crt
/
fusionpbx-ldap
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Fork of FusionPBX but with LDAP kinda working
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7 Commits
1 Branch
0 Tags
28 MiB
Tree: fc4fa7a8fb
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'fc4fa7a8fb'
${ noResults }
fusionpbx-ldap/Install_Scripts/debian/resources/nginx/fusionpbx

305 lines
10 KiB
Raw Normal View History

copied over install scripts to adapt
2 years ago
  2. server {
  3. listen 127.0.0.1:80;
  4. server_name 127.0.0.1;
  5. access_log /var/log/nginx/access.log;
  6. error_log /var/log/nginx/error.log;
  8. client_max_body_size 80M;
  9. client_body_buffer_size 128k;
  11. location / {
  12. root /var/www/fusionpbx;
  13. index index.php;
  14. }
  16. location ~ \.php$ {
  17. fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;
  18. #fastcgi_pass 127.0.0.1:9000;
  19. fastcgi_index index.php;
  20. include fastcgi_params;
  21. fastcgi_param SCRIPT_FILENAME /var/www/fusionpbx$fastcgi_script_name;
  22. }
  24. # Allow the upgrade routines to run longer than normal
  25. location = /core/upgrade/index.php {
  26. fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;
  27. #fastcgi_pass 127.0.0.1:9000;
  28. fastcgi_index index.php;
  29. include fastcgi_params;
  30. fastcgi_param SCRIPT_FILENAME /var/www/fusionpbx$fastcgi_script_name;
  31. fastcgi_read_timeout 15m;
  32. }
  34. # Disable viewing .htaccess & .htpassword & .db & .git
  35. location ~ .htaccess {
  36. deny all;
  37. }
  38. location ~ .htpassword {
  39. deny all;
  40. }
  41. location ~^.+.(db)$ {
  42. deny all;
  43. }
  44. location ~ /\.git {
  45. deny all;
  46. }
  47. location ~ /\.lua {
  48. deny all;
  49. }
  50. location ~ /\. {
  51. deny all;
  52. }
  53. }
  55. server {
  56. listen 80;
  57. server_name fusionpbx;
  59. #redirect letsencrypt to dehydrated
  60. location ^~ /.well-known/acme-challenge {
  61. default_type "text/plain";
  62. auth_basic "off";
  63. alias /var/www/dehydrated;
  64. }
  66. #rewrite rule - send to https with an exception for provisioning
  67. if ($uri !~* ^.*(provision|xml_cdr|firmware).*$) {
  68. rewrite ^(.*) https://$host$1 permanent;
  69. break;
  70. }
  72. #REST api
  73. if ($uri ~* ^.*/api/.*$) {
  74. rewrite ^(.*)/api/(.*)$ $1/api/index.php?rewrite_uri=$2 last;
  75. break;
  76. }
  78. #algo
  79. rewrite "^.*/provision/algom([A-Fa-f0-9]{12})\.conf" /app/provision/?mac=$1&file=algom%7b%24mac%7d.conf last;
  81. #mitel
  82. rewrite "^.*/provision/MN_([A-Fa-f0-9]{12})\.cfg" /app/provision/index.php?mac=$1&file=MN_%7b%24mac%7d.cfg last;
  83. rewrite "^.*/provision/MN_Generic.cfg" /app/provision/index.php?mac=08000f000000&file=MN_Generic.cfg last;
  85. #grandstream
  86. rewrite "^.*/provision/cfg([A-Fa-f0-9]{12})(\.(xml|cfg))?$" /app/provision/?mac=$1;
  87. rewrite "^.*/provision/([A-Fa-f0-9]{12})/phonebook\.xml$" /app/provision/?mac=$1&file=phonebook.xml;
  88. rewrite "^.*/provision/(phonebook\.xml)?$" /app/provision/index.php?file=$1 last;
  89. #grandstream-wave softphone by ext because Android doesn't pass MAC.
  90. rewrite "^.*/provision/([0-9]{5})/cfg([A-Fa-f0-9]{12}).xml$" /app/provision/?ext=$1;
  92. #aastra
  93. rewrite "^.*/provision/aastra.cfg$" /app/provision/?mac=$1&file=aastra.cfg;
  94. #rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.(cfg))?$" /app/provision/?mac=$1 last;
  96. #yealink
  97. #rewrite "^.*/provision/(y[0-9]{12})(\.cfg|\.boot)?$" /app/provision/index.php?file=$1$2;
  98. rewrite "^.*/provision/(y[0-9]{12})(\.cfg)?$" /app/provision/index.php?file=$1.cfg;
  99. rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.(xml|cfg))?$" /app/provision/index.php?mac=$1 last;
  101. #polycom
  102. rewrite "^.*/provision/000000000000.cfg$" "/app/provision/?mac=$1&file={%24mac}.cfg";
  103. #rewrite "^.*/provision/sip_330(\.(ld))$" /includes/firmware/sip_330.$2;
  104. rewrite "^.*/provision/features.cfg$" /app/provision/?mac=$1&file=features.cfg;
  105. rewrite "^.*/provision/([A-Fa-f0-9]{12})-sip.cfg$" /app/provision/?mac=$1&file=sip.cfg;
  106. rewrite "^.*/provision/([A-Fa-f0-9]{12})-phone.cfg$" /app/provision/?mac=$1;
  107. rewrite "^.*/provision/([A-Fa-f0-9]{12})-registration.cfg$" "/app/provision/?mac=$1&file={%24mac}-registration.cfg";
  108. rewrite "^.*/provision/([A-Fa-f0-9]{12})-directory.xml$" "/app/provision/?mac=$1&file={%24mac}-directory.xml";
  110. #cisco
  111. rewrite "^.*/provision/file/(.*\.(xml|cfg))" /app/provision/?file=$1 last;
  112. rewrite "^.*/provision/directory\.xml$" /app/provision/?file=directory.xml;
  114. #Escene
  115. rewrite "^.*/provision/([0-9]{1,11})_Extern.xml$" "/app/provision/?ext=$1&file={%24mac}_extern.xml" last;
  116. rewrite "^.*/provision/([0-9]{1,11})_Phonebook.xml$" "/app/provision/?ext=$1&file={%24mac}_phonebook.xml" last;
  118. #Vtech
  119. rewrite "^.*/provision/VCS754_([A-Fa-f0-9]{12})\.cfg$" /app/provision/?mac=$1;
  120. rewrite "^.*/provision/pb([A-Fa-f0-9-]{12,17})/directory\.xml$" /app/provision/?mac=$1&file=directory.xml;
  122. #Digium
  123. rewrite "^.*/provision/([A-Fa-f0-9]{12})-contacts\.cfg$" "/app/provision/?mac=$1&file={%24mac}-contacts.cfg";
  124. rewrite "^.*/provision/([A-Fa-f0-9]{12})-smartblf\.cfg$" "/app/provision/?mac=$1&file={%24mac}-smartblf.cfg";
  126. #Snom
  127. rewrite "^.*/provision/-([A-Fa-f0-9]{12})?$" /app/provision/index.php?mac=$1;
  129. access_log /var/log/nginx/access.log;
  130. error_log /var/log/nginx/error.log;
  132. client_max_body_size 80M;
  133. client_body_buffer_size 128k;
  135. location / {
  136. root /var/www/fusionpbx;
  137. index index.php;
  138. }
  140. location ~ \.php$ {
  141. fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;
  142. #fastcgi_pass 127.0.0.1:9000;
  143. fastcgi_index index.php;
  144. include fastcgi_params;
  145. fastcgi_param SCRIPT_FILENAME /var/www/fusionpbx$fastcgi_script_name;
  146. }
  148. # Allow the upgrade routines to run longer than normal
  149. location = /core/upgrade/index.php {
  150. fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;
  151. #fastcgi_pass 127.0.0.1:9000;
  152. fastcgi_index index.php;
  153. include fastcgi_params;
  154. fastcgi_param SCRIPT_FILENAME /var/www/fusionpbx$fastcgi_script_name;
  155. fastcgi_read_timeout 15m;
  156. }
  158. # Disable viewing .htaccess & .htpassword & .db & .git
  159. location ~ .htaccess {
  160. deny all;
  161. }
  162. location ~ .htpassword {
  163. deny all;
  164. }
  165. location ~^.+.(db)$ {
  166. deny all;
  167. }
  168. location ~ /\.git {
  169. deny all;
  170. }
  171. location ~ /\.lua {
  172. deny all;
  173. }
  174. location ~ /\. {
  175. deny all;
  176. }
  177. }
  179. server {
  180. listen 443 ssl;
  181. #listen 443 ssl http2;
  182. server_name fusionpbx;
  184. ssl_certificate /etc/ssl/certs/nginx.crt;
  185. ssl_certificate_key /etc/ssl/private/nginx.key;
  186. ssl_protocols TLSv1.2 TLSv1.3;
  187. #ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
  188. ssl_ciphers DHE-RSA-AES256-SHA:AES256-SHA:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
  189. ssl_session_cache shared:SSL:40m;
  190. ssl_session_timeout 2h;
  191. ssl_session_tickets off;
  193. #redirect letsencrypt to dehydrated
  194. location ^~ /.well-known/acme-challenge {
  195. default_type "text/plain";
  196. auth_basic "off";
  197. alias /var/www/dehydrated;
  198. }
  200. #REST api
  201. if ($uri ~* ^.*/api/.*$) {
  202. rewrite ^(.*)/api/(.*)$ $1/api/index.php?rewrite_uri=$2 last;
  203. break;
  204. }
  206. #message media
  207. rewrite "^/app/messages/media/(.*)/(.*)" /app/messages/message_media.php?id=$1&action=download last;
  209. #algo
  210. rewrite "^.*/provision/algom([A-Fa-f0-9]{12})\.conf" /app/provision/?mac=$1&file=algom%7b%24mac%7d.conf last;
  212. #mitel
  213. rewrite "^.*/provision/MN_([A-Fa-f0-9]{12})\.cfg" /app/provision/index.php?mac=$1&file=MN_%7b%24mac%7d.cfg last;
  214. rewrite "^.*/provision/MN_Generic.cfg" /app/provision/index.php?mac=08000f000000&file=MN_Generic.cfg last;
  216. #grandstream
  217. rewrite "^.*/provision/cfg([A-Fa-f0-9]{12})(\.(xml|cfg))?$" /app/provision/?mac=$1;
  218. rewrite "^.*/provision/([A-Fa-f0-9]{12})/phonebook\.xml$" /app/provision/?mac=$1&file=phonebook.xml;
  219. rewrite "^.*/provision/(phonebook\.xml)?$" /app/provision/index.php?file=$1 last;
  220. #grandstream-wave softphone by ext because Android doesn't pass MAC.
  221. rewrite "^.*/provision/([0-9]{5})/cfg([A-Fa-f0-9]{12}).xml$" /app/provision/?ext=$1;
  223. #aastra
  224. rewrite "^.*/provision/aastra.cfg$" /app/provision/?mac=$1&file=aastra.cfg;
  225. #rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.(cfg))?$" /app/provision/?mac=$1 last;
  227. #yealink
  228. #rewrite "^.*/provision/(y[0-9]{12})(\.cfg|\.boot)?$" /app/provision/index.php?file=$1$2;
  229. rewrite "^.*/provision/(y[0-9]{12})(\.cfg)?$" /app/provision/index.php?file=$1.cfg;
  230. rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.(xml|cfg))?$" /app/provision/index.php?mac=$1 last;
  232. #polycom
  233. rewrite "^.*/provision/000000000000.cfg$" "/app/provision/?mac=$1&file={%24mac}.cfg";
  234. #rewrite "^.*/provision/sip_330(\.(ld))$" /includes/firmware/sip_330.$2;
  235. rewrite "^.*/provision/features.cfg$" /app/provision/?mac=$1&file=features.cfg;
  236. rewrite "^.*/provision/([A-Fa-f0-9]{12})-sip.cfg$" /app/provision/?mac=$1&file=sip.cfg;
  237. rewrite "^.*/provision/([A-Fa-f0-9]{12})-phone.cfg$" /app/provision/?mac=$1;
  238. rewrite "^.*/provision/([A-Fa-f0-9]{12})-registration.cfg$" "/app/provision/?mac=$1&file={%24mac}-registration.cfg";
  239. rewrite "^.*/provision/([A-Fa-f0-9]{12})-directory.xml$" "/app/provision/?mac=$1&file={%24mac}-directory.xml";
  241. #cisco
  242. rewrite "^.*/provision/file/(.*\.(xml|cfg))" /app/provision/?file=$1 last;
  243. rewrite "^.*/provision/directory\.xml$" /app/provision/?file=directory.xml;
  245. #Escene
  246. rewrite "^.*/provision/([0-9]{1,11})_Extern.xml$" "/app/provision/?ext=$1&file={%24mac}_extern.xml" last;
  247. rewrite "^.*/provision/([0-9]{1,11})_Phonebook.xml$" "/app/provision/?ext=$1&file={%24mac}_phonebook.xml" last;
  249. #Vtech
  250. rewrite "^.*/provision/VCS754_([A-Fa-f0-9]{12})\.cfg$" /app/provision/?mac=$1;
  251. rewrite "^.*/provision/pb([A-Fa-f0-9-]{12,17})/directory\.xml$" /app/provision/?mac=$1&file=directory.xml;
  253. #Digium
  254. rewrite "^.*/provision/([A-Fa-f0-9]{12})-contacts\.cfg$" "/app/provision/?mac=$1&file={%24mac}-contacts.cfg";
  255. rewrite "^.*/provision/([A-Fa-f0-9]{12})-smartblf\.cfg$" "/app/provision/?mac=$1&file={%24mac}-smartblf.cfg";
  257. access_log /var/log/nginx/access.log;
  258. error_log /var/log/nginx/error.log;
  260. client_max_body_size 80M;
  261. client_body_buffer_size 128k;
  263. location / {
  264. root /var/www/fusionpbx;
  265. index index.php;
  266. }
  268. location ~ \.php$ {
  269. fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;
  270. #fastcgi_pass 127.0.0.1:9000;
  271. fastcgi_index index.php;
  272. include fastcgi_params;
  273. fastcgi_param SCRIPT_FILENAME /var/www/fusionpbx$fastcgi_script_name;
  274. }
  276. # Allow the upgrade routines to run longer than normal
  277. location = /core/upgrade/index.php {
  278. fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;
  279. #fastcgi_pass 127.0.0.1:9000;
  280. fastcgi_index index.php;
  281. include fastcgi_params;
  282. fastcgi_param SCRIPT_FILENAME /var/www/fusionpbx$fastcgi_script_name;
  283. fastcgi_read_timeout 15m;
  284. }
  286. # Disable viewing .htaccess & .htpassword & .db & .git
  287. location ~ .htaccess {
  288. deny all;
  289. }
  290. location ~ .htpassword {
  291. deny all;
  292. }
  293. location ~^.+.(db)$ {
  294. deny all;
  295. }
  296. location ~ /\.git {
  297. deny all;
  298. }
  299. location ~ /\.lua {
  300. deny all;
  301. }
  302. location ~ /\. {
  303. deny all;
  304. }
  305. }