Major website overhaul
This commit is contained in:
Marwolf
@@ -1,4 +1,4 @@
|
||||
# Nginx configuration for HTTPS only
|
||||
# Nginx configuration for HTTPS
|
||||
|
||||
server_tokens off;
|
||||
add_header X-XSS-Protection "1; mode=block";
|
||||
@@ -8,6 +8,10 @@ upstream dev_tomcat_1 {
|
||||
server tomcat;
|
||||
}
|
||||
|
||||
upstream dev_ghost_1 {
|
||||
server ghost:2368;
|
||||
}
|
||||
|
||||
# HTTP
|
||||
server {
|
||||
listen 80 default_server;
|
||||
@@ -22,7 +26,7 @@ server {
|
||||
error_log /var/log/nginx/error.log;
|
||||
access_log /var/log/nginx/access.log;
|
||||
root /var/www/html/public;
|
||||
index index.php index.html index.htm index.jsp;
|
||||
index index.html index.htm index.jsp;
|
||||
|
||||
# Redirect all requests to HTTPS on :443
|
||||
location / {
|
||||
@@ -30,19 +34,16 @@ server {
|
||||
}
|
||||
|
||||
####### Proxies #######
|
||||
# PHP proxy
|
||||
location ~ \.php$ {
|
||||
try_files $uri =404;
|
||||
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||
fastcgi_pass php:9000;
|
||||
fastcgi_index index.php;
|
||||
include fastcgi_params;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||
# Ghost proxy
|
||||
location ~ {
|
||||
proxy_set_header X-Forwarded-Host $host;
|
||||
proxy_set_header X-Forwarded-Server $host;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_pass http://ghost:2368;
|
||||
}
|
||||
|
||||
# Tomcat proxy
|
||||
location ~ \.(do|jspa|obr|jsp) {
|
||||
location ~ \.(do|jspa|obr|jsp|txt|zip) {
|
||||
proxy_set_header X-Forwarded-Host $host;
|
||||
proxy_set_header X-Forwarded-Server $host;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
@@ -61,7 +62,7 @@ server {
|
||||
}
|
||||
|
||||
# Deny access to version control system directories.
|
||||
location ~ /\.svn|/\.git {
|
||||
location ~ /\.git {
|
||||
deny all;
|
||||
internal;
|
||||
}
|
||||
@@ -71,32 +72,6 @@ server {
|
||||
allow all;
|
||||
root /data/letsencrypt/;
|
||||
}
|
||||
|
||||
####### PHPBB Forum #######
|
||||
# PHPBB forum
|
||||
location /board {
|
||||
index index.php index.html index.htm;
|
||||
try_files $uri $uri/ @rewriteapp;
|
||||
}
|
||||
|
||||
# PHPBB installer rewrite
|
||||
location /install/ {
|
||||
try_files $uri $uri/ @rewrite_installapp;
|
||||
}
|
||||
|
||||
location @rewriteapp {
|
||||
rewrite ^(.*)$ /app.php/$1 last;
|
||||
}
|
||||
|
||||
# Deny access to internal phpbb files.
|
||||
location ~ /board(config\.php|common\.php|files|images/avatars/upload|includes|(?<!ext/)phpbb|store|vendor) {
|
||||
deny all;
|
||||
internal;
|
||||
}
|
||||
|
||||
location @rewrite_installapp {
|
||||
rewrite ^(.*)$ /board/install/app.php/$1 last;
|
||||
}
|
||||
}
|
||||
|
||||
# HTTPS
|
||||
@@ -122,19 +97,16 @@ server {
|
||||
root /var/www/html/public;
|
||||
|
||||
####### Proxies #######
|
||||
# PHP proxy
|
||||
location ~ \.php$ {
|
||||
try_files $uri =404;
|
||||
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||
fastcgi_pass php:9000;
|
||||
fastcgi_index index.php;
|
||||
include fastcgi_params;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||
# Ghost proxy
|
||||
location ~ {
|
||||
proxy_set_header X-Forwarded-Host $host;
|
||||
proxy_set_header X-Forwarded-Server $host;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_pass http://ghost:2368;
|
||||
}
|
||||
|
||||
# Tomcat proxy
|
||||
location ~ \.(do|jspa|obr|jsp) {
|
||||
location ~ \.(do|jspa|obr|jsp|txt|zip) {
|
||||
proxy_set_header X-Forwarded-Host $host;
|
||||
proxy_set_header X-Forwarded-Server $host;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
@@ -158,7 +130,7 @@ server {
|
||||
}
|
||||
|
||||
# Deny access to version control system directories.
|
||||
location ~ /\.svn|/\.git {
|
||||
location ~ /\.git {
|
||||
deny all;
|
||||
internal;
|
||||
}
|
||||
@@ -168,31 +140,4 @@ server {
|
||||
allow all;
|
||||
root /data/letsencrypt/;
|
||||
}
|
||||
|
||||
####### PHPBB Forum #######
|
||||
# PHPBB forum
|
||||
location /board {
|
||||
index index.php index.html index.htm;
|
||||
try_files $uri $uri/ @rewriteapp;
|
||||
}
|
||||
|
||||
# PHPBB installer rewrite
|
||||
location /install/ {
|
||||
try_files $uri $uri/ @rewrite_installapp;
|
||||
}
|
||||
|
||||
location @rewriteapp {
|
||||
rewrite ^(.*)$ /app.php/$1 last;
|
||||
}
|
||||
|
||||
# Deny access to internal phpbb files.
|
||||
location ~ /board(config\.php|common\.php|files|images/avatars/upload|includes|(?<!ext/)phpbb|store|vendor) {
|
||||
deny all;
|
||||
internal;
|
||||
}
|
||||
|
||||
location @rewrite_installapp {
|
||||
rewrite ^(.*)$ /board/install/app.php/$1 last;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
# Nginx configuration
|
||||
# Nginx configuration for HTTP
|
||||
|
||||
server_tokens off;
|
||||
add_header X-XSS-Protection "1; mode=block";
|
||||
@@ -8,7 +8,11 @@ upstream dev_tomcat_1 {
|
||||
server tomcat;
|
||||
}
|
||||
|
||||
# Website and PHPBB forum over HTTP
|
||||
upstream dev_ghost_1 {
|
||||
server ghost:2368;
|
||||
}
|
||||
|
||||
# HTTP
|
||||
server {
|
||||
listen 80 default_server;
|
||||
listen [::]:80 default_server;
|
||||
@@ -22,124 +26,45 @@ server {
|
||||
error_log /var/log/nginx/error.log;
|
||||
access_log /var/log/nginx/access.log;
|
||||
root /var/www/html/public;
|
||||
index index.php index.html index.htm index.jsp;
|
||||
index index.html index.htm index.jsp;
|
||||
|
||||
location ~ /\.ht {
|
||||
deny all;
|
||||
####### Proxies #######
|
||||
# Ghost proxy
|
||||
location ~ {
|
||||
proxy_set_header X-Forwarded-Host $host;
|
||||
proxy_set_header X-Forwarded-Server $host;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_pass http://ghost:2368;
|
||||
}
|
||||
|
||||
# Block empty folder access
|
||||
location / {
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
|
||||
# Instructs visitor browser to cache files for 1 month
|
||||
location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
|
||||
expires 1M;
|
||||
}
|
||||
|
||||
# Tomcat
|
||||
location ~ \.(do|jspa|obr|jsp) {
|
||||
# Tomcat proxy
|
||||
location ~ \.(do|jspa|obr|jsp|txt|zip) {
|
||||
proxy_set_header X-Forwarded-Host $host;
|
||||
proxy_set_header X-Forwarded-Server $host;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_pass http://tomcat:8082;
|
||||
}
|
||||
|
||||
# PHPBB forum
|
||||
location /board {
|
||||
index index.php index.html index.htm;
|
||||
try_files $uri $uri/ @rewriteapp;
|
||||
}
|
||||
|
||||
location @rewriteapp {
|
||||
rewrite ^(.*)$ /app.php/$1 last;
|
||||
}
|
||||
|
||||
# Deny access to internal phpbb files.
|
||||
location ~ /board(config\.php|common\.php|files|images/avatars/upload|includes|(?<!ext/)phpbb|store|vendor) {
|
||||
####### Protections and efficiencies #######
|
||||
# Deny access to files beginning with .ht, such as .htaccess and .htpasswd
|
||||
location ~ /\.ht {
|
||||
deny all;
|
||||
internal;
|
||||
}
|
||||
|
||||
# Pass the php scripts to fastcgi server specified in upstream declaration.
|
||||
location ~ \.php(/|$) {
|
||||
try_files $uri =404;
|
||||
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||
fastcgi_pass php:9000;
|
||||
fastcgi_index index.php;
|
||||
include fastcgi_params;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||
}
|
||||
|
||||
# Correctly pass scripts for PHPBB installer usage
|
||||
location /install/ {
|
||||
try_files $uri $uri/ @rewrite_installapp;
|
||||
|
||||
location ~ \.php(/|$) {
|
||||
try_files $uri =404;
|
||||
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||
fastcgi_pass php:9000;
|
||||
fastcgi_index index.php;
|
||||
include fastcgi_params;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||
}
|
||||
}
|
||||
|
||||
location @rewrite_installapp {
|
||||
rewrite ^(.*)$ /board/install/app.php/$1 last;
|
||||
# Instructs visitor browser to cache files for 1 month
|
||||
location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
|
||||
expires 1M;
|
||||
}
|
||||
|
||||
# Deny access to version control system directories.
|
||||
location ~ /\.svn|/\.git {
|
||||
location ~ /\.git {
|
||||
deny all;
|
||||
internal;
|
||||
}
|
||||
|
||||
# # Redirect to HTTPS
|
||||
# location / {
|
||||
# rewrite ^ https://$host$request_uri? permanent;
|
||||
# }
|
||||
|
||||
# # Certbot for HTTPS cert renewal
|
||||
# location ^~ /.well-known {
|
||||
# allow all;
|
||||
# root /data/letsencrypt/;
|
||||
# }
|
||||
# Certbot for HTTPS cert renewal
|
||||
location ^~ /.well-known {
|
||||
allow all;
|
||||
root /data/letsencrypt/;
|
||||
}
|
||||
}
|
||||
|
||||
#HTTPS
|
||||
#server {
|
||||
# listen 443 ssl http2;
|
||||
# listen [::]:443 ssl http2;
|
||||
# server_name localhost;
|
||||
# ssl on;
|
||||
# add_header Strict-Transport-Security "max-age=31536000" always;
|
||||
# ssl_session_cache shared:SSL:20m;
|
||||
# ssl_session_timeout 10m;
|
||||
# ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
||||
# ssl_prefer_server_ciphers on;
|
||||
# ssl_ciphers "ECDH+AESGCM:ECDH+AES256:ECDH+AES128:!ADH:!AECDH:!MD5;";
|
||||
# ssl_stapling on;
|
||||
# ssl_stapling_verify on;
|
||||
# resolver 8.8.8.8 1.1.1.1;
|
||||
# ssl_certificate /etc/letsencrypt/live/openrsc.com/fullchain.pem;
|
||||
# ssl_certificate_key /etc/letsencrypt/live/openrsc.com/privkey.pem;
|
||||
# ssl_trusted_certificate /etc/letsencrypt/live/openrsc.com/chain.pem;
|
||||
# index index.php index.html index.jsp;
|
||||
# error_log /var/log/nginx/error.log;
|
||||
# access_log /var/log/nginx/access.log;
|
||||
# root /var/www/html/public;
|
||||
|
||||
# location ~ \.php$ {
|
||||
# try_files $uri =404;
|
||||
# fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||
# fastcgi_pass php:9000;
|
||||
# fastcgi_index index.php;
|
||||
# include fastcgi_params;
|
||||
# fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
# fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||
# }
|
||||
#}
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
# Nginx configuration for HTTP only
|
||||
# Nginx configuration for HTTP
|
||||
|
||||
server_tokens off;
|
||||
add_header X-XSS-Protection "1; mode=block";
|
||||
@@ -8,6 +8,10 @@ upstream dev_tomcat_1 {
|
||||
server tomcat;
|
||||
}
|
||||
|
||||
upstream dev_ghost_1 {
|
||||
server ghost:2368;
|
||||
}
|
||||
|
||||
# HTTP
|
||||
server {
|
||||
listen 80 default_server;
|
||||
@@ -22,22 +26,19 @@ server {
|
||||
error_log /var/log/nginx/error.log;
|
||||
access_log /var/log/nginx/access.log;
|
||||
root /var/www/html/public;
|
||||
index index.php index.html index.htm index.jsp;
|
||||
index index.html index.htm index.jsp;
|
||||
|
||||
####### Proxies #######
|
||||
# PHP proxy
|
||||
location ~ \.php$ {
|
||||
try_files $uri =404;
|
||||
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||
fastcgi_pass php:9000;
|
||||
fastcgi_index index.php;
|
||||
include fastcgi_params;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||
# Ghost proxy
|
||||
location ~ {
|
||||
proxy_set_header X-Forwarded-Host $host;
|
||||
proxy_set_header X-Forwarded-Server $host;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_pass http://ghost:2368;
|
||||
}
|
||||
|
||||
# Tomcat proxy
|
||||
location ~ \.(do|jspa|obr|jsp) {
|
||||
location ~ \.(do|jspa|obr|jsp|txt|zip) {
|
||||
proxy_set_header X-Forwarded-Host $host;
|
||||
proxy_set_header X-Forwarded-Server $host;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
@@ -56,7 +57,7 @@ server {
|
||||
}
|
||||
|
||||
# Deny access to version control system directories.
|
||||
location ~ /\.svn|/\.git {
|
||||
location ~ /\.git {
|
||||
deny all;
|
||||
internal;
|
||||
}
|
||||
@@ -66,30 +67,4 @@ server {
|
||||
allow all;
|
||||
root /data/letsencrypt/;
|
||||
}
|
||||
|
||||
####### PHPBB Forum #######
|
||||
# PHPBB forum
|
||||
location /board {
|
||||
index index.php index.html index.htm;
|
||||
try_files $uri $uri/ @rewriteapp;
|
||||
}
|
||||
|
||||
# PHPBB installer rewrite
|
||||
location /install/ {
|
||||
try_files $uri $uri/ @rewrite_installapp;
|
||||
}
|
||||
|
||||
location @rewriteapp {
|
||||
rewrite ^(.*)$ /app.php/$1 last;
|
||||
}
|
||||
|
||||
# Deny access to internal phpbb files.
|
||||
location ~ /board(config\.php|common\.php|files|images/avatars/upload|includes|(?<!ext/)phpbb|store|vendor) {
|
||||
deny all;
|
||||
internal;
|
||||
}
|
||||
|
||||
location @rewrite_installapp {
|
||||
rewrite ^(.*)$ /board/install/app.php/$1 last;
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user