fusionpbx-install.sh/freebsd/resources/nginx/fusionpbx.conf

server {
	listen  127.0.0.1:80;
	server_name  127.0.0.1;

	#set the log files
	error_log /var/log/nginx/error.log info;
	access_log /var/log/nginx/access.log;

	#set the default index files
	location / {
		root   /usr/local/www/fusionpbx;
		index  index.php index.html index.htm;
	}

	#nginx settings
	client_max_body_size 128M;
	client_body_buffer_size 128k;

	#http error handling
	error_page   500 502 503 504  /50x.html;
	location = /50x.html {
		root   /usr/local/www/nginx-dist;
	}

	#pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
	location ~ \.php$ {
		fastcgi_pass   127.0.0.1:9000;
		fastcgi_index  index.php;
		fastcgi_param  SCRIPT_FILENAME  /usr/local/www/fusionpbx$fastcgi_script_name;
		include        fastcgi_params;
	}

	#disable viewing of .htaccess, htpassword, .db and .git
	location ~ /\.htaccess {
		deny  all;
	}
	location ~ .htpassword {
		deny all;
	}
	location ~^.+.(db)$ {
		deny all;
	}
	location ~ /\.git {
		deny all;
	}
	location ~ /\. {
		deny all;
	}
}

server {
	listen  80;
	server_name  fusionpbx;

	#set the log files
	error_log /var/log/nginx/error.log info;
	access_log /var/log/nginx/access.log;

	#redirect letsencrypt to dehydrated
	location ^~ /.well-known/acme-challenge {
		default_type "text/plain";
		auth_basic "off";
		alias /usr/local/www/dehydrated;
	}

	#set the default index files
	location / {
		root   /usr/local/www/fusionpbx;
		index  index.php index.html index.htm;
	}

	#rewrite rule - send to https with an exception for provisioning
	if ($uri !~* ^.*(provision|xml_cdr).*$) {
		rewrite ^(.*) https://$host$1 permanent;
		break;
	}

	#rewrite rule - REST api
	if ($uri ~* ^.*/api/.*$) {
		rewrite ^(.*)/api/(.*)$ $1/api/index.php?rewrite_uri=$2 last;
		break;
	}

	#algo
	rewrite "^.*/provision/algom([A-Fa-f0-9]{12})\.conf" /app/provision/?mac=$1&file=algom%7b%24mac%7d.conf last;

	#avaya
	rewrite "^.*/provision/J100Supgrade.txt" /resources/templates/provision/avaya/J100Supgrade.txt last;
	rewrite "^.*/provision/([A-Fa-f0-9]{12}).txt?$" /app/provision/index.php?mac=$1 last;

	#mitel
	rewrite "^.*/provision/MN_([A-Fa-f0-9]{12})\.cfg" /app/provision/index.php?mac=$1&file=MN_%7b%24mac%7d.cfg last;
	rewrite "^.*/provision/MN_Generic.cfg" /app/provision/index.php?mac=08000f000000&file=MN_Generic.cfg last;

	#grandstream
	rewrite "^.*/provision/cfg([A-Fa-f0-9]{12})(\.(xml|cfg))?$" /app/provision/?mac=$1;
	rewrite "^.*/provision/pb([A-Fa-f0-9-]{12,17})/phonebook\.xml$" /app/provision/?mac=$1&file=phonebook.xml;
	#grandstream-wave softphone by ext because Android doesn't pass MAC.
	rewrite "^.*/provision/([0-9]{5})/cfg([A-Fa-f0-9]{12}).xml$" /app/provision/?ext=$1;

	#aastra
	rewrite "^.*/provision/aastra.cfg$" /app/provision/?mac=$1&file=aastra.cfg;
	#rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.(cfg))?$" /app/provision/?mac=$1 last;

	#yealink common
	rewrite "^.*/provision/(y[0-9]{12})(\.cfg)?$" /app/provision/index.php?file=$1.cfg;

	#yealink mac
	rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.(xml|cfg))?$" /app/provision/index.php?mac=$1 last;

	#polycom
	rewrite "^.*/provision/000000000000.cfg$" "/app/provision/?mac=$1&file={%24mac}.cfg";
	#rewrite "^.*/provision/sip_330(\.(ld))$" /includes/firmware/sip_330.$2;
	rewrite "^.*/provision/features.cfg$" /app/provision/?mac=$1&file=features.cfg;
	rewrite "^.*/provision/([A-Fa-f0-9]{12})-sip.cfg$" /app/provision/?mac=$1&file=sip.cfg;
	rewrite "^.*/provision/([A-Fa-f0-9]{12})-phone.cfg$" /app/provision/?mac=$1;
	rewrite "^.*/provision/([A-Fa-f0-9]{12})-registration.cfg$" "/app/provision/?mac=$1&file={%24mac}-registration.cfg";
	rewrite "^.*/provision/([A-Fa-f0-9]{12})-directory.xml$" "/app/provision/?mac=$1&file={%24mac}-directory.xml";

	#cisco
	rewrite "^.*/provision/file/(.*\.(xml|cfg))" /app/provision/?file=$1 last;

	#escene
	rewrite "^.*/provision/([0-9]{1,11})_Extern.xml$"       "/app/provision/?ext=$1&file={%24mac}_extern.xml" last;
	rewrite "^.*/provision/([0-9]{1,11})_Phonebook.xml$" "/app/provision/?ext=$1&file={%24mac}_phonebook.xml" last;

	#vtech
	rewrite "^.*/provision/VCS754_([A-Fa-f0-9]{12})\.cfg$" /app/provision/?mac=$1;
	rewrite "^.*/provision/pb([A-Fa-f0-9-]{12,17})/directory\.xml$" /app/provision/?mac=$1&file=directory.xml;

	#digium
	rewrite "^.*/provision/([A-Fa-f0-9]{12})-contacts\.cfg$" "/app/provision/?mac=$1&file={%24mac}-contacts.cfg";
	rewrite "^.*/provision/([A-Fa-f0-9]{12})-smartblf\.cfg$" "/app/provision/?mac=$1&file={%24mac}-smartblf.cfg";

	#Snom
	rewrite "^.*/provision/.*-([A-Fa-f0-9]{12})\.?(cfg|htm)?$" /app/provision/index.php?mac=$1;
	rewrite "^.*/provision/C520-WiMi_([A-Fa-f0-9]{12})\.cfg$" /app/provision/index.php?mac=$1;
    rewrite "^.*/provision/([A-Fa-f0-9]{12})/directory\.xml$" /app/provision/?mac=$1&file=directory.xml;

	#nginx settings
	client_max_body_size 128M;
	client_body_buffer_size 128k;

	#http error handling
	error_page   500 502 503 504  /50x.html;
	location = /50x.html {
		root   /usr/local/www/nginx-dist;
	}
	
	#pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
	location ~ \.php$ {
		fastcgi_pass   127.0.0.1:9000;
		fastcgi_index  index.php;
		fastcgi_param  SCRIPT_FILENAME  /usr/local/www/fusionpbx$fastcgi_script_name;
		include        fastcgi_params;
	}

	#disable viewing of .htaccess, htpassword, .db, and .git
	location ~ /\.htaccess {
		deny  all;
	}
	location ~ .htpassword {
		deny all;
	}
	location ~^.+.(db)$ {
		deny all;
	}
	location ~ /\.git {
		deny all;
	}
	location ~ /\. {
		deny all;
	}
}

server {
	listen  443 ssl;
	server_name  fusionpbx;

	#set tls configuration
	ssl_certificate         /usr/local/etc/nginx/server.crt;
	ssl_certificate_key     /usr/local/etc/nginx/server.key;
	ssl_protocols           TLSv1 TLSv1.1 TLSv1.2;
	ssl_ciphers HIGH:!ADH:!MD5:!aNULL;

	#set the log files
	error_log /var/log/nginx/error.log info;
	access_log /var/log/nginx/access.log;

	#redirect letsencrypt to dehydrated
	location ^~ /.well-known/acme-challenge {
		default_type "text/plain";
		auth_basic "off";
		alias /usr/local/www/dehydrated;
	}

	#set the default index files
	location / {
		root   /usr/local/www/fusionpbx;
		index  index.php index.html index.htm;
	}

	#rewrite rule - send to https with an exception for provisioning
	#if ($uri !~* ^.*provision.*$) {
	#       rewrite ^(.*) https://$host$1 permanent;
	#       break;
	#}

	#rewrite rule - REST api
	if ($uri ~* ^.*/api/.*$) {
		rewrite ^(.*)/api/(.*)$ $1/api/index.php?rewrite_uri=$2 last;
		break;
	}

	#message media
	rewrite "^/app/messages/media/(.*)/(.*)" /app/messages/message_media.php?id=$1&action=download last;

	#algo
	rewrite "^.*/provision/algom([A-Fa-f0-9]{12})\.conf" /app/provision/?mac=$1&file=algom%7b%24mac%7d.conf last;

	#avaya
	rewrite "^.*/provision/J100Supgrade.txt" /resources/templates/provision/avaya/J100Supgrade.txt last;
	rewrite "^.*/provision/([A-Fa-f0-9]{12}).txt?$" /app/provision/index.php?mac=$1 last;

	#mitel
	rewrite "^.*/provision/MN_([A-Fa-f0-9]{12})\.cfg" /app/provision/index.php?mac=$1&file=MN_%7b%24mac%7d.cfg last;
	rewrite "^.*/provision/MN_Generic.cfg" /app/provision/index.php?mac=08000f000000&file=MN_Generic.cfg last;

	#grandstream
	rewrite "^.*/provision/cfg([A-Fa-f0-9]{12})(\.(xml|cfg))?$" /app/provision/?mac=$1;
	rewrite "^.*/provision/pb([A-Fa-f0-9-]{12,17})/phonebook\.xml$" /app/provision/?mac=$1&file=phonebook.xml;
	#grandstream-wave softphone by ext because Android doesn't pass MAC.
	rewrite "^.*/provision/([0-9]{5})/cfg([A-Fa-f0-9]{12}).xml$" /app/provision/?ext=$1;

	#aastra
	rewrite "^.*/provision/aastra.cfg$" /app/provision/?mac=$1&file=aastra.cfg;
	#rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.(cfg))?$" /app/provision/?mac=$1 last;

	#yealink common
	rewrite "^.*/provision/(y[0-9]{12})(\.cfg)?$" /app/provision/index.php?file=$1.cfg;
	#yealink mac
	rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.(xml|cfg))?$" /app/provision/index.php?mac=$1 last;

	#polycom
	rewrite "^.*/provision/000000000000.cfg$" "/app/provision/?mac=$1&file={%24mac}.cfg";
	#rewrite "^.*/provision/sip_330(\.(ld))$" /includes/firmware/sip_330.$2;
	rewrite "^.*/provision/features.cfg$" /app/provision/?mac=$1&file=features.cfg;
	rewrite "^.*/provision/([A-Fa-f0-9]{12})-sip.cfg$" /app/provision/?mac=$1&file=sip.cfg;
	rewrite "^.*/provision/([A-Fa-f0-9]{12})-phone.cfg$" /app/provision/?mac=$1;
	rewrite "^.*/provision/([A-Fa-f0-9]{12})-registration.cfg$" "/app/provision/?mac=$1&file={%24mac}-registration.cfg";
	rewrite "^.*/provision/([A-Fa-f0-9]{12})-directory.xml$" "/app/provision/?mac=$1&file={%24mac}-directory.xml";

	#cisco
	rewrite "^.*/provision/file/(.*\.(xml|cfg))" /app/provision/?file=$1 last;

	#escene
	rewrite "^.*/provision/([0-9]{1,11})_Extern.xml$"       "/app/provision/?ext=$1&file={%24mac}_extern.xml" last;
	rewrite "^.*/provision/([0-9]{1,11})_Phonebook.xml$" "/app/provision/?ext=$1&file={%24mac}_phonebook.xml" last;

	#vtech
	rewrite "^.*/provision/VCS754_([A-Fa-f0-9]{12})\.cfg$" /app/provision/?mac=$1;
	rewrite "^.*/provision/pb([A-Fa-f0-9-]{12,17})/directory\.xml$" /app/provision/?mac=$1&file=directory.xml;

	#digium
	rewrite "^.*/provision/([A-Fa-f0-9]{12})-contacts\.cfg$" "/app/provision/?mac=$1&file={%24mac}-contacts.cfg";
	rewrite "^.*/provision/([A-Fa-f0-9]{12})-smartblf\.cfg$" "/app/provision/?mac=$1&file={%24mac}-smartblf.cfg";

	#Snom
	rewrite "^.*/provision/.*-([A-Fa-f0-9]{12})\.?(cfg|htm)?$" /app/provision/index.php?mac=$1;
	rewrite "^.*/provision/C520-WiMi_([A-Fa-f0-9]{12})\.cfg$" /app/provision/index.php?mac=$1;
    rewrite "^.*/provision/([A-Fa-f0-9]{12})/directory\.xml$" /app/provision/?mac=$1&file=directory.xml;

	#nginx settings
	client_max_body_size 128M;
	client_body_buffer_size 128k;

	#http error handling
	error_page   500 502 503 504  /50x.html;
	location = /50x.html {
		root   /usr/local/www/nginx-dist;
	}

	#pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
	location ~ \.php$ {
		fastcgi_pass   127.0.0.1:9000;
		fastcgi_index  index.php;
		fastcgi_param  SCRIPT_FILENAME  /usr/local/www/fusionpbx$fastcgi_script_name;
		include        fastcgi_params;
	}

	#disable viewing of .htaccess, htpassword, .db, and .git
	location ~ /\.htaccess {
		deny  all;
	}
	location ~ .htpassword {
		deny all;
	}
	location ~^.+.(db)$ {
		deny all;
	}
	location ~ /\.git {
		deny all;
	}
	location ~ /\. {
		deny all;
	}

}