webserver-config/site-config.conf

server {
    listen 80;
    listen [::]:80;
    server_name .$DOMAIN;
    return 301 https://\$host\$request_uri;
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name .$DOMAIN;

    # SSL Configuration
    ssl_certificate /etc/letsencrypt/live/$DOMAIN/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/$DOMAIN/privkey.pem;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;

    # Determine the subdomain and set the root accordingly
    set \$subdomain '';
    if (\$host ~* ^([^.]+)\.$DOMAIN$) {
        set \$subdomain \$1;
    }

    # Default root for subdomains
    # subdomains are the default, so that we get 404s for nonexistant subdomains
    root $MAIN_WEB_ROOT/subdomains/\$subdomain/www;

    # For the main domain, use the _main/www directory
    if (\$host = $DOMAIN) {
        root $MAIN_WEB_ROOT/_main/www;
    }

    # Index file names
    index index.html index.htm index.php;

    # Try files first, then use the router.php file if it exists
    location / {
        try_files \$uri \$uri/ @router;
    }

    # Use the router.php file for all nonexistant file requests if it exists
    location @router {
        if (!-f \$document_root/router.php) {
            return 404;
        }
        fastcgi_pass unix:/var/run/php/php-fpm.sock;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME \$document_root/router.php;
    }

    # PHP Configuration
    location ~ \.php$ {
        try_files \$uri =404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/var/run/php/php-fpm.sock;
        fastcgi_index index.php;
        include fastcgi_params;
    }

    # Deny access to .ht* files
    location ~ /\.ht {
        deny all;
    }

    # Additional config options
    gzip on;
    gzip_vary on;
    gzip_proxied any;
    gzip_comp_level 6;
    gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;
    client_max_body_size 20M;

    # Log to both default location and custom site directory, named by subdomain
    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;
    if (\$subdomain != '') {
        access_log $MAIN_WEB_ROOT/logs/\$subdomain.access.log;
        error_log $MAIN_WEB_ROOT/logs/\$subdomain.error.log;
    }else {
        access_log $MAIN_WEB_ROOT/logs/_main.access.log;
        error_log $MAIN_WEB_ROOT/logs/_main.error.log;
    }
}
broke install into many separate scripts 2024-10-20 23:57:00 +00:00			`server {`
			`listen 80;`
			`listen [::]:80;`
			`server_name .$DOMAIN;`
			`return 301 https://\$host\$request_uri;`
			`}`

			`server {`
			`listen 443 ssl http2;`
			`listen [::]:443 ssl http2;`
			`server_name .$DOMAIN;`

			`# SSL Configuration`
			`ssl_certificate /etc/letsencrypt/live/$DOMAIN/fullchain.pem;`
			`ssl_certificate_key /etc/letsencrypt/live/$DOMAIN/privkey.pem;`
			`ssl_protocols TLSv1.2 TLSv1.3;`
			`ssl_prefer_server_ciphers on;`
			`ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;`

			`# Determine the subdomain and set the root accordingly`
			`set \$subdomain '';`
			`if (\$host ~* ^([^.]+)\.$DOMAIN$) {`
			`set \$subdomain \$1;`
			`}`

			`# Default root for subdomains`
			`# subdomains are the default, so that we get 404s for nonexistant subdomains`
			`root $MAIN_WEB_ROOT/subdomains/\$subdomain/www;`

			`# For the main domain, use the _main/www directory`
			`if (\$host = $DOMAIN) {`
			`root $MAIN_WEB_ROOT/_main/www;`
			`}`

			`# Index file names`
			`index index.html index.htm index.php;`

			`# Try files first, then use the router.php file if it exists`
			`location / {`
			`try_files \$uri \$uri/ @router;`
			`}`

			`# Use the router.php file for all nonexistant file requests if it exists`
			`location @router {`
			`if (!-f \$document_root/router.php) {`
			`return 404;`
			`}`
			`fastcgi_pass unix:/var/run/php/php-fpm.sock;`
			`include fastcgi_params;`
			`fastcgi_param SCRIPT_FILENAME \$document_root/router.php;`
			`}`

			`# PHP Configuration`
			`location ~ \.php$ {`
			`try_files \$uri =404;`
			`fastcgi_split_path_info ^(.+\.php)(/.+)$;`
			`fastcgi_pass unix:/var/run/php/php-fpm.sock;`
			`fastcgi_index index.php;`
			`include fastcgi_params;`
			`}`

			`# Deny access to .ht* files`
			`location ~ /\.ht {`
			`deny all;`
			`}`

			`# Additional config options`
			`gzip on;`
			`gzip_vary on;`
			`gzip_proxied any;`
			`gzip_comp_level 6;`
			`gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;`
			`client_max_body_size 20M;`

			`# Log to both default location and custom site directory, named by subdomain`
			`access_log /var/log/nginx/access.log;`
			`error_log /var/log/nginx/error.log;`
			`if (\$subdomain != '') {`
			`access_log $MAIN_WEB_ROOT/logs/\$subdomain.access.log;`
			`error_log $MAIN_WEB_ROOT/logs/\$subdomain.error.log;`
			`}else {`
			`access_log $MAIN_WEB_ROOT/logs/_main.access.log;`
			`error_log $MAIN_WEB_ROOT/logs/_main.error.log;`
			`}`
			`}`