Browse Source

several configurations updated

master
VirtuBox 1 year ago
parent
commit
d035083947
11 changed files with 38 additions and 121 deletions
  1. +10
    -0
      etc/nginx/common/php73.conf
  2. +1
    -1
      etc/nginx/common/redis-php72.conf
  3. +1
    -1
      etc/nginx/common/w3tc-php72.conf
  4. +1
    -1
      etc/nginx/common/wp-fcgi-cache-php72.conf
  5. +1
    -1
      etc/nginx/common/wpfc-php72.conf
  6. +1
    -7
      etc/nginx/conf.d/map-wp-fastcgi-cache.conf
  7. +3
    -3
      etc/nginx/conf.d/stub_status.conf
  8. +7
    -28
      etc/nginx/nginx-intermediate.conf
  9. +6
    -27
      etc/nginx/nginx-tlsv12.conf
  10. +5
    -33
      etc/nginx/nginx.conf
  11. +2
    -19
      etc/nginx/sites-available/22222

+ 10
- 0
etc/nginx/common/php73.conf View File

@@ -0,0 +1,10 @@
# PHP NGINX CONFIGURATION
# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee)
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
location ~ \.php$ {
try_files $uri =404;
include fastcgi_params;
fastcgi_pass php73;
}

+ 1
- 1
etc/nginx/common/redis-php72.conf View File

@@ -18,7 +18,7 @@ if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no
}
# Use cached or actual file if they exists, Otherwise pass request to WordPress
location / {
try_files $uri $uri/ /index.php?$args;
try_files $uri $uri/ /index.php$is_args$args;
}

location /redis-fetch {


+ 1
- 1
etc/nginx/common/w3tc-php72.conf View File

@@ -19,7 +19,7 @@ if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no
}
# Use cached or actual file if they exists, Otherwise pass request to WordPress
location / {
try_files /wp-content/cache/page_enhanced/${host}${cache_uri}_index.html $uri $uri/ /index.php?$args;
try_files /wp-content/cache/page_enhanced/${host}${cache_uri}_index.html $uri $uri/ /index.php$is_args$args;
}
location ~ ^/wp-content/cache/minify/(.+\.(css|js))$ {
try_files $uri /wp-content/plugins/w3-total-cache/pub/minify.php?file=$1;


+ 1
- 1
etc/nginx/common/wp-fcgi-cache-php72.conf View File

@@ -3,7 +3,7 @@
add_header X-fastcgi-cache $upstream_cache_status;

location / {
try_files $uri $uri/ /index.php?$args;
try_files $uri $uri/ /index.php$is_args$args;
}

location ~ \.php$ {


+ 1
- 1
etc/nginx/common/wpfc-php72.conf View File

@@ -18,7 +18,7 @@ if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no
}
# Use cached or actual file if they exists, Otherwise pass request to WordPress
location / {
try_files $uri $uri/ /index.php?$args;
try_files $uri $uri/ /index.php$is_args$args;
}
location ~ ^/wp-content/cache/minify/(.+\.(css|js))$ {
try_files $uri /wp-content/plugins/w3-total-cache/pub/minify.php?file=$1;


+ 1
- 7
etc/nginx/conf.d/map-wp-fastcgi-cache.conf View File

@@ -24,15 +24,9 @@ map $request_uri $uri_no_cache {
"~*/sitemap(_index)?.xml" 1;
"~*/wp-comments-popup.php" 1;
"~*/wp-links-opml.php" 1;
"~*/wp-locations.php" 1;
"~*/wp-.*.php" 1;
"~*/xmlrpc.php" 1;
"~*/wp-app.php" 1;
"~*/wp-login.php" 1;
"~*/wp-register.php" 1;
"~*/wp-mail.php" 1;
}
map $query_string $query_no_cache {
map $is_args $query_no_cache {
default 1;
"" 0;
}


+ 3
- 3
etc/nginx/conf.d/stub_status.conf View File

@@ -1,8 +1,8 @@
upstream phpstatus {
server 127.0.0.1:9000;
server unix:/run/php/php7.0-fpm.sock;
server 127.0.0.1:9070;
server unix:/run/php70-fpm.sock;
server unix:/run/php/php7.2-fpm.sock;
server 127.0.0.1:9090;
server unix:/run/php72-fpm.sock;
}

server {


+ 7
- 28
etc/nginx/nginx-intermediate.conf View File

@@ -84,18 +84,21 @@ http
##
# intermediate configuration. tweak to your needs.
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers 'TLS13+AESGCM+AES128:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
ssl_ciphers 'TLS13+AESGCM+AES256:TLS13+AESGCM+AES128:TLS13+CHACHA20:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 1d;
ssl_session_tickets off;
ssl_ecdh_curve X25519:sect571r1:secp521r1:secp384r1;

##Common headers for security
# Common security headers
more_set_headers "X-Frame-Options : SAMEORIGIN";
more_set_headers "X-Xss-Protection : 1; mode=block";
more_set_headers "X-Content-Type-Options : nosniff";
more_set_headers "Referrer-Policy : strict-origin-when-cross-origin";
more_set_headers "X-Download-Options : noopen";
more_set_headers "Feature-Policy : geolocation none; midi none; notifications none; push none; sync-xhr none; microphone none; camera none; magnetometer none; gyroscope none; speaker none; vibrate none; fullscreen self; payment none; usb none";


##
# Basic Settings
@@ -125,33 +128,9 @@ http
##
# Gzip Settings
##
# mitigation of CRIME/BREACH attacks
gzip off;

gzip on;
gzip_disable "msie6";

gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types
application/atom+xml
application/javascript
application/json
application/rss+xml
application/vnd.ms-fontobject
application/x-font-ttf
application/x-web-app-manifest+json
application/xhtml+xml
application/xml
font/opentype
image/svg+xml
image/x-icon
text/css
text/plain
text/x-component
text/xml
text/javascript;

##
# Brotli Settings


+ 6
- 27
etc/nginx/nginx-tlsv12.conf View File

@@ -88,11 +88,14 @@ http
ssl_session_tickets off;
ssl_ecdh_curve X25519:sect571r1:secp521r1:secp384r1;

##Common headers for security
# Common security headers
more_set_headers "X-Frame-Options : SAMEORIGIN";
more_set_headers "X-Xss-Protection : 1; mode=block";
more_set_headers "X-Content-Type-Options : nosniff";
more_set_headers "Referrer-Policy : strict-origin-when-cross-origin";
more_set_headers "X-Download-Options : noopen";
more_set_headers "Feature-Policy : geolocation none; midi none; notifications none; push none; sync-xhr none; microphone none; camera none; magnetometer none; gyroscope none; speaker none; vibrate none; fullscreen self; payment none; usb none";

##
# Basic Settings
##
@@ -121,33 +124,9 @@ http
##
# Gzip Settings
##
# mitigation of CRIME/BREACH attacks
gzip off;

gzip on;
gzip_disable "msie6";

gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types
application/atom+xml
application/javascript
application/json
application/rss+xml
application/vnd.ms-fontobject
application/x-font-ttf
application/x-web-app-manifest+json
application/xhtml+xml
application/xml
font/opentype
image/svg+xml
image/x-icon
text/css
text/plain
text/x-component
text/xml
text/javascript;

##
# Brotli Settings


+ 5
- 33
etc/nginx/nginx.conf View File

@@ -94,7 +94,7 @@ http
ssl_early_data off;

ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'TLS13+AESGCM+AES128:EECDH+AES128';
ssl_ciphers 'TLS13+AESGCM+AES256:TLS13+AESGCM+AES128:TLS13+CHACHA20:EECDH+CHACHA20:EECDH+AESGCM:EECDH+AES';
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 1d;
@@ -106,7 +106,8 @@ http
more_set_headers "X-Xss-Protection : 1; mode=block";
more_set_headers "X-Content-Type-Options : nosniff";
more_set_headers "Referrer-Policy : strict-origin-when-cross-origin";
more_set_headers "X-Download-Options : noopen;";
more_set_headers "X-Download-Options : noopen";
more_set_headers "Feature-Policy : geolocation none; midi none; notifications none; push none; sync-xhr none; microphone none; camera none; magnetometer none; gyroscope none; speaker none; vibrate none; fullscreen self; payment none; usb none";

##
# Basic Settings
@@ -136,37 +137,8 @@ http
##
# Gzip Settings
##

gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_types application/atom+xml
application/javascript
application/json
application/ld+json
application/manifest+json
application/rss+xml
application/vnd.geo+json
application/vnd.ms-fontobject
application/x-font-ttf
application/x-web-app-manifest+json
application/xhtml+xml
application/xml
font/opentype
image/bmp
image/svg+xml
image/x-icon
text/cache-manifest
text/css
text/plain
text/vcard
text/vnd.rim.location.xloc
text/vtt
text/x-component
text/x-cross-domain-policy
text/javascript;
# mitigation of CRIME/BREACH attacks
gzip off;

##
# Brotli Settings


+ 2
- 19
etc/nginx/sites-available/22222 View File

@@ -23,7 +23,7 @@ server {
include common/acl.conf;

location / {
try_files $uri $uri/ /index.php?$args;
try_files $uri $uri/ /index.php$is_args$args;
}

# nginx-vts-status
@@ -48,24 +48,7 @@ server {
fastcgi_pass php72;
}

# ViMbAdmin Rules
location = /vimbadmin/ {
return 301 $scheme://$host:22222/vimbadmin/public/;
}



location ~* /vimbadmin/public/(.*)/(.*) {
root /var/www/22222/htdocs/vimbadmin/public;
try_files $uri $uri/ /vimbadmin/public/index.php?$args;
}

location ~* /vimbadmin/public/(.*) {
root /var/www/22222/htdocs/vimbadmin/public;
try_files $uri $uri/ /vimbadmin/public/index.php?$args;
}

location /netdata {
location /netdata {
return 301 /netdata/;
}



Loading…
Cancel
Save