upstream php-handler { server 127.0.0.1:9001; } <% if node['zabbix']['ssl']['enable'] %> server { listen <%= @params['server_port'] %> default_server; listen [::]:<%= @params['server_port'] %> default_server; server_name _; return 301 https://$host:<%= @params['ssl_port'] %>$request_uri; } <% end %> server { <% if node['zabbix']['ssl']['enable'] %> listen <%= @params[:ssl_port] %> default_server; listen [::]:<%= @params[:ssl_port] %> default_server; <% else %> listen <%= @params[:server_port] %> default_server; listen [::]:<%= @params[:server_port] %> default_server; <% end %> server_name <%= [@params[:server_name]].flatten.join ", " %>; access_log /var/log/nginx/zabbix.log; error_log /var/log/nginx/zabbix.error; <% if node['zabbix']['ssl']['enable'] %> ssl on; ssl_certificate <%= @params[:server_cert] %>; ssl_certificate_key <%= @params[:server_cert] %>; ssl_protocols <%= [@params[:ssl_proto]].flatten.join " " %>; #ssl_ciphers <%= [@params[:ssl_ciphers]].flatten.join ":" %>; <% end %> root <%= @params[:docroot] %>; index index.php index.html; client_max_body_size 5m; client_body_buffer_size 128k; #location ~ \.php$ { location ~ [^/]\.php(/|$) { fastcgi_split_path_info ^(.+?\.php)(/.*)$; if (!-f $document_root$fastcgi_script_name) { return 404; } #fastcgi_pass unix:/var/run/zabbix.socket; fastcgi_pass php-handler; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_NAME $fastcgi_script_name; } location ~* \.(jpg|jpeg|png|gif|css|js|ico)$ { expires max; log_not_found off; } location ~ /\.ht { deny all; } location ~ /\. { deny all; } }