add php

Signed-off-by: Zoey <zoey@z0ey.de>

backend/templates/_exploits.conf

@@ -1,4 +0,0 @@
-{% if block_exploits == 1 or block_exploits == true %}
-  # Block Exploits
-  include conf.d/include/block-exploits.conf;
-{% endif %}

backend/templates/_location.conf

@@ -6,27 +6,12 @@
     proxy_set_header X-Real-IP $remote_addr;
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_http_version 1.1;
-    proxy_pass       {{ forward_scheme }}://{{ forward_host }}:{{ forward_port }}{{ forward_path }};
+    proxy_pass {{ forward_scheme }}://{{ forward_host }}:{{ forward_port }}{{ forward_path }};
 
     {% if access_list_id > 0 %}
     {% if access_list.items.length > 0 %}
-    # Authorization
-    auth_basic            "Authorization required";
-    auth_basic_user_file  /data/access/{{ access_list_id }};
- 
     {{ access_list.passauth }}
     {% endif %}
- 
-    # Access Rules
-    {% for client in access_list.clients %}
-    {{- client.rule -}};
-    {% endfor %}deny all;
- 
-    # Access checks must...
-    {% if access_list.satisfy %}
-    {{ access_list.satisfy }};
-    {% endif %}
- 
     {% endif %}
 
     {% if allow_websocket_upgrade == 1 or allow_websocket_upgrade == true %}

backend/templates/dead_host.conf

@@ -9,10 +9,10 @@ server {
 
 {{ advanced_config }}
   include conf.d/include/letsencrypt-acme-challenge.conf;
+  include conf.d/include/block-exploits.conf;
 {% if use_default_location %}
   location / {
-    include conf.d/include/letsencrypt-acme-challenge.conf;
-    return 404;
+    alias /html/404/;
   }
 {% endif %}
 

backend/templates/default.conf

@@ -1,9 +1,6 @@
 # ------------------------------------------------------------
 # Default Site
 # ------------------------------------------------------------
-{% if value == "congratulations" %}
-# Skipping output, congratulations page configration is baked in.
-{%- else %}
 server {
   listen 80 default_server;
   listen [::]:80 default_server;
@@ -14,7 +11,7 @@ server {
   listen 443 http3 default_server;
   listen [::]:443 http3 default_server;
   
-  server_name default-host;
+  server_name _;
   
   include conf.d/include/force-ssl.conf;
   include conf.d/include/ssl-ciphers.conf;
@@ -27,10 +24,9 @@ server {
 
 {%- if value == "404" %}
   location / {
-    include conf.d/include/letsencrypt-acme-challenge.conf;
-    return 404;
+    alias /html/404/;
   }
-{% endif %}
+{%- endif %}
 
 {%- if value == "redirect" %}
   location / {
@@ -39,39 +35,17 @@ server {
   }
 {%- endif %}
 
-{%- if value == "html" %}
-  root /data/nginx/default_www;
+{%- if value == "congratulations" %}
   location / {
     include conf.d/include/letsencrypt-acme-challenge.conf;
-    try_files $uri /index.html;
+    alias /html/default/;
+  }
+{%- endif %}
+
+{%- if value == "html" %}
+  location / {
+    include conf.d/include/letsencrypt-acme-challenge.conf;
+    alias /data/nginx/html/;
   }
 {%- endif %}
 }
-{% endif %}
-
-# ------------------------------------------------------------
-# prevent processing requests with undefined server names
-# ------------------------------------------------------------
-
-server {
-  listen 80;
-  listen [::]:80;
-  
-  listen 443 ssl http2;
-  listen [::]:443 ssl http2;
-  
-  listen 443 http3;
-  listen [::]:443 http3;
-  
-  server_name "";
-  return 444;
-  
-  include conf.d/include/force-ssl.conf;
-  include conf.d/include/ssl-ciphers.conf;
-  include conf.d/include/letsencrypt-acme-challenge.conf;
-  include conf.d/include/block-exploits.conf;
-  add_header alt-svc 'h3=":443"; ma=86400, h3-29=":443"; ma=86400';
-  
-  ssl_certificate /data/nginx/dummycert.pem;
-  ssl_certificate_key /data/nginx/dummykey.pem;
-}

backend/templates/letsencrypt-request.conf

@@ -7,6 +7,7 @@ server {
   server_name {{ domain_names | join: " " }};
 
   include conf.d/include/letsencrypt-acme-challenge.conf;
+  include conf.d/include/block-exploits.conf;
 
   location / {
     include conf.d/include/letsencrypt-acme-challenge.conf;

backend/templates/proxy_host.conf

@@ -8,42 +8,22 @@ server {
 
 {% include "_listen.conf" %}
 {% include "_certificates.conf" %}
-{% include "_exploits.conf" %}
 {% include "_hsts.conf" %}
 {% include "_forced_ssl.conf" %}
 
-{% if allow_websocket_upgrade == 1 or allow_websocket_upgrade == true %}
-  proxy_set_header Upgrade $http_upgrade;
-  proxy_set_header Connection $http_connection;
-{% endif %}
+  include conf.d/include/letsencrypt-acme-challenge.conf;
+  include conf.d/include/block-exploits.conf;
 
 {{ advanced_config }}
-
-{{ locations }}
-  include conf.d/include/letsencrypt-acme-challenge.conf;
+  
 {% if use_default_location %}
-
   location / {
     include conf.d/include/letsencrypt-acme-challenge.conf;
+
     {% if access_list_id > 0 %}
     {% if access_list.items.length > 0 %}
-    # Authorization
-    auth_basic            "Authorization required";
-    auth_basic_user_file  /data/access/{{ access_list_id }};
-
     {{ access_list.passauth }}
     {% endif %}
-
-    # Access Rules
-    {% for client in access_list.clients %}
-    {{- client.rule -}};
-    {% endfor %}deny all;
-
-    # Access checks must...
-    {% if access_list.satisfy %}
-    {{ access_list.satisfy }};
-    {% endif %}
-
     {% endif %}
 
     {% if allow_websocket_upgrade == 1 or allow_websocket_upgrade == true %}
@@ -56,6 +36,29 @@ server {
   }
 {% endif %}
 
+  {% if access_list_id > 0 %}
+  {% if access_list.items.length > 0 %}
+  # Authorization
+  auth_basic            "Authorization required";
+  auth_basic_user_file  /data/access/{{ access_list_id }};
+ 
+  {{ access_list.passauth }}
+  {% endif %}
+ 
+  # Access Rules
+  {% for client in access_list.clients %}
+  {{- client.rule -}};
+  {% endfor %}deny all;
+ 
+  # Access checks must...
+  {% if access_list.satisfy %}
+  {{ access_list.satisfy }};
+  {% endif %}
+ 
+  {% endif %}
+
+{{ locations }}
+
   # Custom
   include /data/nginx/custom/server_proxy.conf;
 }

backend/templates/redirection_host.conf

@@ -4,12 +4,12 @@
 server {
 {% include "_listen.conf" %}
 {% include "_certificates.conf" %}
-{% include "_exploits.conf" %}
 {% include "_hsts.conf" %}
 {% include "_forced_ssl.conf" %}
 
 {{ advanced_config }}
   include conf.d/include/letsencrypt-acme-challenge.conf;
+  include conf.d/include/block-exploits.conf;
 {% if use_default_location %}
   location / {
     include conf.d/include/letsencrypt-acme-challenge.conf;