diff options
author | Jose Luis Duran <jlduran@users.noreply.github.com> | 2016-03-19 11:50:54 -0300 |
---|---|---|
committer | Jose Luis Duran <jlduran@users.noreply.github.com> | 2016-03-19 12:03:13 -0300 |
commit | 8e2090a1904c1cd1935443834349521ef773b9da (patch) | |
tree | a4b284cc99371a4273af6a062aa408fced4bae27 /src/etc | |
parent | b76cc9789b2216a94d6fb8a110946f95b6a5a1e0 (diff) | |
download | pfsense-8e2090a1904c1cd1935443834349521ef773b9da.zip pfsense-8e2090a1904c1cd1935443834349521ef773b9da.tar.gz |
Cleanup nginx configuration file
- Fix indentations
- Use the `ssl` parameter of the `listen` directive [1]
- Change the rewrite rule to use the recommended syntax [2]
[1]: http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl
[2]: http://nginx.org/en/docs/http/converting_rewrite_rules.html
Diffstat (limited to 'src/etc')
-rw-r--r-- | src/etc/inc/system.inc | 48 |
1 files changed, 27 insertions, 21 deletions
diff --git a/src/etc/inc/system.inc b/src/etc/inc/system.inc index 62c8b38..3a789c1 100644 --- a/src/etc/inc/system.inc +++ b/src/etc/inc/system.inc @@ -1278,11 +1278,11 @@ worker_processes {$max_procs}; EOD; -if (!isset($config['syslog']['nolognginx'])) { - $nginx_config .= "error_log syslog:server=unix:/var/run/log,facility=local5;\n"; -} + if (!isset($config['syslog']['nolognginx'])) { + $nginx_config .= "error_log syslog:server=unix:/var/run/log,facility=local5;\n"; + } -$nginx_config .= <<<EOD + $nginx_config .= <<<EOD events { worker_connections 1024; @@ -1301,24 +1301,16 @@ http { EOD; -if ($captive_portal !== false) { - $nginx_config .= "\tlimit_conn_zone \$binary_remote_addr zone=addr:10m;\n"; -} - -$nginx_config .= <<<EOD - - server { - listen {$nginx_port}; - listen [::]:{$nginx_port}; - client_max_body_size 200m; - - gzip on; - gzip_types text/plain text/css text/javascript application/x-javascript text/xml application/xml application/xml+rss application/json; - -EOD; + if ($captive_portal !== false) { + $nginx_config .= "\tlimit_conn_zone \$binary_remote_addr zone=addr:10m;\n"; + } if ($cert <> "" and $key <> "") { - $nginx_config .= "\t\tssl on;\n"; + $nginx_config .= "\n"; + $nginx_config .= "\tserver {\n"; + $nginx_config .= "\t\tlisten {$nginx_port} ssl;\n"; + $nginx_config .= "\t\tlisten [::]:{$nginx_port} ssl;\n"; + $nginx_config .= "\n"; $nginx_config .= "\t\tssl_certificate {$g['varetc_path']}/{$cert_location};\n"; $nginx_config .= "\t\tssl_certificate_key {$g['varetc_path']}/{$key_location};\n"; $nginx_config .= "\t\tssl_session_timeout 10m;\n"; @@ -1338,9 +1330,23 @@ EOD; $nginx_config .= "\t\tssl_stapling on;\n"; $nginx_config .= "\t\tssl_stapling_verify on;\n"; $nginx_config .= "\t\tssl_dhparam /etc/dh-parameters.4096;\n"; + } else { $nginx_config .= "\n"; + $nginx_config .= "\tserver {\n"; + $nginx_config .= "\t\tlisten {$nginx_port};\n"; + $nginx_config .= "\t\tlisten [::]:{$nginx_port};\n"; } + $nginx_config .= <<<EOD + + client_max_body_size 200m; + + gzip on; + gzip_types text/plain text/css text/javascript application/x-javascript text/xml application/xml application/xml+rss application/json; + + +EOD; + if ($captive_portal !== false) { $nginx_config .= <<<EOD $captive_portal_maxprocperip @@ -1410,7 +1416,7 @@ EOD; server { listen 80; listen [::]:80; - rewrite ^ https://\$http_host$redirectport\$request_uri? permanent; + return 301 https://\$http_host$redirectport\$request_uri; } EOD; |