Nginx config updates
This commit is contained in:
Marwolf
@@ -1,14 +1,23 @@
|
||||
# Nginx configuration
|
||||
|
||||
server_tokens off;
|
||||
add_header X-XSS-Protection "1; mode=block";
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
|
||||
server {
|
||||
listen 80 default_server;
|
||||
listen [::]:80 default_server;
|
||||
gzip on;
|
||||
gzip_static on;
|
||||
gzip_vary on;
|
||||
gzip_http_version 1.1;
|
||||
gzip_min_length 700;
|
||||
gzip_comp_level 6;
|
||||
server_name localhost;
|
||||
|
||||
index index.php index.html;
|
||||
error_log /var/log/nginx/error.log;
|
||||
access_log /var/log/nginx/access.log;
|
||||
root /var/www/html/public;
|
||||
index index.php index.html index.htm;
|
||||
|
||||
location ~ \.php$ {
|
||||
try_files $uri =404;
|
||||
@@ -19,6 +28,68 @@ server {
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||
}
|
||||
|
||||
location ~ /\.ht {
|
||||
deny all;
|
||||
}
|
||||
|
||||
location /downloads {
|
||||
autoindex on;
|
||||
autoindex_exact_size off;
|
||||
}
|
||||
|
||||
location /board {
|
||||
index index.php index.html index.htm;
|
||||
try_files $uri $uri/ @rewriteapp;
|
||||
}
|
||||
|
||||
location @rewriteapp {
|
||||
rewrite ^(.*)$ /app.php/$1 last;
|
||||
}
|
||||
|
||||
# Deny access to internal phpbb files.
|
||||
location ~ /board(config\.php|common\.php|files|images/avatars/upload|includes|(?<!ext/)phpbb|store|vendor) {
|
||||
deny all;
|
||||
# deny was ignored before 0.8.40 for connections over IPv6.
|
||||
# Use internal directive to prohibit access on older versions.
|
||||
internal;
|
||||
}
|
||||
|
||||
# Pass the php scripts to fastcgi server specified in upstream declaration.
|
||||
location ~ \.php(/|$) {
|
||||
try_files $uri =404;
|
||||
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||
fastcgi_pass php:9000;
|
||||
fastcgi_index index.php;
|
||||
include fastcgi_params;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||
}
|
||||
|
||||
# Correctly pass scripts for installer
|
||||
location /install/ {
|
||||
try_files $uri $uri/ @rewrite_installapp;
|
||||
|
||||
location ~ \.php(/|$) {
|
||||
try_files $uri =404;
|
||||
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||
fastcgi_pass php:9000;
|
||||
fastcgi_index index.php;
|
||||
include fastcgi_params;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||
}
|
||||
}
|
||||
|
||||
location @rewrite_installapp {
|
||||
rewrite ^(.*)$ /board/install/app.php/$1 last;
|
||||
}
|
||||
|
||||
# Deny access to version control system directories.
|
||||
location ~ /\.svn|/\.git {
|
||||
deny all;
|
||||
internal;
|
||||
}
|
||||
}
|
||||
|
||||
# server { #SSL configuration below
|
||||
|
||||
@@ -1,14 +1,23 @@
|
||||
# Nginx configuration
|
||||
|
||||
server_tokens off;
|
||||
add_header X-XSS-Protection "1; mode=block";
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
|
||||
server {
|
||||
listen 80 default_server;
|
||||
listen [::]:80 default_server;
|
||||
gzip on;
|
||||
gzip_static on;
|
||||
gzip_vary on;
|
||||
gzip_http_version 1.1;
|
||||
gzip_min_length 700;
|
||||
gzip_comp_level 6;
|
||||
server_name ${NGINX_HOST};
|
||||
|
||||
index index.php index.html;
|
||||
error_log /var/log/nginx/error.log;
|
||||
access_log /var/log/nginx/access.log;
|
||||
root /var/www/html/public;
|
||||
index index.php index.html index.htm;
|
||||
|
||||
location ~ \.php$ {
|
||||
try_files $uri =404;
|
||||
@@ -19,6 +28,68 @@ server {
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||
}
|
||||
|
||||
location ~ /\.ht {
|
||||
deny all;
|
||||
}
|
||||
|
||||
location /downloads {
|
||||
autoindex on;
|
||||
autoindex_exact_size off;
|
||||
}
|
||||
|
||||
location /board {
|
||||
index index.php index.html index.htm;
|
||||
try_files $uri $uri/ @rewriteapp;
|
||||
}
|
||||
|
||||
location @rewriteapp {
|
||||
rewrite ^(.*)$ /app.php/$1 last;
|
||||
}
|
||||
|
||||
# Deny access to internal phpbb files.
|
||||
location ~ /board(config\.php|common\.php|files|images/avatars/upload|includes|(?<!ext/)phpbb|store|vendor) {
|
||||
deny all;
|
||||
# deny was ignored before 0.8.40 for connections over IPv6.
|
||||
# Use internal directive to prohibit access on older versions.
|
||||
internal;
|
||||
}
|
||||
|
||||
# Pass the php scripts to fastcgi server specified in upstream declaration.
|
||||
location ~ \.php(/|$) {
|
||||
try_files $uri =404;
|
||||
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||
fastcgi_pass php:9000;
|
||||
fastcgi_index index.php;
|
||||
include fastcgi_params;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||
}
|
||||
|
||||
# Correctly pass scripts for installer
|
||||
location /install/ {
|
||||
try_files $uri $uri/ @rewrite_installapp;
|
||||
|
||||
location ~ \.php(/|$) {
|
||||
try_files $uri =404;
|
||||
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||
fastcgi_pass php:9000;
|
||||
fastcgi_index index.php;
|
||||
include fastcgi_params;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||
}
|
||||
}
|
||||
|
||||
location @rewrite_installapp {
|
||||
rewrite ^(.*)$ /board/install/app.php/$1 last;
|
||||
}
|
||||
|
||||
# Deny access to version control system directories.
|
||||
location ~ /\.svn|/\.git {
|
||||
deny all;
|
||||
internal;
|
||||
}
|
||||
}
|
||||
|
||||
# server { #SSL configuration below
|
||||
|
||||
Reference in New Issue
Block a user