diff --git a/README.md b/README.md index 8fdb3c8..2cab30a 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# Optimized configuration for Ubuntu server with WordOps +# Optimized configuration for WordOps running on Ubuntu server ## Server Stack @@ -12,19 +12,82 @@ - Netdata - UFW -* * * +-------------------------------------------------------------------------------- ![](https://img.shields.io/github/license/virtubox/ubuntu-nginx-web-server.svg?style=flat) ![last-commit](https://img.shields.io/github/last-commit/virtubox/ubuntu-nginx-web-server.svg?style=flat) ![stars](https://img.shields.io/github/stars/VirtuBox/ubuntu-nginx-web-server.svg?style=flat) ### Info -**As EasyEngine v3 will no longer receive any updates, configurations available in this repository are going to be updated for [WordOps](https://wordops.org/) (EEv3 fork).** +**As EasyEngine v3 will no longer receive any updates, configurations available in this repository are being updated for [WordOps](https://wordops.org/) (EEv3 fork).** + +We are currently contributing to WordOps project to include the most part of custom configurations available in this repository All previous configurations are still available in the branch [easyengine-v3](https://github.com/VirtuBox/ubuntu-nginx-web-server/tree/easyengine-v3). -To automate WordOps deployement, we have published a bash script [wo-nginx-setup](https://github.com/VirtuBox/wo-nginx-setup). +-------------------------------------------------------------------------------- -* * * +- [Initial configuration](#initial-configuration) + + - [System update and packages cleanup](#system-update-and-packages-cleanup) + - [Install useful packages](#install-useful-packages) + - [Clone the repository](#clone-the-repository) + - [Updating the repository](#updating-the-repository) + - [Tweak Kernel & Increase open files limits](#tweak-kernel--increase-open-files-limits) + - [disable transparent hugepage for redis](#disable-transparent-hugepage-for-redis) + +- [WordOps Setup](#wordops-setup) + + - [Install MariaDB 10.3](#install-mariadb-103) + - [MySQL Tuning](#mysql-tuning) + - [Increase MariaDB open files limits](#increase-mariadb-open-files-limits) + - [Setup cronjob to optimize your MySQL databases and repair them if needed](#setup-cronjob-to-optimize-your-mysql-databases-and-repair-them-if-needed) + +- [Install WordOps](#install-wordops) + + - [enable wo bash_completion](#enable-wo-bash_completion) + - [Install Nginx, php7.2, and configure WO backend](#install-nginx-php72-and-configure-wo-backend) + - [Set your email instead of root@localhost](#set-your-email-instead-of-rootlocalhost) + - [Install Composer - Fix phpmyadmin install issue](#install-composer---fix-phpmyadmin-install-issue) + - [Allow shell for www-data for SFTP usage](#allow-shell-for-www-data-for-sftp-usage) + - [Set the proper alternative for /usr/bin/php](#set-the-proper-alternative-for-usrbinphp) + +- [NGINX Configuration](#nginx-configuration) + + - [Additional Nginx configuration (/etc/nginx/conf.d)](#additional-nginx-configuration-etcnginxconfd) + - [WO common configuration](#wo-common-configuration) + - [Compile last Nginx mainline release with nginx-ee](#compile-last-nginx-mainline-release-with-nginx-ee-scripthttpsgithubcomvirtuboxnginx-ee) + - [Custom configurations](#custom-configurations) + - [Nginx optimized configurations](#nginx-optimized-configurations-choose-one-of-them) + - [Increase Nginx open files limits](#increase-nginx-open-files-limits) + +- [Security](#security) + + - [Harden SSH Security](#harden-ssh-security) + - [UFW](#ufw) + - [Custom jails for fail2ban](#custom-jails-for-fail2ban) + - [Secure Memcached server](#secure-memcached-server) + +- [Optional](#optional) + + - [proftpd](#proftpd) + + - [Install proftpd](#install-proftpd) + - [Adding FTP users](#adding-ftp-users) + + - [ee-acme-sh](#ee-acme-sh) + + - [netdata](#netdata) + - [cht.sh (cheat)](#chtsh-cheat) + - [nanorc - Improved Nano Syntax Highlighting Files](#nanorc---improved-nano-syntax-highlighting-files) + - [Add WP-CLI & bash-completion for user www-data](#add-wp-cli--bash-completion-for-user-www-data) + +- [Cleanup previous EasyEngine v3](#cleanup-previous-easyengine-v3) + + - [Backup EEv3 configurations and files](#backup-eev3-configurations-and-files) + - [Remove EEv3 configurations and data](#remove-eev3-configurations-and-data) + - [Removing previous php versions](#removing-previous-php-versions) + +-------------------------------------------------------------------------------- Configuration files with comments available by following the link **source** @@ -33,7 +96,7 @@ Configuration files with comments available by following the link **source** ### System update and packages cleanup ```bash -apt-get update && apt-get upgrade -y && apt-get autoremove --purge -y && apt-get clean +apt-get update && apt-get dist-upgrade -y && apt-get autoremove --purge -y && apt-get clean ``` ### Install useful packages @@ -48,6 +111,12 @@ sudo apt-get install haveged curl git unzip zip fail2ban htop nload nmon ntp gnu git clone https://github.com/VirtuBox/ubuntu-nginx-web-server.git $HOME/ubuntu-nginx-web-server ``` +### Updating the repository + +```bash +git -C $HOME/ubuntu-nginx-web-server pull origin master +``` + ### Tweak Kernel & Increase open files limits [source sysctl.conf](https://github.com/VirtuBox/ubuntu-nginx-web-server/blob/master/etc/sysctl.conf) - [limits.conf source](https://github.com/VirtuBox/ubuntu-nginx-web-server/blob/master/etc/security/limits.conf) @@ -86,12 +155,14 @@ sudo bash -c 'echo -e "* hard nofile 500000\n* soft n echo never > /sys/kernel/mm/transparent_hugepage/enabled ``` -* * * +-------------------------------------------------------------------------------- -## EasyEngine Setup +## WordOps Setup ### Install MariaDB 10.3 +**WordOps already install MariaDB 10.3 by default, so this section isn't needed anymore** + Instructions available in [VirtuBox Knowledgebase](https://kb.virtubox.net/knowledgebase/install-latest-mariadb-release-easyengine/) ```bash @@ -153,7 +224,7 @@ Then add the following cronjob # noninteractive install - you can replace $USER with your username & root@$HOSTNAME by your email sudo bash -c 'echo -e "[user]\n\tname = $USER\n\temail = root@$HOSTNAME" > $HOME/.gitconfig' -wget -qO wo https://raw.githubusercontent.com/WordOps/WordOps/master/install && sudo bash wo +wget -qO wo wordops.se/tup && sudo bash wo ``` ### enable wo bash_completion @@ -162,10 +233,11 @@ wget -qO wo https://raw.githubusercontent.com/WordOps/WordOps/master/install && source /etc/bash_completion.d/wo_auto.rc ``` -### Install Nginx, php7.2, and configure WO backend +### Install Nginx, php7.2, php7.3, and configure WO backend ```bash wo stack install +wo stack install --php73 --admin ``` ### Set your email instead of root@localhost @@ -192,53 +264,9 @@ sudo -u www-data -H composer update -d /var/www/22222/htdocs/db/pma/ usermod -s /bin/bash www-data ``` -## PHP 7.1 - 7.2 - 7.3 Setup +## Install PHP -### Install php7.1-fpm - -```bash -# php7.1-fpm -apt update && apt install php7.1-fpm php7.1-cli php7.1-zip php7.1-opcache php7.1-mysql php7.1-mcrypt php7.1-mbstring php7.1-json php7.1-intl \ -php7.1-gd php7.1-curl php7.1-bz2 php7.1-xml php7.1-tidy php7.1-soap php7.1-bcmath -y php7.1-xsl - -# copy php-fpm pools & php.ini configuration -cp -rf $HOME/ubuntu-nginx-web-server/etc/php/7.1/fpm/* /etc/php/7.1/fpm/ -cp -rf $HOME/ubuntu-nginx-web-server/etc/php/7.1/cli/* /etc/php/7.1/cli/ -service php7.1-fpm restart - -git -C /etc/php/ add /etc/php/ && git -C /etc/php/ commit -m "add php7.1 configuration" - -``` - -### Install php7.2-fpm - -```bash -# php7.2-fpm -apt update && apt install php7.2-fpm php7.2-xml php7.2-bz2 php7.2-zip php7.2-mysql php7.2-intl php7.2-gd php7.2-curl php7.2-soap php7.2-mbstring php7.2-bcmath -y - -# copy php-fpm pools & php.ini configuration -cp -rf $HOME/ubuntu-nginx-web-server/etc/php/7.2/fpm/* /etc/php/7.2/fpm/ -cp -rf $HOME/ubuntu-nginx-web-server/etc/php/7.2/cli/* /etc/php/7.2/cli/ -service php7.2-fpm restart - -git -C /etc/php/ add /etc/php/ && git -C /etc/php/ commit -m "add php7.2 configuration" - -``` - -### Install php7.3-fpm - -```bash -# php7.3-fpm -apt update && apt install php7.3-fpm php7.3-xml php7.3-bz2 php7.3-zip php7.3-mysql php7.3-intl php7.3-gd php7.3-curl php7.3-soap php7.3-mbstring php7.3-bcmath -y - -# copy php-fpm pools & php.ini configuration -cp -rf $HOME/ubuntu-nginx-web-server/etc/php/7.3/fpm/* /etc/php/7.3/fpm/ -cp -rf $HOME/ubuntu-nginx-web-server/etc/php/7.3/cli/* /etc/php/7.3/cli/ -service php7.3-fpm restart - -git -C /etc/php/ add /etc/php/ && git -C /etc/php/ commit -m "add php7.3 configuration" - -``` +This section has been removed because WordOps already install PHP 7.2 & PHP 7.3 by default ### Set the proper alternative for /usr/bin/php @@ -267,9 +295,6 @@ Then you can check php version with command `php -v` ### Additional Nginx configuration (/etc/nginx/conf.d) -- New upstreams (php7.1, php7.2, php7.3, netdata and php via unix socket) : upstream.conf -- webp image mapping : webp.conf -- new fastcgi_cache_bypass mapping for wordpress : map-wp-fastcgi-cache.conf - stub_status configuration on 127.0.0.1:80 : stub_status.conf - restore visitor real IP under Cloudflare : cloudflare.conf @@ -283,8 +308,6 @@ git -C /etc/nginx/ add /etc/nginx/ && git -C /etc/nginx/ commit -m "update conf. ### WO common configuration -- mitigate WordPress DoS attack (wpcommon-phpX.conf) -- webp image conditional rewrite (wpcommon-phpX.conf) - additional directives to prevent hack (locations-phpX.conf) ```bash @@ -294,17 +317,19 @@ cp -rf $HOME/ubuntu-nginx-web-server/etc/nginx/common/* /etc/nginx/common/ git -C /etc/nginx/ add /etc/nginx/ && git -C /etc/nginx/ commit -m "update common configurations" ``` -### Compile last Nginx mainline release with [nginx-ee script](https://github.com/VirtuBox/nginx-ee) +### Compile the latest Nginx release with [nginx-ee](https://github.com/VirtuBox/nginx-ee) ```bash bash <(wget -O - virtubox.net/nginx-ee || curl -sL virtubox.net/nginx-ee) ``` -* * * +-------------------------------------------------------------------------------- ## Custom configurations -### Nginx optimized configurations (choose one of them) +### Nginx optimized configurations + +Choose one of them ```bash # TLSv1.2 TLSv1.3 only (recommended) @@ -315,7 +340,9 @@ cp -f $HOME/ubuntu-nginx-web-server/etc/nginx/nginx.conf /etc/nginx/nginx-interm # TLSv1.2 only cp -f $HOME/ubuntu-nginx-web-server/etc/nginx/nginx.conf /etc/nginx/nginx-tlsv12.conf +``` +```bash # commit change with git git -C /etc/nginx/ add /etc/nginx/ && git -C /etc/nginx/ commit -m "update nginx.conf configurations" ``` @@ -340,15 +367,17 @@ sudo systemctl daemon-reload sudo systemctl restart nginx.service ``` -* * * +-------------------------------------------------------------------------------- ## Security ### Harden SSH Security -WARNING : SSH Configuration with root login allowed using SSH keys only [source](https://github.com/VirtuBox/ubuntu-nginx-web-server/blob/master/etc/ssh/sshd_config) +WARNING : SSH Configuration with root login allowed using SSH keys only [source](https://github.com/VirtuBox/ubuntu-nginx-web-server/blob/master/etc/ssh/sshd_config) - cp -f $HOME/ubuntu-nginx-web-server/etc/ssh/sshd_config /etc/ssh/sshd_config +``` +cp -f $HOME/ubuntu-nginx-web-server/etc/ssh/sshd_config /etc/ssh/sshd_config +``` ### UFW @@ -409,7 +438,7 @@ sudo systemctl stop memcached sudo systemctl disable memcached.service ``` -* * * +-------------------------------------------------------------------------------- ## Optional @@ -463,7 +492,7 @@ adduser --home /var/www/yourdomain.tld/ --shell /bin/false --ingroup www-data yo chmod -R g+rw /var/www/yourdomain.tld ``` -* * * +-------------------------------------------------------------------------------- ### ee-acme-sh @@ -482,14 +511,13 @@ chmod +x install-ee-acme.sh source .bashrc ``` -* * * +-------------------------------------------------------------------------------- ### netdata [Github repository](https://github.com/firehol/netdata) ```bash - # save 40-60% of netdata memory echo 1 >/sys/kernel/mm/ksm/run echo 1000 >/sys/kernel/mm/ksm/sleep_millisecs @@ -509,7 +537,7 @@ sudo sed -i 's/SEND_EMAIL="YES"/SEND_EMAIL="NO"/' /usr/lib/netdata/conf.d/health service netdata restart ``` -* * * +-------------------------------------------------------------------------------- ### cht.sh (cheat) @@ -545,7 +573,7 @@ root@vps:~ cheat cat cat -n file ``` -* * * +-------------------------------------------------------------------------------- ### nanorc - Improved Nano Syntax Highlighting Files @@ -555,7 +583,7 @@ root@vps:~ cheat cat wget https://raw.githubusercontent.com/scopatz/nanorc/master/install.sh -qO- | sh ``` -* * * +-------------------------------------------------------------------------------- ### Add WP-CLI & bash-completion for user www-data @@ -573,21 +601,32 @@ cp -f $HOME/ubuntu-nginx-web-server/var/www/.* /var/www/ chown www-data:www-data /var/www/{.profile,.bashrc} ``` -### Custom Nginx error pages +## Cleanup previous EasyEngine v3 -[Github Repository](https://github.com/alexphelps/server-error-pages) - -Installation +### Backup EEv3 configurations and files ```bash -# clone the github repository -sudo -u www-data -H git clone https://github.com/alexphelps/server-error-pages.git /var/www/error +tar -I pigz -cvf $HOME/ee-backup.tar.gz /etc/ee /var/lib/ee /usr/lib/ee/templates ``` -Then include this configuration in your nginx vhost by adding the following line +### Remove EEv3 configurations and data ```bash -include common/error_pages.conf; +# main ee directories +rm -rf /etc/ee /var/lib/ee /usr/lib/ee /usr/local/bin/ee /etc/bash_completion.d/ee_auto.rc + +# python package +rm -rf /usr/local/lib/python3.6/dist-packages/ee-3.* +``` + +### Removing previous php versions + +```bash +# php5.6 +apt-get -y autoremove php5.6-fpm php5.6-common --purge + +# php7.0 +apt-get -y autoremove php7.0-fpm php7.0-common --purge ``` Published & maintained by [VirtuBox](https://virtubox.net) diff --git a/docs/README.md b/docs/README.md index 8fdb3c8..8403e63 100644 --- a/docs/README.md +++ b/docs/README.md @@ -1,4 +1,4 @@ -# Optimized configuration for Ubuntu server with WordOps +# Optimized configuration for WordOps running on Ubuntu server ## Server Stack @@ -12,19 +12,81 @@ - Netdata - UFW -* * * +-------------------------------------------------------------------------------- ![](https://img.shields.io/github/license/virtubox/ubuntu-nginx-web-server.svg?style=flat) ![last-commit](https://img.shields.io/github/last-commit/virtubox/ubuntu-nginx-web-server.svg?style=flat) ![stars](https://img.shields.io/github/stars/VirtuBox/ubuntu-nginx-web-server.svg?style=flat) ### Info -**As EasyEngine v3 will no longer receive any updates, configurations available in this repository are going to be updated for [WordOps](https://wordops.org/) (EEv3 fork).** +**As EasyEngine v3 will no longer receive any updates, configurations available in this repository are being updated for [WordOps](https://wordops.org/) (EEv3 fork).** + +We are currently contributing to WordOps project to include the most part of custom configurations available in this repository All previous configurations are still available in the branch [easyengine-v3](https://github.com/VirtuBox/ubuntu-nginx-web-server/tree/easyengine-v3). -To automate WordOps deployement, we have published a bash script [wo-nginx-setup](https://github.com/VirtuBox/wo-nginx-setup). +-------------------------------------------------------------------------------- -* * * +- [Initial configuration](#initial-configuration) + + - [System update and packages cleanup](#system-update-and-packages-cleanup) + - [Install useful packages](#install-useful-packages) + - [Clone the repository](#clone-the-repository) + - [Updating the repository](#updating-the-repository) + - [Tweak Kernel & Increase open files limits](#tweak-kernel--increase-open-files-limits) + - [disable transparent hugepage for redis](#disable-transparent-hugepage-for-redis) + +- [WordOps Setup](#wordops-setup) + + - [Install MariaDB 10.3](#install-mariadb-103) + - [MySQL Tuning](#mysql-tuning) + - [Increase MariaDB open files limits](#increase-mariadb-open-files-limits) + - [Setup cronjob to optimize your MySQL databases and repair them if needed](#setup-cronjob-to-optimize-your-mysql-databases-and-repair-them-if-needed) + +- [Install WordOps](#install-wordops) + + - [enable wo bash_completion](#enable-wo-bash_completion) + - [Install Nginx, php7.2, and configure WO backend](#install-nginx-php72-and-configure-wo-backend) + - [Set your email instead of root@localhost](#set-your-email-instead-of-rootlocalhost) + - [Install Composer - Fix phpmyadmin install issue](#install-composer---fix-phpmyadmin-install-issue) + - [Allow shell for www-data for SFTP usage](#allow-shell-for-www-data-for-sftp-usage) + - [Set the proper alternative for /usr/bin/php](#set-the-proper-alternative-for-usrbinphp) + +- [NGINX Configuration](#nginx-configuration) + + - [Additional Nginx configuration (/etc/nginx/conf.d)](#additional-nginx-configuration-etcnginxconfd) + - [WO common configuration](#wo-common-configuration) + - [Compile last Nginx mainline release with nginx-ee](#compile-last-nginx-mainline-release-with-nginx-ee-scripthttpsgithubcomvirtuboxnginx-ee) + - [Custom configurations](#custom-configurations) + - [Nginx optimized configurations](#nginx-optimized-configurations-choose-one-of-them) + - [Increase Nginx open files limits](#increase-nginx-open-files-limits) + +- [Security](#security) + + - [Harden SSH Security](#harden-ssh-security) + - [UFW](#ufw) + - [Custom jails for fail2ban](#custom-jails-for-fail2ban) + - [Secure Memcached server](#secure-memcached-server) + +- [Optional](#optional) + + - [proftpd](#proftpd) + + - [Install proftpd](#install-proftpd) + - [Adding FTP users](#adding-ftp-users) + + - [ee-acme-sh](#ee-acme-sh) + - [netdata](#netdata) + - [cht.sh (cheat)](#chtsh-cheat) + - [nanorc - Improved Nano Syntax Highlighting Files](#nanorc---improved-nano-syntax-highlighting-files) + - [Add WP-CLI & bash-completion for user www-data](#add-wp-cli--bash-completion-for-user-www-data) + +- [Cleanup previous EasyEngine v3](#cleanup-previous-easyengine-v3) + + - [Backup EEv3 configurations and files](#backup-eev3-configurations-and-files) + - [Remove EEv3 configurations and data](#remove-eev3-configurations-and-data) + - [Removing previous php versions](#removing-previous-php-versions) + +-------------------------------------------------------------------------------- Configuration files with comments available by following the link **source** @@ -33,7 +95,7 @@ Configuration files with comments available by following the link **source** ### System update and packages cleanup ```bash -apt-get update && apt-get upgrade -y && apt-get autoremove --purge -y && apt-get clean +apt-get update && apt-get dist-upgrade -y && apt-get autoremove --purge -y && apt-get clean ``` ### Install useful packages @@ -48,6 +110,12 @@ sudo apt-get install haveged curl git unzip zip fail2ban htop nload nmon ntp gnu git clone https://github.com/VirtuBox/ubuntu-nginx-web-server.git $HOME/ubuntu-nginx-web-server ``` +### Updating the repository + +```bash +git -C $HOME/ubuntu-nginx-web-server pull origin master +``` + ### Tweak Kernel & Increase open files limits [source sysctl.conf](https://github.com/VirtuBox/ubuntu-nginx-web-server/blob/master/etc/sysctl.conf) - [limits.conf source](https://github.com/VirtuBox/ubuntu-nginx-web-server/blob/master/etc/security/limits.conf) @@ -86,12 +154,14 @@ sudo bash -c 'echo -e "* hard nofile 500000\n* soft n echo never > /sys/kernel/mm/transparent_hugepage/enabled ``` -* * * +-------------------------------------------------------------------------------- -## EasyEngine Setup +## WordOps Setup ### Install MariaDB 10.3 +**WordOps already install MariaDB 10.3 by default, so this section isn't needed anymore** + Instructions available in [VirtuBox Knowledgebase](https://kb.virtubox.net/knowledgebase/install-latest-mariadb-release-easyengine/) ```bash @@ -153,7 +223,7 @@ Then add the following cronjob # noninteractive install - you can replace $USER with your username & root@$HOSTNAME by your email sudo bash -c 'echo -e "[user]\n\tname = $USER\n\temail = root@$HOSTNAME" > $HOME/.gitconfig' -wget -qO wo https://raw.githubusercontent.com/WordOps/WordOps/master/install && sudo bash wo +wget -qO wo wordops.se/tup && sudo bash wo ``` ### enable wo bash_completion @@ -162,10 +232,11 @@ wget -qO wo https://raw.githubusercontent.com/WordOps/WordOps/master/install && source /etc/bash_completion.d/wo_auto.rc ``` -### Install Nginx, php7.2, and configure WO backend +### Install Nginx, php7.2, php7.3, and configure WO backend ```bash wo stack install +wo stack install --php73 --admin ``` ### Set your email instead of root@localhost @@ -192,53 +263,9 @@ sudo -u www-data -H composer update -d /var/www/22222/htdocs/db/pma/ usermod -s /bin/bash www-data ``` -## PHP 7.1 - 7.2 - 7.3 Setup +## Install PHP -### Install php7.1-fpm - -```bash -# php7.1-fpm -apt update && apt install php7.1-fpm php7.1-cli php7.1-zip php7.1-opcache php7.1-mysql php7.1-mcrypt php7.1-mbstring php7.1-json php7.1-intl \ -php7.1-gd php7.1-curl php7.1-bz2 php7.1-xml php7.1-tidy php7.1-soap php7.1-bcmath -y php7.1-xsl - -# copy php-fpm pools & php.ini configuration -cp -rf $HOME/ubuntu-nginx-web-server/etc/php/7.1/fpm/* /etc/php/7.1/fpm/ -cp -rf $HOME/ubuntu-nginx-web-server/etc/php/7.1/cli/* /etc/php/7.1/cli/ -service php7.1-fpm restart - -git -C /etc/php/ add /etc/php/ && git -C /etc/php/ commit -m "add php7.1 configuration" - -``` - -### Install php7.2-fpm - -```bash -# php7.2-fpm -apt update && apt install php7.2-fpm php7.2-xml php7.2-bz2 php7.2-zip php7.2-mysql php7.2-intl php7.2-gd php7.2-curl php7.2-soap php7.2-mbstring php7.2-bcmath -y - -# copy php-fpm pools & php.ini configuration -cp -rf $HOME/ubuntu-nginx-web-server/etc/php/7.2/fpm/* /etc/php/7.2/fpm/ -cp -rf $HOME/ubuntu-nginx-web-server/etc/php/7.2/cli/* /etc/php/7.2/cli/ -service php7.2-fpm restart - -git -C /etc/php/ add /etc/php/ && git -C /etc/php/ commit -m "add php7.2 configuration" - -``` - -### Install php7.3-fpm - -```bash -# php7.3-fpm -apt update && apt install php7.3-fpm php7.3-xml php7.3-bz2 php7.3-zip php7.3-mysql php7.3-intl php7.3-gd php7.3-curl php7.3-soap php7.3-mbstring php7.3-bcmath -y - -# copy php-fpm pools & php.ini configuration -cp -rf $HOME/ubuntu-nginx-web-server/etc/php/7.3/fpm/* /etc/php/7.3/fpm/ -cp -rf $HOME/ubuntu-nginx-web-server/etc/php/7.3/cli/* /etc/php/7.3/cli/ -service php7.3-fpm restart - -git -C /etc/php/ add /etc/php/ && git -C /etc/php/ commit -m "add php7.3 configuration" - -``` +This section has been removed because WordOps already install PHP 7.2 & PHP 7.3 by default ### Set the proper alternative for /usr/bin/php @@ -267,9 +294,6 @@ Then you can check php version with command `php -v` ### Additional Nginx configuration (/etc/nginx/conf.d) -- New upstreams (php7.1, php7.2, php7.3, netdata and php via unix socket) : upstream.conf -- webp image mapping : webp.conf -- new fastcgi_cache_bypass mapping for wordpress : map-wp-fastcgi-cache.conf - stub_status configuration on 127.0.0.1:80 : stub_status.conf - restore visitor real IP under Cloudflare : cloudflare.conf @@ -283,8 +307,6 @@ git -C /etc/nginx/ add /etc/nginx/ && git -C /etc/nginx/ commit -m "update conf. ### WO common configuration -- mitigate WordPress DoS attack (wpcommon-phpX.conf) -- webp image conditional rewrite (wpcommon-phpX.conf) - additional directives to prevent hack (locations-phpX.conf) ```bash @@ -294,17 +316,19 @@ cp -rf $HOME/ubuntu-nginx-web-server/etc/nginx/common/* /etc/nginx/common/ git -C /etc/nginx/ add /etc/nginx/ && git -C /etc/nginx/ commit -m "update common configurations" ``` -### Compile last Nginx mainline release with [nginx-ee script](https://github.com/VirtuBox/nginx-ee) +### Compile the latest Nginx release with [nginx-ee](https://github.com/VirtuBox/nginx-ee) ```bash bash <(wget -O - virtubox.net/nginx-ee || curl -sL virtubox.net/nginx-ee) ``` -* * * +-------------------------------------------------------------------------------- ## Custom configurations -### Nginx optimized configurations (choose one of them) +### Nginx optimized configurations + +Choose one of them ```bash # TLSv1.2 TLSv1.3 only (recommended) @@ -315,7 +339,9 @@ cp -f $HOME/ubuntu-nginx-web-server/etc/nginx/nginx.conf /etc/nginx/nginx-interm # TLSv1.2 only cp -f $HOME/ubuntu-nginx-web-server/etc/nginx/nginx.conf /etc/nginx/nginx-tlsv12.conf +``` +```bash # commit change with git git -C /etc/nginx/ add /etc/nginx/ && git -C /etc/nginx/ commit -m "update nginx.conf configurations" ``` @@ -340,15 +366,17 @@ sudo systemctl daemon-reload sudo systemctl restart nginx.service ``` -* * * +-------------------------------------------------------------------------------- ## Security ### Harden SSH Security -WARNING : SSH Configuration with root login allowed using SSH keys only [source](https://github.com/VirtuBox/ubuntu-nginx-web-server/blob/master/etc/ssh/sshd_config) +WARNING : SSH Configuration with root login allowed using SSH keys only [source](https://github.com/VirtuBox/ubuntu-nginx-web-server/blob/master/etc/ssh/sshd_config) - cp -f $HOME/ubuntu-nginx-web-server/etc/ssh/sshd_config /etc/ssh/sshd_config +``` +cp -f $HOME/ubuntu-nginx-web-server/etc/ssh/sshd_config /etc/ssh/sshd_config +``` ### UFW @@ -409,7 +437,7 @@ sudo systemctl stop memcached sudo systemctl disable memcached.service ``` -* * * +-------------------------------------------------------------------------------- ## Optional @@ -463,7 +491,7 @@ adduser --home /var/www/yourdomain.tld/ --shell /bin/false --ingroup www-data yo chmod -R g+rw /var/www/yourdomain.tld ``` -* * * +-------------------------------------------------------------------------------- ### ee-acme-sh @@ -482,14 +510,13 @@ chmod +x install-ee-acme.sh source .bashrc ``` -* * * +-------------------------------------------------------------------------------- ### netdata [Github repository](https://github.com/firehol/netdata) ```bash - # save 40-60% of netdata memory echo 1 >/sys/kernel/mm/ksm/run echo 1000 >/sys/kernel/mm/ksm/sleep_millisecs @@ -509,7 +536,7 @@ sudo sed -i 's/SEND_EMAIL="YES"/SEND_EMAIL="NO"/' /usr/lib/netdata/conf.d/health service netdata restart ``` -* * * +-------------------------------------------------------------------------------- ### cht.sh (cheat) @@ -545,7 +572,7 @@ root@vps:~ cheat cat cat -n file ``` -* * * +-------------------------------------------------------------------------------- ### nanorc - Improved Nano Syntax Highlighting Files @@ -555,7 +582,7 @@ root@vps:~ cheat cat wget https://raw.githubusercontent.com/scopatz/nanorc/master/install.sh -qO- | sh ``` -* * * +-------------------------------------------------------------------------------- ### Add WP-CLI & bash-completion for user www-data @@ -573,21 +600,32 @@ cp -f $HOME/ubuntu-nginx-web-server/var/www/.* /var/www/ chown www-data:www-data /var/www/{.profile,.bashrc} ``` -### Custom Nginx error pages +## Cleanup previous EasyEngine v3 -[Github Repository](https://github.com/alexphelps/server-error-pages) - -Installation +### Backup EEv3 configurations and files ```bash -# clone the github repository -sudo -u www-data -H git clone https://github.com/alexphelps/server-error-pages.git /var/www/error +tar -I pigz -cvf $HOME/ee-backup.tar.gz /etc/ee /var/lib/ee /usr/lib/ee/templates ``` -Then include this configuration in your nginx vhost by adding the following line +### Remove EEv3 configurations and data ```bash -include common/error_pages.conf; +# main ee directories +rm -rf /etc/ee /var/lib/ee /usr/lib/ee /usr/local/bin/ee /etc/bash_completion.d/ee_auto.rc + +# python package +rm -rf /usr/local/lib/python3.6/dist-packages/ee-3.* +``` + +### Removing previous php versions + +```bash +# php5.6 +apt-get -y autoremove php5.6-fpm php5.6-common --purge + +# php7.0 +apt-get -y autoremove php7.0-fpm php7.0-common --purge ``` Published & maintained by [VirtuBox](https://virtubox.net) diff --git a/etc/cron.weekly/wo-maintenance b/etc/cron.weekly/wo-maintenance new file mode 100644 index 0000000..84fd7cd --- /dev/null +++ b/etc/cron.weekly/wo-maintenance @@ -0,0 +1,12 @@ +#!/bin/sh + +# update wp-cli +[ -x /usr/bin/wp ] && { + /usr/bin/wp cli update --yes --allow-root +} > /dev/null 2>&1 + +# optimize mysql databases +if [ -x /usr/bin/mysqlcheck ] && [ -f /root/.my.cnf ]; then + /usr/bin/mysqlcheck -Aos --auto-repair > /dev/null 2>&1 +fi + diff --git a/etc/nginx/common/error_pages.conf b/etc/nginx/common/error_pages.conf deleted file mode 100644 index 2151e66..0000000 --- a/etc/nginx/common/error_pages.conf +++ /dev/null @@ -1,16 +0,0 @@ -error_page 400 /400-error.html; -error_page 401 /401-error.html; -error_page 403 /403-error.html; -error_page 404 /404-error.html; -error_page 500 /500-error.html; -error_page 503 /503-error.html; -error_page 504 /504-error.html; - -location ~ /(.*)-error.html { - try_files $1-error.html @error; - internal; -} - -location @error { - root /var/www/error/_site; -} diff --git a/etc/nginx/common/ocsp.conf b/etc/nginx/common/ocsp.conf index ecaf3b4..3d06b5b 100644 --- a/etc/nginx/common/ocsp.conf +++ b/etc/nginx/common/ocsp.conf @@ -1,4 +1,3 @@ ##OCSP settings -ssl_stapling on; ssl_stapling_verify on; #ssl_trusted_certificate /etc/ssl/private/ocsp-certs.pem; # <- Add signing certs here diff --git a/etc/nginx/common/php72-tcp.conf b/etc/nginx/common/php72-tcp.conf deleted file mode 100644 index 92ea6e9..0000000 --- a/etc/nginx/common/php72-tcp.conf +++ /dev/null @@ -1,10 +0,0 @@ -# PHP NGINX CONFIGURATION -# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee) -location / { - try_files $uri $uri/ /index.php?$args; -} -location ~ \.php$ { - try_files $uri =404; - include fastcgi_params; - fastcgi_pass php72-tcp; -} diff --git a/etc/nginx/common/php73.conf b/etc/nginx/common/php73.conf deleted file mode 100644 index ed59698..0000000 --- a/etc/nginx/common/php73.conf +++ /dev/null @@ -1,10 +0,0 @@ -# PHP NGINX CONFIGURATION -# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee) -location / { - try_files $uri $uri/ /index.php$is_args$args; -} -location ~ \.php$ { - try_files $uri =404; - include fastcgi_params; - fastcgi_pass php73; -} diff --git a/etc/nginx/common/redis-php72.conf b/etc/nginx/common/redis-php72.conf deleted file mode 100644 index b1a4e28..0000000 --- a/etc/nginx/common/redis-php72.conf +++ /dev/null @@ -1,56 +0,0 @@ -# Redis NGINX CONFIGURATION -# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee) -set $skip_cache 0; -# POST requests and URL with a query string should always go to php -if ($request_method = POST) { - set $skip_cache 1; -} -if ($query_string != "") { - set $skip_cache 1; -} -# Don't cache URL containing the following segments -if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|wp-.*\.php|index.php|/feed/|.*sitemap.*\.xml)") { - set $skip_cache 1; -} -# Don't use the cache for logged in users or recent commenter or customer with items in cart -if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|[a-z0-9]+_items_in_cart") { - set $skip_cache 1; -} -# Use cached or actual file if they exists, Otherwise pass request to WordPress -location / { - try_files $uri $uri/ /index.php$is_args$args; -} - -location /redis-fetch { - internal ; - set $redis_key $args; - redis_pass redis; -} -location /redis-store { - internal ; - set_unescape_uri $key $arg_key ; - redis2_query set $key $echo_request_body; - redis2_query expire $key 14400; - redis2_pass redis; -} - -location ~ \.php$ { - set $key "nginx-cache:$scheme$request_method$host$request_uri"; - try_files $uri =404; - - srcache_fetch_skip $skip_cache; - srcache_store_skip $skip_cache; - - srcache_response_cache_control off; - - set_escape_uri $escaped_key $key; - - srcache_fetch GET /redis-fetch $key; - srcache_store PUT /redis-store key=$escaped_key; - - more_set_headers 'X-SRCache-Fetch-Status $srcache_fetch_status'; - more_set_headers 'X-SRCache-Store-Status $srcache_store_status'; - - include fastcgi_params; - fastcgi_pass php72; -} diff --git a/etc/nginx/common/w3tc-php72.conf b/etc/nginx/common/w3tc-php72.conf deleted file mode 100644 index 0f194b5..0000000 --- a/etc/nginx/common/w3tc-php72.conf +++ /dev/null @@ -1,31 +0,0 @@ - -# W3TC NGINX CONFIGURATION -# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee) -set $cache_uri $request_uri; -# POST requests and URL with a query string should always go to php -if ($request_method = POST) { - set $cache_uri 'null cache'; -} -if ($query_string != "") { - set $cache_uri 'null cache'; -} -# Don't cache URL containing the following segments -if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|wp-.*\.php|index.php|/feed/|.*sitemap.*\.xml)") { - set $cache_uri 'null cache'; -} -# Don't use the cache for logged in users or recent commenter or customer with items in cart -if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|[a-z0-9]+_items_in_cart") { - set $cache_uri 'null cache'; -} -# Use cached or actual file if they exists, Otherwise pass request to WordPress -location / { - try_files /wp-content/cache/page_enhanced/${host}${cache_uri}_index.html $uri $uri/ /index.php$is_args$args; -} -location ~ ^/wp-content/cache/minify/(.+\.(css|js))$ { - try_files $uri /wp-content/plugins/w3-total-cache/pub/minify.php?file=$1; -} -location ~ \.php$ { - try_files $uri =404; - include fastcgi_params; - fastcgi_pass php72; -} diff --git a/etc/nginx/common/wp-fcgi-cache-php72.conf b/etc/nginx/common/wp-fcgi-cache-php72.conf deleted file mode 100644 index 2cedc18..0000000 --- a/etc/nginx/common/wp-fcgi-cache-php72.conf +++ /dev/null @@ -1,25 +0,0 @@ -# wordpress fastcgi cache configuration - -add_header X-fastcgi-cache $upstream_cache_status; - -location / { - try_files $uri $uri/ /index.php$is_args$args; -} - -location ~ \.php$ { - try_files $uri =404; - include fastcgi_params; - fastcgi_pass php72; - - fastcgi_cache_bypass $skip_cache; - fastcgi_no_cache $skip_cache; - - fastcgi_cache WORDPRESS; - fastcgi_cache_valid 200 60m; - -} - -location ~ /purge(/.*) { - fastcgi_cache_purge WORDPRESS "$scheme$request_method$host$1"; - access_log off; - } diff --git a/etc/nginx/common/wpfc-php72.conf b/etc/nginx/common/wpfc-php72.conf deleted file mode 100644 index eefad1e..0000000 --- a/etc/nginx/common/wpfc-php72.conf +++ /dev/null @@ -1,37 +0,0 @@ -# WPFC NGINX CONFIGURATION -# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee) -set $skip_cache 0; -# POST requests and URL with a query string should always go to php -if ($request_method = POST) { - set $skip_cache 1; -} -if ($query_string != "") { - set $skip_cache 1; -} -# Don't cache URL containing the following segments -if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|wp-.*\.php|index.php|/feed/|.*sitemap.*\.xml)") { - set $skip_cache 1; -} -# Don't use the cache for logged in users or recent commenter or customer with items in cart -if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|[a-z0-9]+_items_in_cart") { - set $skip_cache 1; -} -# Use cached or actual file if they exists, Otherwise pass request to WordPress -location / { - try_files $uri $uri/ /index.php$is_args$args; -} -location ~ ^/wp-content/cache/minify/(.+\.(css|js))$ { - try_files $uri /wp-content/plugins/w3-total-cache/pub/minify.php?file=$1; -} -location ~ \.php$ { - try_files $uri =404; - include fastcgi_params; - fastcgi_pass php72; - fastcgi_cache_bypass $skip_cache; - fastcgi_no_cache $skip_cache; - fastcgi_cache WORDPRESS; -} -location ~ /purge(/.*) { - fastcgi_cache_purge WORDPRESS "$scheme$request_method$host$1"; - access_log off; -} diff --git a/etc/nginx/common/wpsc-php72.conf b/etc/nginx/common/wpsc-php72.conf deleted file mode 100644 index 1abc396..0000000 --- a/etc/nginx/common/wpsc-php72.conf +++ /dev/null @@ -1,31 +0,0 @@ -# WPSC NGINX CONFIGURATION -# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee) -set $cache_uri $request_uri; -# POST requests and URL with a query string should always go to php -if ($request_method = POST) { - set $cache_uri 'null cache'; -} -if ($query_string != "") { - set $cache_uri 'null cache'; -} -# Don't cache URL containing the following segments -if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|wp-.*\.php|index.php|/feed/|.*sitemap.*\.xml)") { - set $cache_uri 'null cache'; -} -# Don't use the cache for logged in users or recent commenter or customer with items in cart -if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|[a-z0-9]+_items_in_cart") { - set $cache_uri 'null cache'; -} -# Use cached or actual file if they exists, Otherwise pass request to WordPress -location / { - # If we add index.php?$args its break WooCommerce like plugins - # Ref: #330 - try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php; -} -location ~ \.php$ { - try_files $uri =404; - include fastcgi_params; - fastcgi_pass php72; - # Following line is needed by WP Super Cache plugin - fastcgi_param SERVER_NAME $http_host; -} diff --git a/etc/nginx/conf.d/fastcgi.conf b/etc/nginx/conf.d/fastcgi.conf index b8b9547..3c3b97d 100644 --- a/etc/nginx/conf.d/fastcgi.conf +++ b/etc/nginx/conf.d/fastcgi.conf @@ -19,5 +19,5 @@ fastcgi_cache_lock on; fastcgi_cache_lock_age 1s; fastcgi_cache_lock_timeout 3s; -# comment the following line if you run nginx < 1.15.6 -fastcgi_socket_keepalive on; +# uncomment the following line if you run nginx 1.15.6 or earlier +# fastcgi_socket_keepalive on; diff --git a/etc/nginx/conf.d/map-wp-fastcgi-cache.conf b/etc/nginx/conf.d/map-wp-fastcgi-cache.conf deleted file mode 100644 index 170b8eb..0000000 --- a/etc/nginx/conf.d/map-wp-fastcgi-cache.conf +++ /dev/null @@ -1,36 +0,0 @@ -map $http_x_requested_with $http_request_no_cache { - default 0; - XMLHttpRequest 1; -} -map $http_cookie $cookie_no_cache { - default 0; - "~*wordpress_[a-f0-9]+" 1; - "~*wp-postpass" 1; - "~*wordpress_logged_in" 1; - "~*wordpress_no_cache" 1; - "~*comment_author" 1; - "~*woocommerce_items_in_cart" 1; - "~*woocommerce_cart_hash" 1; - "~*wptouch_switch_toogle" 1; - "~*comment_author_email_" 1; -} -map $request_uri $uri_no_cache { - default 0; - "~*/wp-admin/" 1; - "~*/wp-[a-zA-Z0-9-]+.php" 1; - "~*/feed/" 1; - "~*/index.php" 1; - "~*/[a-z0-9_-]+-sitemap([0-9]+)?.xml" 1; - "~*/sitemap(_index)?.xml" 1; - "~*/wp-comments-popup.php" 1; - "~*/wp-links-opml.php" 1; - "~*/xmlrpc.php" 1; -} -map $is_args $query_no_cache { - default 1; - "" 0; -} -map $http_request_no_cache$cookie_no_cache$uri_no_cache$query_no_cache $skip_cache { - default 1; - 0000 0; -} diff --git a/etc/nginx/conf.d/stub_status.conf b/etc/nginx/conf.d/stub_status.conf index 35a410d..52aa1f4 100644 --- a/etc/nginx/conf.d/stub_status.conf +++ b/etc/nginx/conf.d/stub_status.conf @@ -1,8 +1,5 @@ upstream phpstatus { - server 127.0.0.1:9000; server unix:/run/php/php7.2-fpm.sock; - server 127.0.0.1:9090; - server unix:/run/php72-fpm.sock; } server { diff --git a/etc/nginx/conf.d/upstream.conf b/etc/nginx/conf.d/upstream.conf deleted file mode 100644 index 68fd039..0000000 --- a/etc/nginx/conf.d/upstream.conf +++ /dev/null @@ -1,91 +0,0 @@ -# Common upstream settings -# php5.6 & php7.0 are replaced by php7.2 - -################## -# php5.6-fpm -################## - -upstream php { -least_conn; - -server unix:/var/run/php/php72-fpm.sock; -server unix:/var/run/php/php72-sock-two-fpm.sock; - -keepalive 5; -} - -upstream debug { -# Debug Pool -server 127.0.0.1:9001; -} - -################## -# php7.0-fpm -################## - -# load-balancing on unix socket -upstream php7 { -least_conn; - -server unix:/var/run/php/php72-fpm.sock; -server unix:/var/run/php/php72-sock-two-fpm.sock; - -keepalive 5; -} - -################## -# php7.2-fpm -################## - -# load-balancing on unix socket -upstream php72 { -least_conn; - -server unix:/var/run/php/php72-sock-fpm.sock; -server unix:/var/run/php/php72-sock-two-fpm.sock; - -keepalive 5; -} - -# PHP 7.2 debug -upstream debug72 { -# Debug Pool -server 127.0.0.1:9172; -} - -################## -# php7.3-fpm -################## - -# load-balancing on unix socket -upstream php73 { -least_conn; - -server unix:/var/run/php/php73-sock-fpm.sock; -server unix:/var/run/php/php73-sock-two-fpm.sock; - -keepalive 5; -} - -upstream debug73 { -# Debug Pool -server 127.0.0.1:9173; -} - -################## -# redis -################## - -upstream redis { - server 127.0.0.1:6379; - keepalive 10; -} - -################## -# netdata -################## - -upstream netdata { - server 127.0.0.1:19999; - keepalive 64; -} diff --git a/etc/nginx/conf.d/webp.conf b/etc/nginx/conf.d/webp.conf deleted file mode 100644 index f724280..0000000 --- a/etc/nginx/conf.d/webp.conf +++ /dev/null @@ -1,4 +0,0 @@ -map $http_accept $webp_suffix { - default ""; - "~*webp" ".webp"; -} diff --git a/etc/nginx/nginx-intermediate.conf b/etc/nginx/nginx-intermediate.conf index 3e4b8c1..5c378e7 100644 --- a/etc/nginx/nginx-intermediate.conf +++ b/etc/nginx/nginx-intermediate.conf @@ -33,7 +33,7 @@ http server_tokens off; reset_timedout_connection on; - add_header X-Powered-By "EasyEngine v3.8.1 - Optimized by VirtuBox"; + add_header X-Powered-By "WordOps v3.9.4 - Optimized by VirtuBox"; add_header rt-Fastcgi-Cache $upstream_cache_status; # Limit Request @@ -99,7 +99,6 @@ http more_set_headers "X-Content-Type-Options : nosniff"; more_set_headers "Referrer-Policy : strict-origin-when-cross-origin"; more_set_headers "X-Download-Options : noopen"; - add_header Feature-Policy "geolocation none;midi none;notifications none;push none;sync-xhr none;microphone none;camera none;magnetometer none;gyroscope none;speaker self;vibrate none;fullscreen self;payment none;"; ## # Basic Settings @@ -150,4 +149,3 @@ http include /etc/nginx/conf.d/*.conf; include /etc/nginx/sites-enabled/*; } - diff --git a/etc/nginx/nginx-tlsv12.conf b/etc/nginx/nginx-tlsv12.conf index 83b9553..9422bf6 100644 --- a/etc/nginx/nginx-tlsv12.conf +++ b/etc/nginx/nginx-tlsv12.conf @@ -34,7 +34,7 @@ http server_tokens off; reset_timedout_connection on; - add_header X-Powered-By "EasyEngine v3.8.1 - Optimized by VirtuBox"; + add_header X-Powered-By "WordOps v3.9.4 - Optimized by VirtuBox"; add_header rt-Fastcgi-Cache $upstream_cache_status; # Limit Request @@ -97,7 +97,7 @@ http more_set_headers "X-Content-Type-Options : nosniff"; more_set_headers "Referrer-Policy : strict-origin-when-cross-origin"; more_set_headers "X-Download-Options : noopen"; - add_header Feature-Policy "geolocation none;midi none;notifications none;push none;sync-xhr none;microphone none;camera none;magnetometer none;gyroscope none;speaker self;vibrate none;fullscreen self;payment none;"; + ## # Basic Settings ## diff --git a/etc/nginx/nginx.conf b/etc/nginx/nginx.conf index 10b8c84..25ee31d 100644 --- a/etc/nginx/nginx.conf +++ b/etc/nginx/nginx.conf @@ -35,7 +35,7 @@ http server_tokens off; reset_timedout_connection on; - add_header X-Powered-By "EasyEngine v3.8.1 - Optimized by VirtuBox"; + add_header X-Powered-By "WordOps v3.9.4 - Optimized by VirtuBox"; add_header rt-Fastcgi-Cache $upstream_cache_status; # Limit Request @@ -106,8 +106,7 @@ http more_set_headers "X-Content-Type-Options : nosniff"; more_set_headers "Referrer-Policy : strict-origin-when-cross-origin"; more_set_headers "X-Download-Options : noopen"; - add_header Feature-Policy "geolocation none;midi none;notifications none;push none;sync-xhr none;microphone none;camera none;magnetometer none;gyroscope none;speaker self;vibrate none;fullscreen self;payment none;"; - + ## # Basic Settings ##