Merge remote-tracking branch 'origin/master' into develop
This commit is contained in:
commit
23333102e2
|
@ -29,7 +29,7 @@ location ~* \.(?:css(\.map)?|js(\.map)?)$ {
|
|||
}
|
||||
# Security settings for better privacy
|
||||
# Deny hidden files
|
||||
location ~ /\. {
|
||||
location ~ /\.(?!well-known\/) {
|
||||
deny all;
|
||||
}
|
||||
# Use the directory /var/www/html to valide acme-challenge
|
||||
|
@ -114,18 +114,3 @@ location ~ ^/(status|ping)$ {
|
|||
include common/acl.conf;
|
||||
fastcgi_pass php7;
|
||||
}
|
||||
# EasyEngine (ee) utilities
|
||||
# phpMyAdmin settings
|
||||
location = /pma {
|
||||
return 301 https://$host:22222/db/pma;
|
||||
}
|
||||
location = /phpMyAdmin {
|
||||
return 301 https://$host:22222/db/pma;
|
||||
}
|
||||
location = /phpmyadmin {
|
||||
return 301 https://$host:22222/db/pma;
|
||||
}
|
||||
# Adminer settings
|
||||
location = /adminer {
|
||||
return 301 https://$host:22222/db/adminer;
|
||||
}
|
||||
|
|
|
@ -31,17 +31,17 @@ location ~* \.(?:css(\.map)?|js(\.map)?)$
|
|||
}
|
||||
# Security settings for better privacy
|
||||
# Deny hidden files
|
||||
location ~ /\. {
|
||||
deny all;
|
||||
location ~ /\.(?!well-known\/) {
|
||||
deny all;
|
||||
}
|
||||
# Use the directory /var/www/html to valide acme-challenge
|
||||
# just create the sub-directories .well-known/acme-challenge and set www-data as owner
|
||||
# #
|
||||
# chown -R www-data:www-data /var/www/html && sudo -u www-data mkdir -p /var/www/html/.well-known/acme-challenge
|
||||
# #
|
||||
location /.well-known/acme-challenge/ {
|
||||
alias /var/www/html/.well-known/acme-challenge/;
|
||||
}
|
||||
# just create the sub-directories .well-known/acme-challenge
|
||||
####
|
||||
# sudo chown -R www-data:www-data /var/www/html && sudo -u www-data mkdir -p /var/www/html/.well-known/acme-challenge
|
||||
####
|
||||
# location /.well-known/acme-challenge/ {
|
||||
# alias /var/www/html/.well-known/acme-challenge/;
|
||||
# }
|
||||
# Return 403 forbidden for readme.(txt|html) or license.(txt|html) or example.(txt|html) or other common git repository files
|
||||
location ~* "/(^$|readme|license|example|README|changelog)\.(txt|html|md)" {
|
||||
deny all;
|
||||
|
@ -116,18 +116,3 @@ location ~ ^/(status|ping) {
|
|||
fastcgi_pass php71;
|
||||
include common/acl.conf;
|
||||
}
|
||||
# EasyEngine (ee) utilities
|
||||
# phpMyAdmin settings
|
||||
location /pma {
|
||||
return 301 https://$host:22222/db/pma;
|
||||
}
|
||||
location /phpMyAdmin {
|
||||
return 301 https://$host:22222/db/pma;
|
||||
}
|
||||
location /phpmyadmin {
|
||||
return 301 https://$host:22222/db/pma;
|
||||
}
|
||||
# Adminer settings
|
||||
location /adminer {
|
||||
return 301 https://$host:22222/db/adminer;
|
||||
}
|
||||
|
|
|
@ -35,17 +35,17 @@ location ~* \.(?:css(\.map)?|js(\.map)?)$ {
|
|||
}
|
||||
# Security settings for better privacy
|
||||
# Deny hidden files
|
||||
location ~ /\. {
|
||||
location ~ /\.(?!well-known\/) {
|
||||
deny all;
|
||||
}
|
||||
# Use the directory /var/www/html to valide acme-challenge
|
||||
# just create the sub-directories .well-known/acme-challenge and set www-data as owner
|
||||
# #
|
||||
# chown -R www-data:www-data /var/www/html && sudo -u www-data mkdir -p /var/www/html/.well-known/acme-challenge
|
||||
# #
|
||||
location /.well-known/acme-challenge/ {
|
||||
alias /var/www/html/.well-known/acme-challenge/;
|
||||
}
|
||||
# just create the sub-directories .well-known/acme-challenge
|
||||
####
|
||||
# sudo chown -R www-data:www-data /var/www/html && sudo -u www-data mkdir -p /var/www/html/.well-known/acme-challenge
|
||||
####
|
||||
# location /.well-known/acme-challenge/ {
|
||||
# alias /var/www/html/.well-known/acme-challenge/;
|
||||
# }
|
||||
# Return 403 forbidden for readme.(txt|html) or license.(txt|html) or example.(txt|html) or other common git repository files
|
||||
location ~* "/(^$|readme|license|example|README|LEGALNOTICE|INSTALLATION|CHANGELOG)\.(txt|html|md)" {
|
||||
deny all;
|
||||
|
@ -120,18 +120,3 @@ location ~ ^/(status|ping) {
|
|||
include common/acl.conf;
|
||||
fastcgi_pass php72;
|
||||
}
|
||||
# EasyEngine (ee) utilities
|
||||
# phpMyAdmin settings
|
||||
location /pma {
|
||||
return 301 https://$host:22222/db/pma;
|
||||
}
|
||||
location /phpMyAdmin {
|
||||
return 301 https://$host:22222/db/pma;
|
||||
}
|
||||
location /phpmyadmin {
|
||||
return 301 https://$host:22222/db/pma;
|
||||
}
|
||||
# Adminer settings
|
||||
location /adminer {
|
||||
return 301 https://$host:22222/db/adminer;
|
||||
}
|
||||
|
|
|
@ -0,0 +1,112 @@
|
|||
# NGINX CONFIGURATION FOR COMMON LOCATION
|
||||
# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee)
|
||||
# Basic locations files
|
||||
location = /favicon.ico {
|
||||
access_log off;
|
||||
log_not_found off;
|
||||
expires max;
|
||||
}
|
||||
location = /robots.txt {
|
||||
# Some WordPress plugin gererate robots.txt file
|
||||
# Refer #340 issue
|
||||
try_files $uri $uri/ /index.php?$args;
|
||||
access_log off;
|
||||
log_not_found off;
|
||||
}
|
||||
# Cache static files
|
||||
location ~* \.(ogg|ogv|svg|svgz|eot|otf|woff|m4a|mp4|ttf|rss|atom|jpe?g|gif|cur|heic|png|tiff|ico|zip|webm|mp3|aac|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf|swf|webp)$ {
|
||||
add_header "Access-Control-Allow-Origin" "*";
|
||||
access_log off;
|
||||
log_not_found off;
|
||||
expires max;
|
||||
}
|
||||
# Cache css & js files
|
||||
location ~* \.(?:css(\.map)?|js(\.map)?)$ {
|
||||
add_header "Access-Control-Allow-Origin" "*";
|
||||
access_log off;
|
||||
log_not_found off;
|
||||
expires 30d;
|
||||
}
|
||||
# Security settings for better privacy
|
||||
# Deny hidden files
|
||||
location ~ /\.(?!well-known\/) {
|
||||
deny all;
|
||||
}
|
||||
# Use the directory /var/www/html to valide acme-challenge
|
||||
# just create the sub-directories .well-known/acme-challenge and set www-data as owner
|
||||
# #
|
||||
# chown -R www-data:www-data /var/www/html && sudo -u www-data mkdir -p /var/www/html/.well-known/acme-challenge
|
||||
# #
|
||||
location /.well-known/acme-challenge/ {
|
||||
alias /var/www/html/.well-known/acme-challenge/;
|
||||
}
|
||||
# Return 403 forbidden for readme.(txt|html) or license.(txt|html) or example.(txt|html) or other common git repository files
|
||||
location ~* "/(^$|readme|license|example|README|changelog)\.(txt|html|md)" {
|
||||
deny all;
|
||||
}
|
||||
# Deny backup extensions & log files and return 403 forbidden
|
||||
location ~* "\.(old|orig|original|php#|php~|php_bak|save|swo|aspx?|bash|bak?|cfg|cgi|dll|exe|git|hg|ini|jsp|log|mdb|out|sql|svn|swp|tar|rdf)$" {
|
||||
deny all;
|
||||
}
|
||||
# common nginx configuration to block sql injection and other attacks
|
||||
location ~* "(eval\()" {
|
||||
deny all;
|
||||
}
|
||||
location ~* "(127\.0\.0\.1)" {
|
||||
deny all;
|
||||
}
|
||||
location ~* "([a-z0-9]{2000})" {
|
||||
deny all;
|
||||
}
|
||||
location ~* "(javascript\:)(.*)(\;)" {
|
||||
deny all;
|
||||
}
|
||||
location ~* "(base64_encode)(.*)(\()" {
|
||||
deny all;
|
||||
}
|
||||
location ~* "(GLOBALS|REQUEST)(=|\[|%)" {
|
||||
deny all;
|
||||
}
|
||||
location ~* "(<|%3C).*script.*(>|%3)" {
|
||||
deny all;
|
||||
}
|
||||
location ~ "(\\|\.\.\.|\.\./|~|`|<|>|\|)" {
|
||||
deny all;
|
||||
}
|
||||
location ~* "(boot\.ini|etc/passwd|self/environ)" {
|
||||
deny all;
|
||||
}
|
||||
location ~* "(thumbs?(_editor|open)?|tim(thumb)?)\.php" {
|
||||
deny all;
|
||||
}
|
||||
location ~* "(\'|\")(.*)(drop|insert|md5|select|union)" {
|
||||
deny all;
|
||||
}
|
||||
location ~* "(https?|ftp|php):/" {
|
||||
deny all;
|
||||
}
|
||||
location ~* "(=\\\'|=\\%27|/\\\'/?)\." {
|
||||
deny all;
|
||||
}
|
||||
location ~ "(\{0\}|\(/\(|\.\.\.|\+\+\+|\\\"\\\")" {
|
||||
deny all;
|
||||
}
|
||||
location ~ "(~|`|<|>|:|;|%|\\|\s|\{|\}|\[|\]|\|)" {
|
||||
deny all;
|
||||
}
|
||||
location ~* "/(=|\$&|_mm|(wp-)?config\.|cgi-|etc/passwd|muieblack)" {
|
||||
deny all;
|
||||
}
|
||||
location ~* "(&pws=0|_vti_|\(null\)|\{\$itemURL\}|echo(.*)kae|etc/passwd|eval\(|self/environ)" {
|
||||
deny all;
|
||||
}
|
||||
location ~* "/(^$|mobiquo|phpinfo|shell|sqlpatch|thumb|thumb_editor|thumbopen|timthumb|webshell)\.php" {
|
||||
deny all;
|
||||
}
|
||||
# Status pages
|
||||
location = /nginx_status {
|
||||
stub_status on;
|
||||
access_log off;
|
||||
include common/acl.conf;
|
||||
}
|
||||
|
|
@ -1,40 +0,0 @@
|
|||
map $http_x_requested_with $http_request_cache {
|
||||
default 0;
|
||||
XMLHttpRequest 1;
|
||||
}
|
||||
|
||||
map $http_cookie $cookie_cache {
|
||||
default 0;
|
||||
~*wordpress_[a-f0-9]+ 1;
|
||||
wp-postpass 1;
|
||||
wordpress_logged_in 1;
|
||||
wordpress_no_cache 1;
|
||||
comment_author 1;
|
||||
}
|
||||
|
||||
map $request_uri $uri_cache {
|
||||
default 0;
|
||||
~*\/wp-admin\/.* 1;
|
||||
~*\/wp-[a-zA-Z0-9-]+\.php 1;
|
||||
~*\/feed\/.* 1;
|
||||
~*\/index.php.* 1;
|
||||
~*\.*sitemap.*\.xml* 1;
|
||||
~*\/xmlrpc.php 1;
|
||||
}
|
||||
|
||||
map $request_method $request_cache {
|
||||
default 0;
|
||||
POST 1; #no caching on post
|
||||
}
|
||||
|
||||
map $query_string $query_cache {
|
||||
default 1;
|
||||
"" 0;
|
||||
}
|
||||
|
||||
map $http_request_cache$cookie_cache$uri_cache$request_cache$query_cache $skip_cache {
|
||||
default 1;
|
||||
00000 0;
|
||||
}
|
||||
|
||||
|
|
@ -0,0 +1,42 @@
|
|||
map $http_x_requested_with $http_request_no_cache {
|
||||
default 0;
|
||||
XMLHttpRequest 1;
|
||||
}
|
||||
map $http_cookie $cookie_no_cache {
|
||||
default 0;
|
||||
"~*wordpress_[a-f0-9]+" 1;
|
||||
"~*wp-postpass" 1;
|
||||
"~*wordpress_logged_in" 1;
|
||||
"~*wordpress_no_cache" 1;
|
||||
"~*comment_author" 1;
|
||||
"~*woocommerce_items_in_cart" 1;
|
||||
"~*woocommerce_cart_hash" 1;
|
||||
"~*wptouch_switch_toogle" 1;
|
||||
"~*comment_author_email_" 1;
|
||||
}
|
||||
map $request_uri $uri_no_cache {
|
||||
default 0;
|
||||
"~*/wp-admin/" 1;
|
||||
"~*/wp-[a-zA-Z0-9-]+.php" 1;
|
||||
"~*/feed/" 1;
|
||||
"~*/index.php" 1;
|
||||
"~*/[a-z0-9_-]+-sitemap([0-9]+)?.xml" 1;
|
||||
"~*/sitemap(_index)?.xml" 1;
|
||||
"~*/wp-comments-popup.php" 1;
|
||||
"~*/wp-links-opml.php" 1;
|
||||
"~*/wp-locations.php" 1;
|
||||
"~*/wp-.*.php" 1;
|
||||
"~*/xmlrpc.php" 1;
|
||||
"~*/wp-app.php" 1;
|
||||
"~*/wp-login.php" 1;
|
||||
"~*/wp-register.php" 1;
|
||||
"~*/wp-mail.php" 1;
|
||||
}
|
||||
map $query_string $query_no_cache {
|
||||
default 1;
|
||||
"" 0;
|
||||
}
|
||||
map $http_request_no_cache$cookie_no_cache$uri_no_cache$query_no_cache $skip_cache {
|
||||
default 1;
|
||||
0000 0;
|
||||
}
|
|
@ -35,13 +35,13 @@ location ~ /\.(?!well-known\/) {
|
|||
deny all;
|
||||
}
|
||||
# Use the directory /var/www/html to valide acme-challenge
|
||||
# just create the sub-directories .well-known/acme-challenge and set www-data as owner
|
||||
# #
|
||||
# chown -R www-data:www-data /var/www/html && sudo -u www-data mkdir -p /var/www/html/.well-known/acme-challenge
|
||||
# #
|
||||
location /.well-known/acme-challenge/ {
|
||||
alias /var/www/html/.well-known/acme-challenge/;
|
||||
}
|
||||
# just create the sub-directories .well-known/acme-challenge
|
||||
####
|
||||
# sudo chown -R www-data:www-data /var/www/html && sudo -u www-data mkdir -p /var/www/html/.well-known/acme-challenge
|
||||
####
|
||||
# location /.well-known/acme-challenge/ {
|
||||
# alias /var/www/html/.well-known/acme-challenge/;
|
||||
# }
|
||||
# Return 403 forbidden for readme.(txt|html) or license.(txt|html) or example.(txt|html) or other common git repository files
|
||||
location ~* "/(^$|readme|license|example|README|changelog)\.(txt|html|md)" {
|
||||
deny all;
|
||||
|
|
|
@ -39,13 +39,13 @@ location ~ /\.(?!well-known\/) {
|
|||
deny all;
|
||||
}
|
||||
# Use the directory /var/www/html to valide acme-challenge
|
||||
# just create the sub-directories .well-known/acme-challenge and set www-data as owner
|
||||
# #
|
||||
# chown -R www-data:www-data /var/www/html && sudo -u www-data mkdir -p /var/www/html/.well-known/acme-challenge
|
||||
# #
|
||||
location /.well-known/acme-challenge/ {
|
||||
alias /var/www/html/.well-known/acme-challenge/;
|
||||
}
|
||||
# just create the sub-directories .well-known/acme-challenge
|
||||
####
|
||||
# sudo chown -R www-data:www-data /var/www/html && sudo -u www-data mkdir -p /var/www/html/.well-known/acme-challenge
|
||||
####
|
||||
# location /.well-known/acme-challenge/ {
|
||||
# alias /var/www/html/.well-known/acme-challenge/;
|
||||
# }
|
||||
# Return 403 forbidden for readme.(txt|html) or license.(txt|html) or example.(txt|html) or other common git repository files
|
||||
location ~* "/(^$|readme|license|example|README|LEGALNOTICE|INSTALLATION|CHANGELOG)\.(txt|html|md)" {
|
||||
deny all;
|
||||
|
|
|
@ -0,0 +1,112 @@
|
|||
# NGINX CONFIGURATION FOR COMMON LOCATION
|
||||
# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee)
|
||||
# Basic locations files
|
||||
location = /favicon.ico {
|
||||
access_log off;
|
||||
log_not_found off;
|
||||
expires max;
|
||||
}
|
||||
location = /robots.txt {
|
||||
# Some WordPress plugin gererate robots.txt file
|
||||
# Refer #340 issue
|
||||
try_files $uri $uri/ /index.php?$args;
|
||||
access_log off;
|
||||
log_not_found off;
|
||||
}
|
||||
# Cache static files
|
||||
location ~* \.(ogg|ogv|svg|svgz|eot|otf|woff|m4a|mp4|ttf|rss|atom|jpe?g|gif|cur|heic|png|tiff|ico|zip|webm|mp3|aac|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf|swf|webp)$ {
|
||||
add_header "Access-Control-Allow-Origin" "*";
|
||||
access_log off;
|
||||
log_not_found off;
|
||||
expires max;
|
||||
}
|
||||
# Cache css & js files
|
||||
location ~* \.(?:css(\.map)?|js(\.map)?)$ {
|
||||
add_header "Access-Control-Allow-Origin" "*";
|
||||
access_log off;
|
||||
log_not_found off;
|
||||
expires 30d;
|
||||
}
|
||||
# Security settings for better privacy
|
||||
# Deny hidden files
|
||||
location ~ /\.(?!well-known\/) {
|
||||
deny all;
|
||||
}
|
||||
# Use the directory /var/www/html to valide acme-challenge
|
||||
# just create the sub-directories .well-known/acme-challenge and set www-data as owner
|
||||
# #
|
||||
# chown -R www-data:www-data /var/www/html && sudo -u www-data mkdir -p /var/www/html/.well-known/acme-challenge
|
||||
# #
|
||||
location /.well-known/acme-challenge/ {
|
||||
alias /var/www/html/.well-known/acme-challenge/;
|
||||
}
|
||||
# Return 403 forbidden for readme.(txt|html) or license.(txt|html) or example.(txt|html) or other common git repository files
|
||||
location ~* "/(^$|readme|license|example|README|changelog)\.(txt|html|md)" {
|
||||
deny all;
|
||||
}
|
||||
# Deny backup extensions & log files and return 403 forbidden
|
||||
location ~* "\.(old|orig|original|php#|php~|php_bak|save|swo|aspx?|bash|bak?|cfg|cgi|dll|exe|git|hg|ini|jsp|log|mdb|out|sql|svn|swp|tar|rdf)$" {
|
||||
deny all;
|
||||
}
|
||||
# common nginx configuration to block sql injection and other attacks
|
||||
location ~* "(eval\()" {
|
||||
deny all;
|
||||
}
|
||||
location ~* "(127\.0\.0\.1)" {
|
||||
deny all;
|
||||
}
|
||||
location ~* "([a-z0-9]{2000})" {
|
||||
deny all;
|
||||
}
|
||||
location ~* "(javascript\:)(.*)(\;)" {
|
||||
deny all;
|
||||
}
|
||||
location ~* "(base64_encode)(.*)(\()" {
|
||||
deny all;
|
||||
}
|
||||
location ~* "(GLOBALS|REQUEST)(=|\[|%)" {
|
||||
deny all;
|
||||
}
|
||||
location ~* "(<|%3C).*script.*(>|%3)" {
|
||||
deny all;
|
||||
}
|
||||
location ~ "(\\|\.\.\.|\.\./|~|`|<|>|\|)" {
|
||||
deny all;
|
||||
}
|
||||
location ~* "(boot\.ini|etc/passwd|self/environ)" {
|
||||
deny all;
|
||||
}
|
||||
location ~* "(thumbs?(_editor|open)?|tim(thumb)?)\.php" {
|
||||
deny all;
|
||||
}
|
||||
location ~* "(\'|\")(.*)(drop|insert|md5|select|union)" {
|
||||
deny all;
|
||||
}
|
||||
location ~* "(https?|ftp|php):/" {
|
||||
deny all;
|
||||
}
|
||||
location ~* "(=\\\'|=\\%27|/\\\'/?)\." {
|
||||
deny all;
|
||||
}
|
||||
location ~ "(\{0\}|\(/\(|\.\.\.|\+\+\+|\\\"\\\")" {
|
||||
deny all;
|
||||
}
|
||||
location ~ "(~|`|<|>|:|;|%|\\|\s|\{|\}|\[|\]|\|)" {
|
||||
deny all;
|
||||
}
|
||||
location ~* "/(=|\$&|_mm|(wp-)?config\.|cgi-|etc/passwd|muieblack)" {
|
||||
deny all;
|
||||
}
|
||||
location ~* "(&pws=0|_vti_|\(null\)|\{\$itemURL\}|echo(.*)kae|etc/passwd|eval\(|self/environ)" {
|
||||
deny all;
|
||||
}
|
||||
location ~* "/(^$|mobiquo|phpinfo|shell|sqlpatch|thumb|thumb_editor|thumbopen|timthumb|webshell)\.php" {
|
||||
deny all;
|
||||
}
|
||||
# Status pages
|
||||
location = /nginx_status {
|
||||
stub_status on;
|
||||
access_log off;
|
||||
include common/acl.conf;
|
||||
}
|
||||
|
|
@ -0,0 +1,42 @@
|
|||
map $http_x_requested_with $http_request_no_cache {
|
||||
default 0;
|
||||
XMLHttpRequest 1;
|
||||
}
|
||||
map $http_cookie $cookie_no_cache {
|
||||
default 0;
|
||||
"~*wordpress_[a-f0-9]+" 1;
|
||||
"~*wp-postpass" 1;
|
||||
"~*wordpress_logged_in" 1;
|
||||
"~*wordpress_no_cache" 1;
|
||||
"~*comment_author" 1;
|
||||
"~*woocommerce_items_in_cart" 1;
|
||||
"~*woocommerce_cart_hash" 1;
|
||||
"~*wptouch_switch_toogle" 1;
|
||||
"~*comment_author_email_" 1;
|
||||
}
|
||||
map $request_uri $uri_no_cache {
|
||||
default 0;
|
||||
"~*/wp-admin/" 1;
|
||||
"~*/wp-[a-zA-Z0-9-]+.php" 1;
|
||||
"~*/feed/" 1;
|
||||
"~*/index.php" 1;
|
||||
"~*/[a-z0-9_-]+-sitemap([0-9]+)?.xml" 1;
|
||||
"~*/sitemap(_index)?.xml" 1;
|
||||
"~*/wp-comments-popup.php" 1;
|
||||
"~*/wp-links-opml.php" 1;
|
||||
"~*/wp-locations.php" 1;
|
||||
"~*/wp-.*.php" 1;
|
||||
"~*/xmlrpc.php" 1;
|
||||
"~*/wp-app.php" 1;
|
||||
"~*/wp-login.php" 1;
|
||||
"~*/wp-register.php" 1;
|
||||
"~*/wp-mail.php" 1;
|
||||
}
|
||||
map $query_string $query_no_cache {
|
||||
default 1;
|
||||
"" 0;
|
||||
}
|
||||
map $http_request_no_cache$cookie_no_cache$uri_no_cache$query_no_cache $skip_cache {
|
||||
default 1;
|
||||
0000 0;
|
||||
}
|
Loading…
Reference in New Issue