Browse Source

few config improvements

easyengine-v3
VirtuBox 1 year ago
parent
commit
a343dec9fd
16 changed files with 57 additions and 98 deletions
  1. +5
    -1
      etc/nginx/common/locations-php7.conf
  2. +5
    -1
      etc/nginx/common/locations-php71.conf
  3. +5
    -1
      etc/nginx/common/locations-php72.conf
  4. +5
    -1
      etc/nginx/common/locations.conf
  5. +3
    -0
      etc/nginx/conf.d/fastcgi.conf
  6. +1
    -0
      etc/nginx/nginx.conf
  7. +9
    -9
      etc/php/7.0/cli/php.ini
  8. +1
    -1
      etc/php/7.0/pool.d/www-sock.conf
  9. +1
    -1
      etc/php/7.0/pool.d/www-two-sock..conf
  10. +2
    -65
      etc/php/7.1/fpm/php.ini
  11. +1
    -1
      etc/php/7.1/fpm/pool.d/www-sock.conf
  12. +1
    -1
      etc/php/7.1/fpm/pool.d/www-two-sock..conf
  13. +6
    -4
      etc/php/7.2/cli/php.ini
  14. +4
    -4
      etc/php/7.2/fpm/pool.d/www-sock.conf
  15. +4
    -4
      etc/php/7.2/fpm/pool.d/www-two-sock..conf
  16. +4
    -4
      etc/ssh/sshd_config

+ 5
- 1
etc/nginx/common/locations-php7.conf View File

@@ -15,10 +15,14 @@ location @empty {
location = /robots.txt {
# Some WordPress plugin gererate robots.txt file
# Refer #340 issue
try_files $uri $uri/ /index.php?$args;
try_files $uri $uri/ /index.php?$args @robots;
access_log off;
log_not_found off;
}
# fallback for robots.txt with default wordpress rules
location @robots {
return 200 "User-agent: *\nDisallow: /wp-admin/\nAllow: /wp-admin/admin-ajax.php\n";
}
# Cache static files
location ~* \.(ogg|ogv|svg|svgz|eot|otf|woff|woff2|ttf|m4a|mp4|ttf|rss|atom|jpe?g|gif|cur|heic|png|tiff|ico|webm|mp3|aac|tgz|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf|swf|webp)$ {
add_header "Access-Control-Allow-Origin" "*";


+ 5
- 1
etc/nginx/common/locations-php71.conf View File

@@ -15,10 +15,14 @@ location @empty {
location = /robots.txt {
# Some WordPress plugin gererate robots.txt file
# Refer #340 issue
try_files $uri $uri/ /index.php?$args;
try_files $uri $uri/ /index.php?$args @robots;
access_log off;
log_not_found off;
}
# fallback for robots.txt with default wordpress rules
location @robots {
return 200 "User-agent: *\nDisallow: /wp-admin/\nAllow: /wp-admin/admin-ajax.php\n";
}
# Cache static files
location ~* \.(ogg|ogv|svg|svgz|eot|otf|woff|woff2|ttf|m4a|mp4|ttf|rss|atom|jpe?g|gif|cur|heic|png|tiff|ico|zip|webm|mp3|aac|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf|swf|webp)$ {
add_header "Access-Control-Allow-Origin" "*";


+ 5
- 1
etc/nginx/common/locations-php72.conf View File

@@ -15,10 +15,14 @@ location @empty {
location = /robots.txt {
# Some WordPress plugin gererate robots.txt file
# Refer #340 issue
try_files $uri $uri/ /index.php?$args;
try_files $uri $uri/ /index.php?$args @robots;
access_log off;
log_not_found off;
}
# fallback for robots.txt with default wordpress rules
location @robots {
return 200 "User-agent: *\nDisallow: /wp-admin/\nAllow: /wp-admin/admin-ajax.php\n";
}
# Cache static files
location ~* \.(ogg|ogv|svg|svgz|eot|otf|woff|woff2|ttf|m4a|mp4|ttf|rss|atom|jpe?g|gif|cur|heic|png|tiff|ico|zip|webm|mp3|aac|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf|swf|webp)$ {
add_header "Access-Control-Allow-Origin" "*";


+ 5
- 1
etc/nginx/common/locations.conf View File

@@ -15,10 +15,14 @@ location @empty {
location = /robots.txt {
# Some WordPress plugin gererate robots.txt file
# Refer #340 issue
try_files $uri $uri/ /index.php?$args;
try_files $uri $uri/ /index.php?$args @robots;
access_log off;
log_not_found off;
}
# fallback for robots.txt with default wordpress rules
location @robots {
return 200 "User-agent: *\nDisallow: /wp-admin/\nAllow: /wp-admin/admin-ajax.php\n";
}
# Cache static files
location ~* \.(ogg|ogv|svg|svgz|eot|otf|woff|woff2|ttf|m4a|mp4|ttf|rss|atom|jpe?g|gif|cur|heic|png|tiff|ico|zip|webm|mp3|aac|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf|swf|webp)$ {
add_header "Access-Control-Allow-Origin" "*";


+ 3
- 0
etc/nginx/conf.d/fastcgi.conf View File

@@ -11,3 +11,6 @@ fastcgi_temp_file_write_size 512K;
fastcgi_param SERVER_NAME $http_host;
fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
fastcgi_keep_conn on;
fastcgi_cache_background_update on;
fastcgi_socket_keepalive on;


+ 1
- 0
etc/nginx/nginx.conf View File

@@ -101,6 +101,7 @@ http
more_set_headers "X-Xss-Protection : 1; mode=block";
more_set_headers "X-Content-Type-Options : nosniff";
more_set_headers "Referrer-Policy : strict-origin-when-cross-origin";
more_set_headers "X-Download-Options : noopen;";

##
# Basic Settings


+ 9
- 9
etc/php/7.0/cli/php.ini View File

@@ -5,15 +5,15 @@ precision = 14
output_buffering = 8096
zlib.output_compression = Off
implicit_flush = Off
unserialize_callback_func =
unserialize_callback_func =
serialize_precision = 17
disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,
disable_classes =
disable_classes =
zend.enable_gc = On
expose_php = Off
max_execution_time = 300
max_input_time = 600
max_input_vars = 10000
max_execution_time = 1800
max_input_time = 1800
max_input_vars = 20000
memory_limit = -1
error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
display_errors = Off
@@ -30,12 +30,12 @@ request_order = "GP"
register_argc_argv = Off
auto_globals_jit = On
post_max_size = 128M
auto_prepend_file =
auto_append_file =
auto_prepend_file =
auto_append_file =
default_mimetype = "text/html"
default_charset = "UTF-8"
doc_root =
user_dir =
doc_root =
user_dir =
enable_dl = Off
file_uploads = On
upload_max_filesize = 128M


+ 1
- 1
etc/php/7.0/pool.d/www-sock.conf View File

@@ -1,4 +1,4 @@
[www-sock]
[php70-fpm-sock]
user = www-data
group = www-data
prefix = /var/run


+ 1
- 1
etc/php/7.0/pool.d/www-two-sock..conf View File

@@ -1,4 +1,4 @@
[www-two-sock]
[php70-fpm-two-sock]
user = www-data
group = www-data
prefix = /var/run


+ 2
- 65
etc/php/7.1/fpm/php.ini View File

@@ -26,7 +26,6 @@ ignore_repeated_source = Off
report_memleaks = On
track_errors = Off
html_errors = On

variables_order = "GPCS"
request_order = "GP"
register_argc_argv = Off
@@ -52,19 +51,16 @@ cli_server.color = On
[Date]
date.timezone = Europe/Paris


[filter]

[iconv]

[intl]


[sqlite3]

[Pcre]


[Pdo]

[Pdo_mysql]
@@ -81,7 +77,6 @@ SMTP = localhost
smtp_port = 25
mail.add_x_header = On


[SQL]

sql.safe_mode = Off
@@ -89,77 +84,48 @@ sql.safe_mode = Off
[ODBC]

odbc.allow_persistent = On

odbc.check_persistent = On

odbc.max_persistent = -1

odbc.max_links = -1

odbc.defaultlrl = 4096

odbc.defaultbinmode = 1

[Interbase]

ibase.allow_persistent = 1

ibase.max_persistent = -1

ibase.max_links = -1

ibase.timestampformat = "%Y-%m-%d %H:%M:%S"

ibase.dateformat = "%Y-%m-%d"

ibase.timeformat = "%H:%M:%S"

[MySQLi]

mysqli.max_persistent = -1


mysqli.allow_persistent = On

mysqli.max_links = -1

mysqli.cache_size = 2000


mysqli.default_port = 3306

mysqli.default_socket =

mysqli.default_host =

mysqli.default_user =

mysqli.default_pw =

mysqli.reconnect = Off

[mysqlnd]

mysqlnd.collect_statistics = On

mysqlnd.collect_memory_statistics = Off



[OCI8]

[PostgreSQL]

pgsql.allow_persistent = On

pgsql.auto_reset_persistent = Off

pgsql.max_persistent = -1

pgsql.max_links = -1

pgsql.ignore_notice = 0

pgsql.log_notice = 0

[bcmath]
@@ -171,48 +137,26 @@ bcmath.scale = 0
[Session]

session.save_handler = files

session.use_strict_mode = 0

session.use_cookies = 1

session.cookie_secure = 1

session.use_only_cookies = 1

session.name = PHPSESSID

session.auto_start = 0

session.cookie_lifetime = 0

session.cookie_path = /

session.cookie_domain =

session.cookie_httponly = 1

session.serialize_handler = php

session.gc_probability = 0


session.gc_divisor = 1000

session.gc_maxlifetime = 1440

session.referer_check =

session.cache_limiter = nocache

session.cache_expire = 180

session.use_trans_sid = 0

session.sid_length = 26

session.trans_sid_tags = "a=href,area=href,frame=src,form="

session.sid_bits_per_character = 5

[Assertion]
@@ -223,13 +167,10 @@ zend.assertions = -1

[mbstring]


[gd]


[exif]


[Tidy]

tidy.clean_output = Off
@@ -237,11 +178,8 @@ tidy.clean_output = Off
[soap]

soap.wsdl_cache_enabled=1

soap.wsdl_cache_dir="/tmp"

soap.wsdl_cache_ttl=86400

soap.wsdl_cache_limit = 5

[sysvshm]
@@ -254,9 +192,7 @@ ldap.max_links = -1

[dba]


[opcache]

opcache.enable=1
opcache.enable_cli=1
opcache.interned_strings_buffer=8
@@ -264,8 +200,9 @@ opcache.max_accelerated_files=10000
opcache.memory_consumption=256
opcache.save_comments=1
opcache.revalidate_freq=1
opcache.consistency_checks=0
opcache.validate_timestamps=0

[curl]


[openssl]

+ 1
- 1
etc/php/7.1/fpm/pool.d/www-sock.conf View File

@@ -1,4 +1,4 @@
[www-sock]
[php71-fpm-sock]
user = www-data
group = www-data
prefix = /var/run


+ 1
- 1
etc/php/7.1/fpm/pool.d/www-two-sock..conf View File

@@ -1,4 +1,4 @@
[www-two-sock]
[php71-fpm-two-sock]
user = www-data
group = www-data
prefix = /var/run


+ 6
- 4
etc/php/7.2/cli/php.ini View File

@@ -11,10 +11,10 @@ disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexi
disable_classes =
zend.enable_gc = On
expose_php = Off
max_execution_time = 300
max_input_vars = 10000
max_input_time = 600
memory_limit = 256M
max_execution_time = -1
max_input_vars = 20000
max_input_time = 1800
memory_limit = -1
error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
display_errors = Off
display_startup_errors = Off
@@ -178,6 +178,8 @@ opcache.max_accelerated_files=10000
opcache.memory_consumption=256
opcache.save_comments=1
opcache.revalidate_freq=1
opcache.consistency_checks=0
opcache.validate_timestamps=0

[curl]



+ 4
- 4
etc/php/7.2/fpm/pool.d/www-sock.conf View File

@@ -1,4 +1,4 @@
[www-sock]
[php72-fpm-sock]
user = www-data
group = www-data
prefix = /var/run
@@ -14,9 +14,9 @@ catch_workers_output = yes

pm = ondemand
pm.max_children = 100
pm.start_servers = 20
pm.min_spare_servers = 10
pm.max_spare_servers = 30
pm.start_servers = 10
pm.min_spare_servers = 5
pm.max_spare_servers = 25
ping.path = /ping
pm.status_path = /status
pm.max_requests = 500


+ 4
- 4
etc/php/7.2/fpm/pool.d/www-two-sock..conf View File

@@ -1,4 +1,4 @@
[www-two-sock]
[php72-fpm-two-sock]
user = www-data
group = www-data
prefix = /var/run
@@ -14,9 +14,9 @@ catch_workers_output = yes

pm = ondemand
pm.max_children = 100
pm.start_servers = 20
pm.min_spare_servers = 10
pm.max_spare_servers = 30
pm.start_servers = 10
pm.min_spare_servers = 5
pm.max_spare_servers = 25
ping.path = /ping
pm.status_path = /status
pm.max_requests = 500


+ 4
- 4
etc/ssh/sshd_config View File

@@ -39,7 +39,7 @@ Subsystem sftp /usr/lib/openssh/sftp-server
# Host keys the client accepts - order here is honored by OpenSSH
HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ssh-rsa,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256

# use strong ciphers (you may have to comment those lines with some sftp clients)
KexAlgorithms curve25519-sha256@libssh.org
Ciphers chacha20-poly1305@openssh.com
MACs umac-128-etm@openssh.com,umac-128@openssh.com
# use strong ciphers
KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com

Loading…
Cancel
Save