From 05107258ccba7fb714a6418b81f6f3cfe247317d Mon Sep 17 00:00:00 2001
From: Ivan Grynenko <ivan@salsadigital.com.au>
Date: Wed, 6 Jul 2016 20:21:40 +1000
Subject: [PATCH] Added second nginx vhost

---
 group_vars/all.yml | 82 ++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 82 insertions(+)

diff --git a/group_vars/all.yml b/group_vars/all.yml
index a27a526..ca92fc0 100644
--- a/group_vars/all.yml
+++ b/group_vars/all.yml
@@ -233,6 +233,88 @@ nginx_vhosts:
         return 403;
       }
 
+      location ~ /\. {
+        access_log off;
+        log_not_found off;
+        deny all;
+      }
+      location ~ ~$ {
+        access_log off;
+        log_not_found off;
+        deny all;
+      }
+      location ~ /\.ht {
+        deny  all;
+      }
+      location @rewrite {
+        # Some modules enforce no slash (/) at the end of the URL
+        # Else this rewrite block wouldn't be needed (GlobalRedirect)
+        rewrite ^/(.*)$ /index.php?q=$1 last;
+      }
+  - listen: "{{ nginx_port }}"
+    server_name: "2{{ server_hostname }} www.2{{ server_hostname }}"
+    root: "/var/www/html/2{{ server_hostname }}"
+    open_file_cache: "max=2000 inactive=120s"
+    open_file_cache_valid: "240s"
+    open_file_cache_min_uses: "5"
+    open_file_cache_errors: "off"
+    client_max_body_size: "5m"
+    client_body_timeout: "60"
+    index: "index.php index.html index.htm"
+    error_page: "403 =404"
+    access_log: "/var/log/nginx/2{{ server_hostname }}_access.log"
+    error_log: "/var/log/nginx/2{{ server_hostname }}_error.log"
+    extra_parameters: |
+      location ~ ^/sites/.*/files/styles/ {
+        try_files $uri @rewrite;
+      }
+      location ~ ^/sites/default/files/ {
+        try_files $uri @rewrite;
+      }
+      location ~ \.(gif|jpg|jpeg|png|ico|bmp|js|css|pdf|doc|webp|woff|ico|js|css|svg)(\?[a-zA-Z0-9\.\-_,])?$ {
+        expires max;
+        log_not_found off;
+        add_header Cache-Control "public";
+        add_header X-Cache $upstream_cache_status;
+      }
+      location = /favicon.ico {
+        log_not_found off;
+        access_log off;
+      }
+      location = /robots.txt {
+        allow all;
+        log_not_found off;
+        access_log off;
+      }
+      location / {
+        proxy_pass http://127.0.0.1:{{ apache_listen_port }};
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP  $remote_addr;
+        proxy_set_header X-Forwarded-For $remote_addr;
+        add_header X-Cache $upstream_cache_status;
+        add_header X-Loaded "/";
+        add_header X-Your-IP $remote_addr;
+      }
+      location ~ \.php$ {
+        proxy_set_header X-Real-IP  $remote_addr;
+        proxy_set_header X-Forwarded-For $remote_addr;
+        proxy_set_header Host $host;
+        proxy_pass http://127.0.0.1:{{ apache_listen_port }};
+        add_header X-Cache $upstream_cache_status;
+        add_header X-Loaded "php";
+        add_header X-Your-IP $remote_addr;
+      }
+      location = /backup {
+        deny all;
+      }
+      location ~* \.(txt|log)$ {
+        allow 127.0.0.1;
+        deny all;
+      }
+      location ~ \..*/.*\.php$ {
+        return 403;
+      }
+
       location ~ /\. {
         access_log off;
         log_not_found off;