add error pages and some config
This commit is contained in:
parent
a959d8ae84
commit
3f5ded0e9d
40
README.md
40
README.md
|
@ -5,7 +5,7 @@
|
|||
## Server Stack
|
||||
|
||||
- Ubuntu 16.04/18.04 LTS
|
||||
- Nginx 1.14.x
|
||||
- Nginx 1.15.x / 1.14.x
|
||||
- PHP-FPM 7/7.1/7.2
|
||||
- MariaDB 10.3
|
||||
- REDIS 4.0
|
||||
|
@ -25,7 +25,7 @@ Configuration files with comments and informations available by following the li
|
|||
#### System update and packages cleanup
|
||||
|
||||
```bash
|
||||
apt-get update && apt-get upgrade -y && apt-get autoremove -y && apt-get clean
|
||||
apt-get update && apt-get upgrade -y && apt-get autoremove --purge -y && apt-get clean
|
||||
```
|
||||
|
||||
#### Install useful packages
|
||||
|
@ -271,8 +271,9 @@ WARNING : SSH Configuration with root login allowed with ed25519 & ECDSA SSH key
|
|||
#### UFW
|
||||
|
||||
Instructions available in [VirtuBox Knowledgebase](https://kb.virtubox.net/knowledgebase/ufw-iptables-firewall-configuration-made-easier/)
|
||||
|
||||
```bash
|
||||
# enable ufw log - allow outgoing - deny incoming
|
||||
# enable ufw log - allow outgoing - deny incoming
|
||||
ufw logging low
|
||||
ufw default allow outgoing
|
||||
ufw default deny incoming
|
||||
|
@ -313,7 +314,7 @@ fail2ban-client reload
|
|||
#### Secure Memcached server
|
||||
|
||||
```bash
|
||||
echo '-U 0' >> /etc/memcached.conf
|
||||
echo '-U 0' >> /etc/memcached.conf
|
||||
sudo systemctl restart memcached
|
||||
```
|
||||
|
||||
|
@ -323,16 +324,14 @@ sudo systemctl restart memcached
|
|||
|
||||
[Github repository](https://virtubox.github.io/ee-acme-sh/) - Script to setup letsencrypt certificates using acme.sh on EasyEngine servers
|
||||
|
||||
|
||||
|
||||
* subdomain support
|
||||
* ivp6 support
|
||||
* wildcards certificates support
|
||||
|
||||
```bash
|
||||
wget -O install-ee-acme.sh https://raw.githubusercontent.com/VirtuBox/ee-acme-sh/master/install.sh
|
||||
chmod +x install-ee-acme.sh
|
||||
./install-ee-acme.sh
|
||||
chmod +x install-ee-acme.sh
|
||||
./install-ee-acme.sh
|
||||
|
||||
# enable acme.sh & ee-acme-sh
|
||||
source .bashrc
|
||||
|
@ -386,7 +385,7 @@ root@vps:~ cheat cat
|
|||
# Number all output lines:
|
||||
cat -n file
|
||||
```
|
||||
|
||||
|
||||
#### nanorc - Improved Nano Syntax Highlighting Files
|
||||
|
||||
[Github repository](https://github.com/scopatz/nanorc)
|
||||
|
@ -403,12 +402,13 @@ sudo apt update
|
|||
sudo apt install ucaresystem-core -y
|
||||
```
|
||||
|
||||
Run server maintenance with the command :
|
||||
Run server maintenance with the command :
|
||||
|
||||
```bash
|
||||
sudo ucaresystem-core
|
||||
```
|
||||
|
||||
### WP-CLI
|
||||
### WP-CLI
|
||||
|
||||
#### Add bash-completion for user www-data
|
||||
|
||||
|
@ -428,6 +428,24 @@ chown www-data:www-data /var/www/.profile
|
|||
chown www-data:www-data /var/www/.bashrc
|
||||
```
|
||||
|
||||
### Custom Nginx error pages
|
||||
|
||||
[Github Repository](https://github.com/alexphelps/server-error-pages)
|
||||
|
||||
Installation
|
||||
|
||||
```bash
|
||||
# clone the github repository
|
||||
sudo -u www-data -H git clone https://github.com/alexphelps/server-error-pages.git /var/www/error
|
||||
|
||||
# download nginx configuration
|
||||
wget -O /etc/nginx/common/error_pages.conf https://virtubox.github.io/ubuntu-nginx-web-server/files/etc/nginx/common/error_pages.conf
|
||||
```
|
||||
|
||||
Then include this configuration in your nginx vhost by adding the following line
|
||||
|
||||
```bash
|
||||
include common/error_pages.conf;
|
||||
```
|
||||
|
||||
Published & maintained by [VirtuBox](https://virtubox.net)
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
## Server Stack
|
||||
|
||||
- Ubuntu 16/18.04 LTS
|
||||
- Nginx 1.14.x
|
||||
- Nginx 1.15.x / 1.14.x
|
||||
- PHP-FPM 7/7.1/7.2
|
||||
- MariaDB 10.3
|
||||
- REDIS 4.0
|
||||
|
@ -23,7 +23,7 @@ Configuration files with comments and informations available by following the li
|
|||
#### System update and packages cleanup
|
||||
|
||||
```bash
|
||||
apt-get update && apt-get upgrade -y && apt-get autoremove -y && apt-get clean
|
||||
apt-get update && apt-get upgrade -y && apt-get autoremove --purge -y && apt-get clean
|
||||
```
|
||||
|
||||
#### Install useful packages
|
||||
|
@ -81,7 +81,9 @@ sudo mv /var/lib/mysql/ib_logfile1 /var/lib/mysql/ib_logfile1.bak
|
|||
|
||||
sudo service mysql start
|
||||
```
|
||||
Increase MariaDB open files limits
|
||||
|
||||
Increase MariaDB open files limits
|
||||
|
||||
```bash
|
||||
wget -O /etc/systemd/system/mariadb.service.d/limits.conf https://virtubox.github.io/ubuntu-nginx-web-server/files/etc/systemd/system/mariadb.service.d/limits.conf
|
||||
|
||||
|
@ -98,7 +100,7 @@ sudo bash -c 'echo -e "[user]\n\tname = $USER\n\temail = root@$HOSTNAME" > $HOME
|
|||
wget -qO ee rt.cx/ee && bash ee
|
||||
```
|
||||
|
||||
#### enable ee bash_completion
|
||||
#### enable ee bash_completion
|
||||
|
||||
```bash
|
||||
source /etc/bash_completion.d/ee_auto.rc
|
||||
|
@ -268,6 +270,7 @@ WARNING : SSH Configuration with root login allowed with ed25519 & ECDSA SSH key
|
|||
#### UFW
|
||||
|
||||
Instructions available in [VirtuBox Knowledgebase](https://kb.virtubox.net/knowledgebase/ufw-iptables-firewall-configuration-made-easier/)
|
||||
|
||||
```bash
|
||||
# enable ufw log - allow outgoing - deny incoming
|
||||
ufw logging low
|
||||
|
@ -310,7 +313,7 @@ fail2ban-client reload
|
|||
#### Secure Memcached server
|
||||
|
||||
```bash
|
||||
echo '-U 0' >> /etc/memcached.conf
|
||||
echo '-U 0' >> /etc/memcached.conf
|
||||
sudo systemctl restart memcached
|
||||
```
|
||||
|
||||
|
@ -320,16 +323,14 @@ sudo systemctl restart memcached
|
|||
|
||||
[Github repository](https://virtubox.github.io/ee-acme-sh/) - Script to setup letsencrypt certificates using acme.sh on EasyEngine servers
|
||||
|
||||
|
||||
|
||||
* subdomain support
|
||||
* ivp6 support
|
||||
* wildcards certificates support
|
||||
|
||||
```bash
|
||||
wget -O install-ee-acme.sh https://raw.githubusercontent.com/VirtuBox/ee-acme-sh/master/install.sh
|
||||
chmod +x install-ee-acme.sh
|
||||
./install-ee-acme.sh
|
||||
chmod +x install-ee-acme.sh
|
||||
./install-ee-acme.sh
|
||||
|
||||
# enable acme.sh & ee-acme-sh
|
||||
source .bashrc
|
||||
|
@ -400,12 +401,13 @@ sudo apt update
|
|||
sudo apt install ucaresystem-core -y
|
||||
```
|
||||
|
||||
Run server maintenance with the command :
|
||||
Run server maintenance with the command :
|
||||
|
||||
```bash
|
||||
sudo ucaresystem-core
|
||||
```
|
||||
|
||||
### WP-CLI
|
||||
### WP-CLI
|
||||
|
||||
#### Add bash-completion for user www-data
|
||||
|
||||
|
@ -425,6 +427,24 @@ chown www-data:www-data /var/www/.profile
|
|||
chown www-data:www-data /var/www/.bashrc
|
||||
```
|
||||
|
||||
### Custom Nginx error pages
|
||||
|
||||
[Github Repository](https://github.com/alexphelps/server-error-pages)
|
||||
|
||||
Published & maintained by [VirtuBox](https://virtubox.net)
|
||||
Installation
|
||||
|
||||
```bash
|
||||
# clone the github repository
|
||||
sudo -u www-data -H git clone https://github.com/alexphelps/server-error-pages.git /var/www/error
|
||||
|
||||
# download nginx configuration
|
||||
wget -O /etc/nginx/common/error_pages.conf https://virtubox.github.io/ubuntu-nginx-web-server/files/etc/nginx/common/error_pages.conf
|
||||
```
|
||||
|
||||
Then include this configuration in your nginx vhost by adding the following line
|
||||
|
||||
```bash
|
||||
include common/error_pages.conf;
|
||||
```
|
||||
|
||||
Published & maintained by [VirtuBox](https://virtubox.net)
|
|
@ -0,0 +1,16 @@
|
|||
error_page 400 /400-error.html;
|
||||
error_page 401 /401-error.html;
|
||||
error_page 403 /403-error.html;
|
||||
error_page 404 /404-error.html;
|
||||
error_page 500 /500-error.html;
|
||||
error_page 503 /503-error.html;
|
||||
error_page 504 /504-error.html;
|
||||
|
||||
location ~ /*-error.html {
|
||||
try_files $1-error.html @error;
|
||||
internal;
|
||||
}
|
||||
|
||||
location @error {
|
||||
root /var/www/error/_site;
|
||||
}
|
|
@ -1,2 +1,2 @@
|
|||
# Warning : this line enable HSTS for your domain and all subdomains (ngx_http_headers_module is required) (15768000 seconds = 6 months)
|
||||
# Warning : this line enable HSTS for your subdomain (ngx_http_headers_module is required) (15768000 seconds = 6 months)
|
||||
add_header Strict-Transport-Security "max-age=31536000; preload";
|
||||
|
|
|
@ -1,2 +0,0 @@
|
|||
# Warning : this line enable HSTS for your domain and all subdomains (ngx_http_headers_module is required) (15768000 seconds = 6 months)
|
||||
add_header Strict-Transport-Security "max-age=31536000; preload";
|
|
@ -48,7 +48,7 @@ location ~* ^.+\.(bak|log|old|orig|original|php#|php~|php_bak|save|swo|swp|sql)$
|
|||
log_not_found off;
|
||||
}
|
||||
# Return 403 forbidden for readme.(txt|html) or license.(txt|html) or example.(txt|html)
|
||||
if ($uri ~* "^.+(readme|license|example)\.(txt|html)$") {
|
||||
location ~* "/(^$|readme|license|example)\.(txt|html)" {
|
||||
return 403;
|
||||
}
|
||||
# Status pages
|
||||
|
|
|
@ -48,7 +48,7 @@ location ~* ^.+\.(bak|log|old|orig|original|php#|php~|php_bak|save|swo|swp|sql)$
|
|||
log_not_found off;
|
||||
}
|
||||
# Return 403 forbidden for readme.(txt|html) or license.(txt|html) or example.(txt|html)
|
||||
if ($uri ~* "^.+(readme|license|example)\.(txt|html)$") {
|
||||
location ~* "/(^$|readme|license|example)\.(txt|html)" {
|
||||
return 403;
|
||||
}
|
||||
# Status pages
|
||||
|
|
|
@ -48,7 +48,7 @@ location ~* ^.+\.(bak|log|old|orig|original|php#|php~|php_bak|save|swo|swp|sql)$
|
|||
log_not_found off;
|
||||
}
|
||||
# Return 403 forbidden for readme.(txt|html) or license.(txt|html) or example.(txt|html)
|
||||
if ($uri ~* "^.+(readme|license|example)\.(txt|html)$") {
|
||||
location ~* "/(^$|readme|license|example)\.(txt|html)" {
|
||||
return 403;
|
||||
}
|
||||
# Status pages
|
||||
|
|
|
@ -1,6 +1,4 @@
|
|||
##OCSP settings
|
||||
ssl_stapling on;
|
||||
resolver 8.8.8.8 1.1.1.1 valid=300s;
|
||||
ssl_stapling_verify on;
|
||||
#ssl_trusted_certificate /etc/ssl/private/ocsp-certs.pem; # <- Add signing certs here
|
||||
resolver_timeout 5;
|
|
@ -18,16 +18,18 @@ location /wp-content/uploads/ {
|
|||
#Prevent Direct Access Of PHP Files From Web Browsers
|
||||
deny all;
|
||||
}
|
||||
}
|
||||
location ~* ^/wp-content/.+\.(png|jpg)$ {
|
||||
add_header Vary Accept;
|
||||
location ~ \.(png|jpe?g)$ {
|
||||
add_header Vary "Accept-Encoding";
|
||||
add_header "Access-Control-Allow-Origin" "*";
|
||||
add_header Cache-Control "public, no-transform";
|
||||
access_log off;
|
||||
log_not_found off;
|
||||
expires max;
|
||||
try_files $uri$webp_suffix $uri =404;
|
||||
}
|
||||
}
|
||||
|
||||
# mitigate DoS attack CVE with WordPress script concatenation
|
||||
location ~ \/wp-admin\/load-(scripts|styles).php {
|
||||
deny all;
|
||||
}
|
||||
|
|
|
@ -0,0 +1,16 @@
|
|||
error_page 400 /400-error.html;
|
||||
error_page 401 /401-error.html;
|
||||
error_page 403 /403-error.html;
|
||||
error_page 404 /404-error.html;
|
||||
error_page 500 /500-error.html;
|
||||
error_page 503 /503-error.html;
|
||||
error_page 504 /504-error.html;
|
||||
|
||||
location ~ /*-error.html {
|
||||
try_files $1-error.html @error;
|
||||
internal;
|
||||
}
|
||||
|
||||
location @error {
|
||||
root /var/www/error/_site;
|
||||
}
|
|
@ -1,2 +1,2 @@
|
|||
# Warning : this line enable HSTS for your domain and all subdomains (ngx_http_headers_module is required) (15768000 seconds = 6 months)
|
||||
# Warning : this line enable HSTS for your subdomain (ngx_http_headers_module is required) (15768000 seconds = 6 months)
|
||||
add_header Strict-Transport-Security "max-age=31536000; preload";
|
||||
|
|
|
@ -1,2 +0,0 @@
|
|||
# Warning : this line enable HSTS for your domain and all subdomains (ngx_http_headers_module is required) (15768000 seconds = 6 months)
|
||||
add_header Strict-Transport-Security "max-age=31536000; preload";
|
|
@ -48,7 +48,7 @@ location ~* ^.+\.(bak|log|old|orig|original|php#|php~|php_bak|save|swo|swp|sql)$
|
|||
log_not_found off;
|
||||
}
|
||||
# Return 403 forbidden for readme.(txt|html) or license.(txt|html) or example.(txt|html)
|
||||
if ($uri ~* "^.+(readme|license|example)\.(txt|html)$") {
|
||||
location ~* "/(^$|readme|license|example)\.(txt|html)" {
|
||||
return 403;
|
||||
}
|
||||
# Status pages
|
||||
|
|
|
@ -48,7 +48,7 @@ location ~* ^.+\.(bak|log|old|orig|original|php#|php~|php_bak|save|swo|swp|sql)$
|
|||
log_not_found off;
|
||||
}
|
||||
# Return 403 forbidden for readme.(txt|html) or license.(txt|html) or example.(txt|html)
|
||||
if ($uri ~* "^.+(readme|license|example)\.(txt|html)$") {
|
||||
location ~* "/(^$|readme|license|example)\.(txt|html)" {
|
||||
return 403;
|
||||
}
|
||||
# Status pages
|
||||
|
|
|
@ -48,7 +48,7 @@ location ~* ^.+\.(bak|log|old|orig|original|php#|php~|php_bak|save|swo|swp|sql)$
|
|||
log_not_found off;
|
||||
}
|
||||
# Return 403 forbidden for readme.(txt|html) or license.(txt|html) or example.(txt|html)
|
||||
if ($uri ~* "^.+(readme|license|example)\.(txt|html)$") {
|
||||
location ~* "/(^$|readme|license|example)\.(txt|html)" {
|
||||
return 403;
|
||||
}
|
||||
# Status pages
|
||||
|
|
|
@ -1,6 +1,4 @@
|
|||
##OCSP settings
|
||||
ssl_stapling on;
|
||||
resolver 8.8.8.8 1.1.1.1 valid=300s;
|
||||
ssl_stapling_verify on;
|
||||
#ssl_trusted_certificate /etc/ssl/private/ocsp-certs.pem; # <- Add signing certs here
|
||||
resolver_timeout 5;
|
|
@ -22,6 +22,8 @@ REPO_PATH="/tmp/ubuntu-nginx-web-server"
|
|||
|
||||
if [ "$(id -u)" != "0" ]; then
|
||||
echo "Error: You must be root to run this script, please use the root user to install the software."
|
||||
echo ""
|
||||
echo "Use 'sudo su - root' to login as root"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
|
@ -103,7 +105,7 @@ ufw() {
|
|||
|
||||
if [ ! -d /etc/ufw ];
|
||||
then
|
||||
sudo apt-get install ufw -y
|
||||
apt-get install ufw -y
|
||||
fi
|
||||
|
||||
ufw logging low
|
||||
|
@ -136,10 +138,10 @@ ufw() {
|
|||
|
||||
useful() {
|
||||
|
||||
sudo apt-get install haveged curl git unzip zip fail2ban htop nload nmon ntp -y
|
||||
apt-get install haveged curl git unzip zip fail2ban htop nload nmon ntp -y
|
||||
|
||||
# ntp time
|
||||
sudo systemctl enable ntp
|
||||
systemctl enable ntp
|
||||
|
||||
}
|
||||
|
||||
|
@ -340,12 +342,11 @@ nginx_ee() {
|
|||
# Add nginx additional conf
|
||||
##################################
|
||||
|
||||
nginx_conf() {
|
||||
|
||||
# php7.1 & 7.2 common configurations
|
||||
|
||||
cd /etc/nginx/common || exit
|
||||
wget $REPO_PATH/common.zip
|
||||
unzip common.zip
|
||||
rm common.zip
|
||||
cp -rf $REPO_PATH/etc/nginx/common/* /etc/nginx/common/
|
||||
|
||||
# optimized nginx.config
|
||||
cp -f $REPO_PATH/etc/nginx/nginx.conf /etc/nginx/nginx.conf
|
||||
|
@ -377,19 +378,11 @@ fi
|
|||
# 1) add webp mapping
|
||||
cp -f $REPO_PATH/etc/nginx/conf.d/webp.conf /etc/nginx/conf.d/webp.conf
|
||||
|
||||
# 2) wpcommon files
|
||||
# php7
|
||||
cp -f $REPO_PATH/etc/nginx/common/wpcommon-php7.conf /etc/nginx/common/wpcommon-php7.conf
|
||||
|
||||
# php7.1
|
||||
cp -f $REPO_PATH/etc/nginx/common/wpcommon-php71.conf /etc/nginx/common/wpcommon-php71.conf
|
||||
|
||||
# php7.2
|
||||
cp -f $REPO_PATH/etc/nginx/common/wpcommon-php72.conf /etc/nginx/common/wpcommon-php72.conf
|
||||
|
||||
nginx -t
|
||||
service nginx reload
|
||||
|
||||
}
|
||||
|
||||
##################################
|
||||
# Add fail2ban configurations
|
||||
##################################
|
||||
|
@ -562,6 +555,7 @@ fi
|
|||
if [ "$nginxee" = "y" ]
|
||||
then
|
||||
nginx_ee
|
||||
nginx_conf
|
||||
fi
|
||||
|
||||
if [ "$fail2ban" = "y" ]
|
||||
|
@ -575,7 +569,7 @@ then
|
|||
fi
|
||||
|
||||
bashrc_extra
|
||||
ucaresystem
|
||||
#ucaresystem
|
||||
|
||||
netdata
|
||||
extplorer
|
||||
|
|
Loading…
Reference in New Issue