H-O-O-T-S/Open-RSC-Docker-Home
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Nginx config updates

Browse Source
This commit is contained in:
Marwolf
2018-07-08 15:50:17 -04:00
parent 5c7a0062cc
commit a14bb019ed
2 changed files with 146 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

75
Website/etc/nginx/default.conf
View File

@@ -1,14 +1,23 @@
# Nginx configuration # Nginx configuration
server_tokens off;
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options nosniff;
server { server {
listen 80 default_server; listen 80 default_server;
listen [::]:80 default_server; listen [::]:80 default_server;
gzip on;
gzip_static on;
gzip_vary on;
gzip_http_version 1.1;
gzip_min_length 700;
gzip_comp_level 6;
server_name localhost; server_name localhost;
index index.php index.html;
error_log /var/log/nginx/error.log; error_log /var/log/nginx/error.log;
access_log /var/log/nginx/access.log; access_log /var/log/nginx/access.log;
root /var/www/html/public; root /var/www/html/public;
index index.php index.html index.htm;
location ~ \.php$ { location ~ \.php$ {
try_files $uri =404; try_files $uri =404;
@@ -19,6 +28,68 @@ server {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param PATH_INFO $fastcgi_path_info;
} }
location ~ /\.ht {
deny all;
}
location /downloads {
autoindex on;
autoindex_exact_size off;
}
location /board {
index index.php index.html index.htm;
try_files $uri $uri/ @rewriteapp;
}
location @rewriteapp {
rewrite ^(.*)$ /app.php/$1 last;
}
# Deny access to internal phpbb files.
location ~ /board(config\.php|common\.php|files|images/avatars/upload|includes|(?<!ext/)phpbb|store|vendor) {
deny all;
# deny was ignored before 0.8.40 for connections over IPv6.
# Use internal directive to prohibit access on older versions.
internal;
}
# Pass the php scripts to fastcgi server specified in upstream declaration.
location ~ \.php(/|$) {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass php:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
# Correctly pass scripts for installer
location /install/ {
try_files $uri $uri/ @rewrite_installapp;
location ~ \.php(/|$) {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass php:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
}
location @rewrite_installapp {
rewrite ^(.*)$ /board/install/app.php/$1 last;
}
# Deny access to version control system directories.
location ~ /\.svn|/\.git {
deny all;
internal;
}
} }
# server { #SSL configuration below # server { #SSL configuration below

75
Website/etc/nginx/default.template.conf
View File

@@ -1,14 +1,23 @@
# Nginx configuration # Nginx configuration
server_tokens off;
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options nosniff;
server { server {
listen 80 default_server; listen 80 default_server;
listen [::]:80 default_server; listen [::]:80 default_server;
gzip on;
gzip_static on;
gzip_vary on;
gzip_http_version 1.1;
gzip_min_length 700;
gzip_comp_level 6;
server_name ${NGINX_HOST}; server_name ${NGINX_HOST};
index index.php index.html;
error_log /var/log/nginx/error.log; error_log /var/log/nginx/error.log;
access_log /var/log/nginx/access.log; access_log /var/log/nginx/access.log;
root /var/www/html/public; root /var/www/html/public;
index index.php index.html index.htm;
location ~ \.php$ { location ~ \.php$ {
try_files $uri =404; try_files $uri =404;
@@ -19,6 +28,68 @@ server {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param PATH_INFO $fastcgi_path_info;
} }
location ~ /\.ht {
deny all;
}
location /downloads {
autoindex on;
autoindex_exact_size off;
}
location /board {
index index.php index.html index.htm;
try_files $uri $uri/ @rewriteapp;
}
location @rewriteapp {
rewrite ^(.*)$ /app.php/$1 last;
}
# Deny access to internal phpbb files.
location ~ /board(config\.php|common\.php|files|images/avatars/upload|includes|(?<!ext/)phpbb|store|vendor) {
deny all;
# deny was ignored before 0.8.40 for connections over IPv6.
# Use internal directive to prohibit access on older versions.
internal;
}
# Pass the php scripts to fastcgi server specified in upstream declaration.
location ~ \.php(/|$) {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass php:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
# Correctly pass scripts for installer
location /install/ {
try_files $uri $uri/ @rewrite_installapp;
location ~ \.php(/|$) {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass php:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
}
location @rewrite_installapp {
rewrite ^(.*)$ /board/install/app.php/$1 last;
}
# Deny access to version control system directories.
location ~ /\.svn|/\.git {
deny all;
internal;
}
} }
# server { #SSL configuration below # server { #SSL configuration below