virtubox
/
ubuntu-nginx-web-server
mirror of https://github.com/VirtuBox/ubuntu-nginx-web-server
1
0
Fork 0
Code Issues Releases Wiki Activity

update few configurations

This commit is contained in:
VirtuBox 2018-09-19 14:57:34 +02:00
parent dde52e237b
commit 85f3c1222f
9 changed files with 263 additions and 87 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
README.md
View File

@ -16,8 +16,6 @@
* * *
**All Instructions and informations are listed on the [Github page](https://virtubox.github.io/ubuntu-nginx-web-server/)**
Configuration files with comments and informations available by following the link **source**
### Initial configuration
@ -60,9 +58,8 @@ echo never > /sys/kernel/mm/transparent_hugepage/enabled
Instructions available in [VirtuBox Knowledgebase](https://kb.virtubox.net/knowledgebase/install-latest-mariadb-release-easyengine/)
```bash
curl -sS https://downloads.mariadb.com/MariaDB/mariadb_repo_setup \
| sudo bash -s -- --mariadb-server-version=10.3 --skip-maxscale
sudo apt update && sudo apt install mariadb-server percona-xtrabackup-24 -y
bash <(wget -qO - https://downloads.mariadb.com/MariaDB/mariadb_repo_setup) --mariadb-server-version=10.3 --skip-maxscale -y
sudo apt update && sudo apt install mariadb-server -y
```
#### MySQL Tuning

10
docs/README.md
View File

@ -1,10 +1,10 @@
# Ubuntu optimized configuration with EasyEngine
# Optimized configuration for Ubuntu server with EasyEngine
* * *
## Server Stack
- Ubuntu 16/18.04 LTS
- Ubuntu 16.04/18.04 LTS
- Nginx 1.15.x / 1.14.x
- PHP-FPM 7/7.1/7.2
- MariaDB 10.3
@ -58,9 +58,8 @@ echo never > /sys/kernel/mm/transparent_hugepage/enabled
Instructions available in [VirtuBox Knowledgebase](https://kb.virtubox.net/knowledgebase/install-latest-mariadb-release-easyengine/)
```bash
curl -sS https://downloads.mariadb.com/MariaDB/mariadb_repo_setup \
| sudo bash -s -- --mariadb-server-version=10.3 --skip-maxscale
sudo apt update && sudo apt install mariadb-server percona-xtrabackup-24 -y
bash <(wget -qO - https://downloads.mariadb.com/MariaDB/mariadb_repo_setup) --mariadb-server-version=10.3 --skip-maxscale -y
sudo apt update && sudo apt install mariadb-server -y
```
#### MySQL Tuning
@ -450,4 +449,5 @@ Then include this configuration in your nginx vhost by adding the following line
include common/error_pages.conf;
```
Published & maintained by [VirtuBox](https://virtubox.net)

17
docs/files/etc/nginx/common/locations-php7.conf
View File

@ -29,7 +29,7 @@ location ~* \.(?:css(\.map)?|js(\.map)?)$ {
}
# Security settings for better privacy
# Deny hidden files
location ~ /\. {
location ~ /\.(?!well-known\/) {
deny all;
}
# Use the directory /var/www/html to valide acme-challenge
@ -114,18 +114,3 @@ location ~ ^/(status|ping)$ {
include common/acl.conf;
fastcgi_pass php7;
}
# EasyEngine (ee) utilities
# phpMyAdmin settings
location = /pma {
return 301 https://$host:22222/db/pma;
}
location = /phpMyAdmin {
return 301 https://$host:22222/db/pma;
}
location = /phpmyadmin {
return 301 https://$host:22222/db/pma;
}
# Adminer settings
location = /adminer {
return 301 https://$host:22222/db/adminer;
}

33
docs/files/etc/nginx/common/locations-php71.conf
View File

@ -31,17 +31,17 @@ location ~* \.(?:css(\.map)?|js(\.map)?)$
}
# Security settings for better privacy
# Deny hidden files
location ~ /\. {
deny all;
location ~ /\.(?!well-known\/) {
deny all;
}
# Use the directory /var/www/html to valide acme-challenge
# just create the sub-directories .well-known/acme-challenge and set www-data as owner
# #
# chown -R www-data:www-data /var/www/html && sudo -u www-data mkdir -p /var/www/html/.well-known/acme-challenge
# #
location /.well-known/acme-challenge/ {
alias /var/www/html/.well-known/acme-challenge/;
}
# just create the sub-directories .well-known/acme-challenge
####
# sudo chown -R www-data:www-data /var/www/html && sudo -u www-data mkdir -p /var/www/html/.well-known/acme-challenge
####
# location /.well-known/acme-challenge/ {
# alias /var/www/html/.well-known/acme-challenge/;
# }
# Return 403 forbidden for readme.(txt|html) or license.(txt|html) or example.(txt|html) or other common git repository files
location ~* "/(^$|readme|license|example|README|changelog)\.(txt|html|md)" {
deny all;
@ -116,18 +116,3 @@ location ~ ^/(status|ping) {
fastcgi_pass php71;
include common/acl.conf;
}
# EasyEngine (ee) utilities
# phpMyAdmin settings
location /pma {
return 301 https://$host:22222/db/pma;
}
location /phpMyAdmin {
return 301 https://$host:22222/db/pma;
}
location /phpmyadmin {
return 301 https://$host:22222/db/pma;
}
# Adminer settings
location /adminer {
return 301 https://$host:22222/db/adminer;
}

31
docs/files/etc/nginx/common/locations-php72.conf
View File

@ -35,17 +35,17 @@ location ~* \.(?:css(\.map)?|js(\.map)?)$ {
}
# Security settings for better privacy
# Deny hidden files
location ~ /\. {
location ~ /\.(?!well-known\/) {
deny all;
}
# Use the directory /var/www/html to valide acme-challenge
# just create the sub-directories .well-known/acme-challenge and set www-data as owner
# #
# chown -R www-data:www-data /var/www/html && sudo -u www-data mkdir -p /var/www/html/.well-known/acme-challenge
# #
location /.well-known/acme-challenge/ {
alias /var/www/html/.well-known/acme-challenge/;
}
# just create the sub-directories .well-known/acme-challenge
####
# sudo chown -R www-data:www-data /var/www/html && sudo -u www-data mkdir -p /var/www/html/.well-known/acme-challenge
####
# location /.well-known/acme-challenge/ {
# alias /var/www/html/.well-known/acme-challenge/;
# }
# Return 403 forbidden for readme.(txt|html) or license.(txt|html) or example.(txt|html) or other common git repository files
location ~* "/(^$|readme|license|example|README|LEGALNOTICE|INSTALLATION|CHANGELOG)\.(txt|html|md)" {
deny all;
@ -120,18 +120,3 @@ location ~ ^/(status|ping) {
include common/acl.conf;
fastcgi_pass php72;
}
# EasyEngine (ee) utilities
# phpMyAdmin settings
location /pma {
return 301 https://$host:22222/db/pma;
}
location /phpMyAdmin {
return 301 https://$host:22222/db/pma;
}
location /phpmyadmin {
return 301 https://$host:22222/db/pma;
}
# Adminer settings
location /adminer {
return 301 https://$host:22222/db/adminer;
}

112
docs/files/etc/nginx/common/locations.conf Normal file
View File

@ -0,0 +1,112 @@
# NGINX CONFIGURATION FOR COMMON LOCATION
# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee)
# Basic locations files
location = /favicon.ico {
access_log off;
log_not_found off;
expires max;
}
location = /robots.txt {
# Some WordPress plugin gererate robots.txt file
# Refer #340 issue
try_files $uri $uri/ /index.php?$args;
access_log off;
log_not_found off;
}
# Cache static files
location ~* \.(ogg|ogv|svg|svgz|eot|otf|woff|m4a|mp4|ttf|rss|atom|jpe?g|gif|cur|heic|png|tiff|ico|zip|webm|mp3|aac|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf|swf|webp)$ {
add_header "Access-Control-Allow-Origin" "*";
access_log off;
log_not_found off;
expires max;
}
# Cache css & js files
location ~* \.(?:css(\.map)?|js(\.map)?)$ {
add_header "Access-Control-Allow-Origin" "*";
access_log off;
log_not_found off;
expires 30d;
}
# Security settings for better privacy
# Deny hidden files
location ~ /\.(?!well-known\/) {
deny all;
}
# Use the directory /var/www/html to valide acme-challenge
# just create the sub-directories .well-known/acme-challenge and set www-data as owner
# #
# chown -R www-data:www-data /var/www/html && sudo -u www-data mkdir -p /var/www/html/.well-known/acme-challenge
# #
location /.well-known/acme-challenge/ {
alias /var/www/html/.well-known/acme-challenge/;
}
# Return 403 forbidden for readme.(txt|html) or license.(txt|html) or example.(txt|html) or other common git repository files
location ~* "/(^$|readme|license|example|README|changelog)\.(txt|html|md)" {
deny all;
}
# Deny backup extensions & log files and return 403 forbidden
location ~* "\.(old|orig|original|php#|php~|php_bak|save|swo|aspx?|bash|bak?|cfg|cgi|dll|exe|git|hg|ini|jsp|log|mdb|out|sql|svn|swp|tar|rdf)$" {
deny all;
}
# common nginx configuration to block sql injection and other attacks
location ~* "(eval\()" {
deny all;
}
location ~* "(127\.0\.0\.1)" {
deny all;
}
location ~* "([a-z0-9]{2000})" {
deny all;
}
location ~* "(javascript\:)(.*)(\;)" {
deny all;
}
location ~* "(base64_encode)(.*)(\()" {
deny all;
}
location ~* "(GLOBALS|REQUEST)(=|\[|%)" {
deny all;
}
location ~* "(<|%3C).*script.*(>|%3)" {
deny all;
}
location ~ "(\\|\.\.\.|\.\./|~|`|<|>|\|)" {
deny all;
}
location ~* "(boot\.ini|etc/passwd|self/environ)" {
deny all;
}
location ~* "(thumbs?(_editor|open)?|tim(thumb)?)\.php" {
deny all;
}
location ~* "(\'|\")(.*)(drop|insert|md5|select|union)" {
deny all;
}
location ~* "(https?|ftp|php):/" {
deny all;
}
location ~* "(=\\\'|=\\%27|/\\\'/?)\." {
deny all;
}
location ~ "(\{0\}|\(/\(|\.\.\.|\+\+\+|\\\"\\\")" {
deny all;
}
location ~ "(~|`|<|>|:|;|%|\\|\s|\{|\}|\[|\]|\|)" {
deny all;
}
location ~* "/(=|\$&|_mm|(wp-)?config\.|cgi-|etc/passwd|muieblack)" {
deny all;
}
location ~* "(&pws=0|_vti_|\(null\)|\{\$itemURL\}|echo(.*)kae|etc/passwd|eval\(|self/environ)" {
deny all;
}
location ~* "/(^$|mobiquo|phpinfo|shell|sqlpatch|thumb|thumb_editor|thumbopen|timthumb|webshell)\.php" {
deny all;
}
# Status pages
location = /nginx_status {
stub_status on;
access_log off;
include common/acl.conf;
}

14
etc/nginx/common/locations-php71.conf
View File

@ -35,13 +35,13 @@ location ~ /\.(?!well-known\/) {
deny all;
}
# Use the directory /var/www/html to valide acme-challenge
# just create the sub-directories .well-known/acme-challenge and set www-data as owner
# #
# chown -R www-data:www-data /var/www/html && sudo -u www-data mkdir -p /var/www/html/.well-known/acme-challenge
# #
location /.well-known/acme-challenge/ {
alias /var/www/html/.well-known/acme-challenge/;
}
# just create the sub-directories .well-known/acme-challenge
####
# sudo chown -R www-data:www-data /var/www/html && sudo -u www-data mkdir -p /var/www/html/.well-known/acme-challenge
####
# location /.well-known/acme-challenge/ {
# alias /var/www/html/.well-known/acme-challenge/;
# }
# Return 403 forbidden for readme.(txt|html) or license.(txt|html) or example.(txt|html) or other common git repository files
location ~* "/(^$|readme|license|example|README|changelog)\.(txt|html|md)" {
deny all;

14
etc/nginx/common/locations-php72.conf
View File

@ -39,13 +39,13 @@ location ~ /\.(?!well-known\/) {
deny all;
}
# Use the directory /var/www/html to valide acme-challenge
# just create the sub-directories .well-known/acme-challenge and set www-data as owner
# #
# chown -R www-data:www-data /var/www/html && sudo -u www-data mkdir -p /var/www/html/.well-known/acme-challenge
# #
location /.well-known/acme-challenge/ {
alias /var/www/html/.well-known/acme-challenge/;
}
# just create the sub-directories .well-known/acme-challenge
####
# sudo chown -R www-data:www-data /var/www/html && sudo -u www-data mkdir -p /var/www/html/.well-known/acme-challenge
####
# location /.well-known/acme-challenge/ {
# alias /var/www/html/.well-known/acme-challenge/;
# }
# Return 403 forbidden for readme.(txt|html) or license.(txt|html) or example.(txt|html) or other common git repository files
location ~* "/(^$|readme|license|example|README|LEGALNOTICE|INSTALLATION|CHANGELOG)\.(txt|html|md)" {
deny all;

112
etc/nginx/common/locations.conf Normal file
View File

@ -0,0 +1,112 @@
# NGINX CONFIGURATION FOR COMMON LOCATION
# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee)
# Basic locations files
location = /favicon.ico {
access_log off;
log_not_found off;
expires max;
}
location = /robots.txt {
# Some WordPress plugin gererate robots.txt file
# Refer #340 issue
try_files $uri $uri/ /index.php?$args;
access_log off;
log_not_found off;
}
# Cache static files
location ~* \.(ogg|ogv|svg|svgz|eot|otf|woff|m4a|mp4|ttf|rss|atom|jpe?g|gif|cur|heic|png|tiff|ico|zip|webm|mp3|aac|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf|swf|webp)$ {
add_header "Access-Control-Allow-Origin" "*";
access_log off;
log_not_found off;
expires max;
}
# Cache css & js files
location ~* \.(?:css(\.map)?|js(\.map)?)$ {
add_header "Access-Control-Allow-Origin" "*";
access_log off;
log_not_found off;
expires 30d;
}
# Security settings for better privacy
# Deny hidden files
location ~ /\.(?!well-known\/) {
deny all;
}
# Use the directory /var/www/html to valide acme-challenge
# just create the sub-directories .well-known/acme-challenge and set www-data as owner
# #
# chown -R www-data:www-data /var/www/html && sudo -u www-data mkdir -p /var/www/html/.well-known/acme-challenge
# #
location /.well-known/acme-challenge/ {
alias /var/www/html/.well-known/acme-challenge/;
}
# Return 403 forbidden for readme.(txt|html) or license.(txt|html) or example.(txt|html) or other common git repository files
location ~* "/(^$|readme|license|example|README|changelog)\.(txt|html|md)" {
deny all;
}
# Deny backup extensions & log files and return 403 forbidden
location ~* "\.(old|orig|original|php#|php~|php_bak|save|swo|aspx?|bash|bak?|cfg|cgi|dll|exe|git|hg|ini|jsp|log|mdb|out|sql|svn|swp|tar|rdf)$" {
deny all;
}
# common nginx configuration to block sql injection and other attacks
location ~* "(eval\()" {
deny all;
}
location ~* "(127\.0\.0\.1)" {
deny all;
}
location ~* "([a-z0-9]{2000})" {
deny all;
}
location ~* "(javascript\:)(.*)(\;)" {
deny all;
}
location ~* "(base64_encode)(.*)(\()" {
deny all;
}
location ~* "(GLOBALS|REQUEST)(=|\[|%)" {
deny all;
}
location ~* "(<|%3C).*script.*(>|%3)" {
deny all;
}
location ~ "(\\|\.\.\.|\.\./|~|`|<|>|\|)" {
deny all;
}
location ~* "(boot\.ini|etc/passwd|self/environ)" {
deny all;
}
location ~* "(thumbs?(_editor|open)?|tim(thumb)?)\.php" {
deny all;
}
location ~* "(\'|\")(.*)(drop|insert|md5|select|union)" {
deny all;
}
location ~* "(https?|ftp|php):/" {
deny all;
}
location ~* "(=\\\'|=\\%27|/\\\'/?)\." {
deny all;
}
location ~ "(\{0\}|\(/\(|\.\.\.|\+\+\+|\\\"\\\")" {
deny all;
}
location ~ "(~|`|<|>|:|;|%|\\|\s|\{|\}|\[|\]|\|)" {
deny all;
}
location ~* "/(=|\$&|_mm|(wp-)?config\.|cgi-|etc/passwd|muieblack)" {
deny all;
}
location ~* "(&pws=0|_vti_|\(null\)|\{\$itemURL\}|echo(.*)kae|etc/passwd|eval\(|self/environ)" {
deny all;
}
location ~* "/(^$|mobiquo|phpinfo|shell|sqlpatch|thumb|thumb_editor|thumbopen|timthumb|webshell)\.php" {
deny all;
}
# Status pages
location = /nginx_status {
stub_status on;
access_log off;
include common/acl.conf;
}