - Chage he permissions to `.sh` files using the command `chmod +x *.sh` in the `/usr/local/hestia/data/templates/web/apache2/php-fpm/` folder.
46 | - NGINX templates goes into `/usr/local/hestia/data/templates/web/nginx/`
47 |
48 | 4. Activate the template NGINX proxy template
49 |
50 | 5. Activate the desired Apache2 template. It is recommended to set the backend template to `no-php`.
51 |
52 | 6. Complete the setup process of the terminal. This includes setting up the database, adding the users, disabling the debug/setting environment to production, modifying the allowed hosts, and so on.
53 |
--------------------------------------------------------------------------------
/apache2/php-fpm/CodeRED_CMS.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | # Adding php wrapper
3 | user="$1"
4 | domain="$2"
5 | ip="$3"
6 | #/home
7 | home_dir="$4"
8 | #Full route to /public_html
9 | docroot="$5"
10 |
11 |
12 | workingfolder="/home/$user/web/$domain"
13 |
14 | cd $workingfolder
15 |
16 | # Create the virtual environment with Python 3
17 | virtualenv -p python3 venv
18 |
19 | # Activate the virtual environment
20 | source venv/bin/activate
21 |
22 | # Install Django and Gunicorn
23 | pip install coderedcms gunicorn psycopg2-binary
24 |
25 | # Create the Django project
26 | coderedcms start cr_cms
27 |
28 | # Install requirements.txt in case one is available
29 | # the working folder
30 | if [ -f "$workingfolder/cr_cms/requirements.txt" ]; then
31 |
32 | pip install -r /home/$user/web/$domain/cr_cms/requirements.txt
33 |
34 | fi
35 |
36 | # Make Django migration and change ownership of the created SQLite database
37 | cd cr_cms
38 | python manage.py makemigrations && python manage.py migrate
39 | chown $user:$user db.sqlite3
40 |
41 | # Add static and media folder and run collectstatic
42 | mkdir static
43 | chmod 755 static
44 | chown $user:$user static
45 | mkdir static/CACHE
46 | chmod 755 static/CACHE
47 | chown $user:$user static/CACHE
48 | mkdir media
49 | chmod 755 media
50 | chown $user:$user media
51 | python manage.py collectstatic
52 |
53 | # At this stage you can test that it works executing:
54 | # gunicorn -b 0.0.0.0:8000 cr_cms.wsgi:application
55 | # *after* adding your domain to ALLOWED_HOSTS
56 |
57 | # This following part adds Gunicorn socket and service,
58 | # and needs to be improved, particularly to allow multiple
59 | # Django applications running in the same server.
60 |
61 | # This is intended for Ubuntu. It will require some testing to check how this works
62 | # in other distros.
63 |
64 | if [ ! -f "/etc/systemd/system/$domain-gunicorn.socket" ]; then
65 |
66 | echo "[Unit]
67 | Description=gunicorn socket
68 |
69 | [Socket]
70 | ListenStream=/run/$domain-gunicorn.sock
71 |
72 | [Install]
73 | WantedBy=sockets.target" > /etc/systemd/system/$domain-gunicorn.socket
74 |
75 | fi
76 |
77 | if [ ! -f "/etc/systemd/system/$domain-gunicorn.service" ]; then
78 |
79 | echo "[Unit]
80 | Description=Gunicorn daemon for $domain
81 | Requires=$domain-gunicorn.socket
82 | After=network.target
83 |
84 | [Service]
85 | User=$user
86 | Group=$user
87 | WorkingDirectory=$workingfolder/cr_cms
88 |
89 | ExecStart=$workingfolder/venv/bin/gunicorn --access-logfile - --workers 3 --bind unix:/run/$domain-gunicorn.sock -m 007 cr_cms.wsgi:application
90 |
91 | [Install]
92 | WantedBy=multi-user.target" > /etc/systemd/system/$domain-gunicorn.service
93 |
94 | fi
95 |
96 |
97 | systemctl enable $domain-gunicorn.socket
98 |
99 | systemctl start $domain-gunicorn.socket
100 |
101 |
102 | # Start the socket
103 | curl --unix-socket /run/$domain-gunicorn.sock localhost
104 |
105 | sudo systemctl daemon-reload
106 |
107 | sudo systemctl restart $domain-gunicorn
108 |
109 | exit 0
110 |
--------------------------------------------------------------------------------
/apache2/php-fpm/CodeRED_CMS.stpl:
--------------------------------------------------------------------------------
1 |
2 |
3 | ServerName %domain_idn%
4 | %alias_string%
5 | ServerAdmin %email%
6 | DocumentRoot %sdocroot%
7 | ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/
8 | Alias /vstats/ %home%/%user%/web/%domain%/stats/
9 | Alias /error/ %home%/%user%/web/%domain%/document_errors/
10 | #SuexecUserGroup %user% %group%
11 | CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes
12 | CustomLog /var/log/%web_system%/domains/%domain%.log combined
13 | ErrorLog /var/log/%web_system%/domains/%domain%.error.log
14 |
15 |
16 | AllowOverride All
17 |
18 |
19 |
20 | AllowOverride All
21 | SSLRequireSSL
22 | Options +Includes -Indexes +ExecCGI
23 |
24 |
25 | SSLEngine on
26 | SSLVerifyClient none
27 | SSLCertificateFile %ssl_crt%
28 | SSLCertificateKeyFile %ssl_key%
29 | %ssl_ca_str%SSLCertificateChainFile %ssl_ca%
30 |
31 | SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0
32 |
33 | ProxyPass / https://localhost:8000
34 | ProxyPassReverse / https://localhost:8000
35 | ProxyPass /admin http://localhost:8000/admin
36 | ProxyPassReverse /admin http://localhost:8000/admin
37 | ProxyPass /static http://localhost:8000/static
38 |
39 | IncludeOptional %home%/%user%/conf/web/%domain%/%web_system%.ssl.conf_*
40 |
41 |
42 |
--------------------------------------------------------------------------------
/apache2/php-fpm/CodeRED_CMS.tpl:
--------------------------------------------------------------------------------
1 |
2 |
3 | ServerName %domain_idn%
4 | %alias_string%
5 | ServerAdmin %email%
6 | DocumentRoot %docroot%
7 | ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/
8 | Alias /vstats/ %home%/%user%/web/%domain%/stats/
9 | Alias /error/ %home%/%user%/web/%domain%/document_errors/
10 | #SuexecUserGroup %user% %group%
11 | CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes
12 | CustomLog /var/log/%web_system%/domains/%domain%.log combined
13 | ErrorLog /var/log/%web_system%/domains/%domain%.error.log
14 |
15 | IncludeOptional %home%/%user%/conf/web/%domain%/apache2.forcessl.conf*
16 |
17 |
18 | AllowOverride All
19 |
20 |
21 |
22 | AllowOverride All
23 | Options +Includes -Indexes +ExecCGI
24 |
25 |
26 | SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0
27 |
28 | ProxyPass / https://localhost:8000
29 | ProxyPassReverse / https://localhost:8000
30 | ProxyPass /admin http://localhost:8000/admin
31 | ProxyPassReverse /admin http://localhost:8000/admin
32 | ProxyPass /static http://localhost:8000/static
33 |
34 | IncludeOptional %home%/%user%/conf/web/%domain%/%web_system%.conf_*
35 |
36 |
37 |
--------------------------------------------------------------------------------
/apache2/php-fpm/Django_app.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | # Adding php wrapper
3 | user="$1"
4 | domain="$2"
5 | ip="$3"
6 | #/home
7 | home_dir="$4"
8 | #Full route to /public_html
9 | docroot="$5"
10 |
11 |
12 | workingfolder="/home/$user/web/$domain"
13 |
14 | cd $workingfolder
15 |
16 | # Create the virtual environment with Python 3
17 | virtualenv -p python3 venv
18 |
19 | # Activate the virtual environment
20 | source venv/bin/activate
21 |
22 | # Install Django and Gunicorn
23 | pip install django gunicorn psycopg2-binary
24 |
25 | # Create the Django project
26 | django-admin startproject djangoapp
27 |
28 | # Django does not have a requirements.txt file
29 | # Install requirements.txt in case one is given by the user in
30 | # the working folder
31 | if [ -f "$workingfolder/djangoapp/requirements.txt" ]; then
32 |
33 | pip install -r /home/$user/web/$domain/djangoapp/requirements.txt
34 |
35 | fi
36 |
37 | # Make Django migration and change ownership of the created SQLite database
38 | cd djangoapp
39 | ./manage.py makemigrations && ./manage.py migrate
40 | chown $user:$user db.sqlite3
41 |
42 | # Add static folder and run collectstatic
43 | echo "
44 | STATIC_ROOT = os.path.join(BASE_DIR, 'static/')" >> $workingfolder/djangoapp/djangoapp/settings.py
45 |
46 | ./manage.py collectstatic
47 |
48 | # At this stage you can test that it works executing:
49 | # gunicorn -b 0.0.0.0:8000 djangoapp.wsgi:application
50 | # *after* adding your domain to ALLOWED_HOSTS
51 |
52 | # This following part adds Gunicorn socket and service,
53 | # and needs to be improved, particularly to allow multiple
54 | # Django applications running in the same server.
55 |
56 | # This is intended for Ubuntu. It will require some testing to check how this works
57 | # in other distros.
58 |
59 | if [ ! -f "/etc/systemd/system/$domain-gunicorn.socket" ]; then
60 |
61 | echo "[Unit]
62 | Description=gunicorn socket
63 |
64 | [Socket]
65 | ListenStream=/run/$domain-gunicorn.sock
66 |
67 | [Install]
68 | WantedBy=sockets.target" > /etc/systemd/system/$domain-gunicorn.socket
69 |
70 | fi
71 |
72 | if [ ! -f "/etc/systemd/system/$domain-gunicorn.service" ]; then
73 |
74 | echo "[Unit]
75 | Description=Gunicorn daemon for $domain
76 | Requires=$domain-gunicorn.socket
77 | After=network.target
78 |
79 | [Service]
80 | User=$user
81 | Group=$user
82 | WorkingDirectory=$workingfolder/djangoapp
83 |
84 | ExecStart=$workingfolder/venv/bin/gunicorn --access-logfile - --workers 3 --bind unix:/run/$domain-gunicorn.sock -m 007 djangoapp.wsgi:application
85 |
86 | [Install]
87 | WantedBy=multi-user.target" > /etc/systemd/system/$domain-gunicorn.service
88 |
89 | fi
90 |
91 | systemctl restart $domain-gunicorn.socket
92 |
93 | systemctl start $domain-gunicorn.socket
94 |
95 | systemctl enable $domain-gunicorn.socket
96 |
97 | # Start the socket
98 | curl --unix-socket /run/$domain-gunicorn.sock localhost
99 |
100 | sudo systemctl daemon-reload
101 |
102 | sudo systemctl restart gunicorn
103 |
104 | exit 0
105 |
--------------------------------------------------------------------------------
/apache2/php-fpm/Django_app.stpl:
--------------------------------------------------------------------------------
1 |
2 |
3 | ServerName %domain_idn%
4 | %alias_string%
5 | ServerAdmin %email%
6 | DocumentRoot %sdocroot%
7 | ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/
8 | Alias /vstats/ %home%/%user%/web/%domain%/stats/
9 | Alias /error/ %home%/%user%/web/%domain%/document_errors/
10 | #SuexecUserGroup %user% %group%
11 | CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes
12 | CustomLog /var/log/%web_system%/domains/%domain%.log combined
13 | ErrorLog /var/log/%web_system%/domains/%domain%.error.log
14 |
15 |
16 | AllowOverride All
17 |
18 |
19 |
20 | AllowOverride All
21 | SSLRequireSSL
22 | Options +Includes -Indexes +ExecCGI
23 |
24 |
25 | SSLEngine on
26 | SSLVerifyClient none
27 | SSLCertificateFile %ssl_crt%
28 | SSLCertificateKeyFile %ssl_key%
29 | %ssl_ca_str%SSLCertificateChainFile %ssl_ca%
30 |
31 | SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0
32 |
33 | ProxyPass / https://localhost:8000
34 | ProxyPassReverse / https://localhost:8000
35 | ProxyPass /admin http://localhost:8000/admin
36 | ProxyPassReverse /admin http://localhost:8000/admin
37 | ProxyPass /static http://localhost:8000/static
38 |
39 | IncludeOptional %home%/%user%/conf/web/%domain%/%web_system%.ssl.conf_*
40 |
41 |
42 |
--------------------------------------------------------------------------------
/apache2/php-fpm/Django_app.tpl:
--------------------------------------------------------------------------------
1 |
2 |
3 | ServerName %domain_idn%
4 | %alias_string%
5 | ServerAdmin %email%
6 | DocumentRoot %docroot%
7 | ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/
8 | Alias /vstats/ %home%/%user%/web/%domain%/stats/
9 | Alias /error/ %home%/%user%/web/%domain%/document_errors/
10 | #SuexecUserGroup %user% %group%
11 | CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes
12 | CustomLog /var/log/%web_system%/domains/%domain%.log combined
13 | ErrorLog /var/log/%web_system%/domains/%domain%.error.log
14 |
15 | IncludeOptional %home%/%user%/conf/web/%domain%/apache2.forcessl.conf*
16 |
17 |
18 | AllowOverride All
19 |
20 |
21 |
22 | AllowOverride All
23 | Options +Includes -Indexes +ExecCGI
24 |
25 |
26 | SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0
27 |
28 | ProxyPass / https://localhost:8000
29 | ProxyPassReverse / https://localhost:8000
30 | ProxyPass /admin http://localhost:8000/admin
31 | ProxyPassReverse /admin http://localhost:8000/admin
32 | ProxyPass /static http://localhost:8000/static
33 |
34 | IncludeOptional %home%/%user%/conf/web/%domain%/%web_system%.conf_*
35 |
36 |
37 |
--------------------------------------------------------------------------------
/nginx/CodeRED_CMS_proxy_pass.stpl:
--------------------------------------------------------------------------------
1 | server {
2 | listen %ip%:%proxy_ssl_port% ssl http2;
3 | server_name %domain_idn% %alias_idn%;
4 | ssl_certificate %ssl_pem%;
5 | ssl_certificate_key %ssl_key%;
6 | ssl_stapling on;
7 | ssl_stapling_verify on;
8 | error_log /var/log/%web_system%/domains/%domain%.error.log error;
9 |
10 | include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*;
11 |
12 | # Maximum file upload size.
13 | client_max_body_size 64M;
14 |
15 | # Enable content compression for text types.
16 | gzip on;
17 | gzip_types text/plain text/css application/x-javascript image/svg+xml;
18 | gzip_comp_level 1;
19 | gzip_disable msie6;
20 | gzip_http_version 1.0;
21 | gzip_proxied any;
22 | gzip_vary on;
23 |
24 | location = /favicon.ico { access_log off; log_not_found off; }
25 |
26 | location /static/ {
27 | root %home%/%user%/web/%domain%/cr_cms;
28 | }
29 |
30 | # Set a longer expiry for CACHE/, because the filenames are unique.
31 | location /static/CACHE/ {
32 | access_log off;
33 | expires 864000;
34 | alias %home%/%user%/web/%domain%/cr_cms/static/CACHE/;
35 | }
36 |
37 | # Only serve /media/images/ by default, not e.g. original_images/.
38 | location /media/images/ {
39 | expires 864000;
40 | alias %home%/%user%/web/%domain%/cr_cms/media/images/;
41 | }
42 |
43 | location / {
44 | proxy_set_header Host $http_host;
45 | proxy_set_header X-Real-IP $remote_addr;
46 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
47 | proxy_set_header X-Forwarded-Proto $scheme;
48 | proxy_pass http://unix:/run/%domain%-gunicorn.sock;
49 | location ~* ^.+\.(%proxy_extentions%)$ {
50 | root %home%/%user%/web/%domain%/cr_cms/;
51 | access_log /var/log/%web_system%/domains/%domain%.log combined;
52 | access_log /var/log/%web_system%/domains/%domain%.bytes bytes;
53 | expires max;
54 | try_files $uri @fallback;
55 | }
56 | }
57 |
58 | location /error/ {
59 | alias %home%/%user%/web/%domain%/document_errors/;
60 | }
61 |
62 | location @fallback {
63 | proxy_pass https://%ip%:%web_ssl_port%;
64 | }
65 |
66 | location ~ /\.ht {return 404;}
67 | location ~ /\.svn/ {return 404;}
68 | location ~ /\.git/ {return 404;}
69 | location ~ /\.hg/ {return 404;}
70 | location ~ /\.bzr/ {return 404;}
71 |
72 | include %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*;
73 |
74 | }
75 |
--------------------------------------------------------------------------------
/nginx/CodeRED_CMS_proxy_pass.tpl:
--------------------------------------------------------------------------------
1 | server {
2 | listen %ip%:%proxy_port%;
3 | server_name %domain_idn% %alias_idn%;
4 |
5 | include %home%/%user%/conf/web/%domain%/nginx.forcessl.conf*;
6 |
7 | location = /favicon.ico { access_log off; log_not_found off; }
8 |
9 | # Maximum file upload size.
10 | client_max_body_size 64M;
11 |
12 | # Enable content compression for text types.
13 | gzip on;
14 | gzip_types text/plain text/css application/x-javascript image/svg+xml;
15 | gzip_comp_level 1;
16 | gzip_disable msie6;
17 | gzip_http_version 1.0;
18 | gzip_proxied any;
19 | gzip_vary on;
20 |
21 | location /static/ {
22 | root %home%/%user%/web/%domain%/cr_cms/;
23 | }
24 |
25 | # Set a longer expiry for CACHE/, because the filenames are unique.
26 | location /static/CACHE/ {
27 | access_log off;
28 | expires 864000;
29 | alias %home%/%user%/web/%domain%/cr_cms/static/CACHE;
30 | }
31 |
32 | # Only serve /media/images/ by default, not e.g. original_images/.
33 | location /media/images/ {
34 | expires 864000;
35 | alias %home%/%user%/web/%domain%/cr_cms/media/images/;
36 | }
37 |
38 | location / {
39 | proxy_set_header Host $http_host;
40 | proxy_set_header X-Real-IP $remote_addr;
41 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
42 | proxy_set_header X-Forwarded-Proto $scheme;
43 | proxy_pass http://unix:/run/%domain%-gunicorn.sock;
44 | location ~* ^.+\.(%proxy_extentions%)$ {
45 | root %home%/%user%/web/%domain%/cr_cms/;
46 | access_log /var/log/%web_system%/domains/%domain%.log combined;
47 | access_log /var/log/%web_system%/domains/%domain%.bytes bytes;
48 | expires max;
49 | try_files $uri @fallback;
50 | }
51 | }
52 |
53 | location /error/ {
54 | alias %home%/%user%/web/%domain%/document_errors/;
55 | }
56 |
57 | location @fallback {
58 | proxy_pass http://%ip%:%web_port%;
59 | }
60 |
61 | location ~ /\.ht {return 404;}
62 | location ~ /\.svn/ {return 404;}
63 | location ~ /\.git/ {return 404;}
64 | location ~ /\.hg/ {return 404;}
65 | location ~ /\.bzr/ {return 404;}
66 |
67 | include %home%/%user%/conf/web/%domain%/nginx.conf_*;
68 | }
69 |
--------------------------------------------------------------------------------
/nginx/Django_proxy_pass.stpl:
--------------------------------------------------------------------------------
1 | server {
2 | listen %ip%:%proxy_ssl_port% ssl http2;
3 | server_name %domain_idn% %alias_idn%;
4 | ssl_certificate %ssl_pem%;
5 | ssl_certificate_key %ssl_key%;
6 | ssl_stapling on;
7 | ssl_stapling_verify on;
8 | error_log /var/log/%web_system%/domains/%domain%.error.log error;
9 |
10 | include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*;
11 |
12 | location = /favicon.ico { access_log off; log_not_found off; }
13 |
14 | location /static/ {
15 | root %home%/%user%/web/%domain%/djangoapp;
16 | }
17 |
18 | location / {
19 | proxy_set_header Host $http_host;
20 | proxy_set_header X-Real-IP $remote_addr;
21 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
22 | proxy_set_header X-Forwarded-Proto $scheme;
23 | proxy_pass http://unix:/run/%domain%-gunicorn.sock;
24 | location ~* ^.+\.(%proxy_extentions%)$ {
25 | root %home%/%user%/web/%domain%/djangoapp/;
26 | access_log /var/log/%web_system%/domains/%domain%.log combined;
27 | access_log /var/log/%web_system%/domains/%domain%.bytes bytes;
28 | expires max;
29 | try_files $uri @fallback;
30 | }
31 | }
32 |
33 | location /error/ {
34 | alias %home%/%user%/web/%domain%/document_errors/;
35 | }
36 |
37 | location @fallback {
38 | proxy_pass https://%ip%:%web_ssl_port%;
39 | }
40 |
41 | location ~ /\.ht {return 404;}
42 | location ~ /\.svn/ {return 404;}
43 | location ~ /\.git/ {return 404;}
44 | location ~ /\.hg/ {return 404;}
45 | location ~ /\.bzr/ {return 404;}
46 |
47 | include %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*;
48 |
49 | }
50 |
--------------------------------------------------------------------------------
/nginx/Django_proxy_pass.tpl:
--------------------------------------------------------------------------------
1 | server {
2 | listen %ip%:%proxy_port%;
3 | server_name %domain_idn% %alias_idn%;
4 |
5 | include %home%/%user%/conf/web/%domain%/nginx.forcessl.conf*;
6 |
7 | location = /favicon.ico { access_log off; log_not_found off; }
8 |
9 | location /static/ {
10 | root %home%/%user%/web/%domain%/djangoapp;
11 | }
12 |
13 | location / {
14 | proxy_set_header Host $http_host;
15 | proxy_set_header X-Real-IP $remote_addr;
16 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
17 | proxy_set_header X-Forwarded-Proto $scheme;
18 | proxy_pass http://unix:/run/%domain%-gunicorn.sock;
19 | location ~* ^.+\.(%proxy_extentions%)$ {
20 | root %home%/%user%/web/%domain%/djangoapp/;
21 | access_log /var/log/%web_system%/domains/%domain%.log combined;
22 | access_log /var/log/%web_system%/domains/%domain%.bytes bytes;
23 | expires max;
24 | try_files $uri @fallback;
25 | }
26 | }
27 |
28 | location /error/ {
29 | alias %home%/%user%/web/%domain%/document_errors/;
30 | }
31 |
32 | location @fallback {
33 | proxy_pass http://%ip%:%web_port%;
34 | }
35 |
36 | location ~ /\.ht {return 404;}
37 | location ~ /\.svn/ {return 404;}
38 | location ~ /\.git/ {return 404;}
39 | location ~ /\.hg/ {return 404;}
40 | location ~ /\.bzr/ {return 404;}
41 |
42 | include %home%/%user%/conf/web/%domain%/nginx.conf_*;
43 | }
--------------------------------------------------------------------------------