several configurations updated
This commit is contained in:
parent
191f9836af
commit
d035083947
|
|
@ -0,0 +1,10 @@
|
|||
# PHP NGINX CONFIGURATION
|
||||
# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee)
|
||||
location / {
|
||||
try_files $uri $uri/ /index.php$is_args$args;
|
||||
}
|
||||
location ~ \.php$ {
|
||||
try_files $uri =404;
|
||||
include fastcgi_params;
|
||||
fastcgi_pass php73;
|
||||
}
|
||||
|
|
@ -18,7 +18,7 @@ if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no
|
|||
}
|
||||
# Use cached or actual file if they exists, Otherwise pass request to WordPress
|
||||
location / {
|
||||
try_files $uri $uri/ /index.php?$args;
|
||||
try_files $uri $uri/ /index.php$is_args$args;
|
||||
}
|
||||
|
||||
location /redis-fetch {
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@ if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no
|
|||
}
|
||||
# Use cached or actual file if they exists, Otherwise pass request to WordPress
|
||||
location / {
|
||||
try_files /wp-content/cache/page_enhanced/${host}${cache_uri}_index.html $uri $uri/ /index.php?$args;
|
||||
try_files /wp-content/cache/page_enhanced/${host}${cache_uri}_index.html $uri $uri/ /index.php$is_args$args;
|
||||
}
|
||||
location ~ ^/wp-content/cache/minify/(.+\.(css|js))$ {
|
||||
try_files $uri /wp-content/plugins/w3-total-cache/pub/minify.php?file=$1;
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@
|
|||
add_header X-fastcgi-cache $upstream_cache_status;
|
||||
|
||||
location / {
|
||||
try_files $uri $uri/ /index.php?$args;
|
||||
try_files $uri $uri/ /index.php$is_args$args;
|
||||
}
|
||||
|
||||
location ~ \.php$ {
|
||||
|
|
|
|||
|
|
@ -18,7 +18,7 @@ if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no
|
|||
}
|
||||
# Use cached or actual file if they exists, Otherwise pass request to WordPress
|
||||
location / {
|
||||
try_files $uri $uri/ /index.php?$args;
|
||||
try_files $uri $uri/ /index.php$is_args$args;
|
||||
}
|
||||
location ~ ^/wp-content/cache/minify/(.+\.(css|js))$ {
|
||||
try_files $uri /wp-content/plugins/w3-total-cache/pub/minify.php?file=$1;
|
||||
|
|
|
|||
|
|
@ -24,15 +24,9 @@ map $request_uri $uri_no_cache {
|
|||
"~*/sitemap(_index)?.xml" 1;
|
||||
"~*/wp-comments-popup.php" 1;
|
||||
"~*/wp-links-opml.php" 1;
|
||||
"~*/wp-locations.php" 1;
|
||||
"~*/wp-.*.php" 1;
|
||||
"~*/xmlrpc.php" 1;
|
||||
"~*/wp-app.php" 1;
|
||||
"~*/wp-login.php" 1;
|
||||
"~*/wp-register.php" 1;
|
||||
"~*/wp-mail.php" 1;
|
||||
}
|
||||
map $query_string $query_no_cache {
|
||||
map $is_args $query_no_cache {
|
||||
default 1;
|
||||
"" 0;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,8 +1,8 @@
|
|||
upstream phpstatus {
|
||||
server 127.0.0.1:9000;
|
||||
server unix:/run/php/php7.0-fpm.sock;
|
||||
server 127.0.0.1:9070;
|
||||
server unix:/run/php70-fpm.sock;
|
||||
server unix:/run/php/php7.2-fpm.sock;
|
||||
server 127.0.0.1:9090;
|
||||
server unix:/run/php72-fpm.sock;
|
||||
}
|
||||
|
||||
server {
|
||||
|
|
|
|||
|
|
@ -84,18 +84,21 @@ http
|
|||
##
|
||||
# intermediate configuration. tweak to your needs.
|
||||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
|
||||
ssl_ciphers 'TLS13+AESGCM+AES128:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
|
||||
ssl_ciphers 'TLS13+AESGCM+AES256:TLS13+AESGCM+AES128:TLS13+CHACHA20:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
|
||||
ssl_prefer_server_ciphers on;
|
||||
ssl_session_cache shared:SSL:50m;
|
||||
ssl_session_timeout 1d;
|
||||
ssl_session_tickets off;
|
||||
ssl_ecdh_curve X25519:sect571r1:secp521r1:secp384r1;
|
||||
|
||||
##Common headers for security
|
||||
# Common security headers
|
||||
more_set_headers "X-Frame-Options : SAMEORIGIN";
|
||||
more_set_headers "X-Xss-Protection : 1; mode=block";
|
||||
more_set_headers "X-Content-Type-Options : nosniff";
|
||||
more_set_headers "Referrer-Policy : strict-origin-when-cross-origin";
|
||||
more_set_headers "X-Download-Options : noopen";
|
||||
more_set_headers "Feature-Policy : geolocation none; midi none; notifications none; push none; sync-xhr none; microphone none; camera none; magnetometer none; gyroscope none; speaker none; vibrate none; fullscreen self; payment none; usb none";
|
||||
|
||||
|
||||
##
|
||||
# Basic Settings
|
||||
|
|
@ -125,33 +128,9 @@ http
|
|||
##
|
||||
# Gzip Settings
|
||||
##
|
||||
# mitigation of CRIME/BREACH attacks
|
||||
gzip off;
|
||||
|
||||
gzip on;
|
||||
gzip_disable "msie6";
|
||||
|
||||
gzip_vary on;
|
||||
gzip_proxied any;
|
||||
gzip_comp_level 6;
|
||||
gzip_buffers 16 8k;
|
||||
gzip_http_version 1.1;
|
||||
gzip_types
|
||||
application/atom+xml
|
||||
application/javascript
|
||||
application/json
|
||||
application/rss+xml
|
||||
application/vnd.ms-fontobject
|
||||
application/x-font-ttf
|
||||
application/x-web-app-manifest+json
|
||||
application/xhtml+xml
|
||||
application/xml
|
||||
font/opentype
|
||||
image/svg+xml
|
||||
image/x-icon
|
||||
text/css
|
||||
text/plain
|
||||
text/x-component
|
||||
text/xml
|
||||
text/javascript;
|
||||
|
||||
##
|
||||
# Brotli Settings
|
||||
|
|
|
|||
|
|
@ -88,11 +88,14 @@ http
|
|||
ssl_session_tickets off;
|
||||
ssl_ecdh_curve X25519:sect571r1:secp521r1:secp384r1;
|
||||
|
||||
##Common headers for security
|
||||
# Common security headers
|
||||
more_set_headers "X-Frame-Options : SAMEORIGIN";
|
||||
more_set_headers "X-Xss-Protection : 1; mode=block";
|
||||
more_set_headers "X-Content-Type-Options : nosniff";
|
||||
more_set_headers "Referrer-Policy : strict-origin-when-cross-origin";
|
||||
more_set_headers "X-Download-Options : noopen";
|
||||
more_set_headers "Feature-Policy : geolocation none; midi none; notifications none; push none; sync-xhr none; microphone none; camera none; magnetometer none; gyroscope none; speaker none; vibrate none; fullscreen self; payment none; usb none";
|
||||
|
||||
##
|
||||
# Basic Settings
|
||||
##
|
||||
|
|
@ -121,33 +124,9 @@ http
|
|||
##
|
||||
# Gzip Settings
|
||||
##
|
||||
# mitigation of CRIME/BREACH attacks
|
||||
gzip off;
|
||||
|
||||
gzip on;
|
||||
gzip_disable "msie6";
|
||||
|
||||
gzip_vary on;
|
||||
gzip_proxied any;
|
||||
gzip_comp_level 6;
|
||||
gzip_buffers 16 8k;
|
||||
gzip_http_version 1.1;
|
||||
gzip_types
|
||||
application/atom+xml
|
||||
application/javascript
|
||||
application/json
|
||||
application/rss+xml
|
||||
application/vnd.ms-fontobject
|
||||
application/x-font-ttf
|
||||
application/x-web-app-manifest+json
|
||||
application/xhtml+xml
|
||||
application/xml
|
||||
font/opentype
|
||||
image/svg+xml
|
||||
image/x-icon
|
||||
text/css
|
||||
text/plain
|
||||
text/x-component
|
||||
text/xml
|
||||
text/javascript;
|
||||
|
||||
##
|
||||
# Brotli Settings
|
||||
|
|
|
|||
|
|
@ -94,7 +94,7 @@ http
|
|||
ssl_early_data off;
|
||||
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_ciphers 'TLS13+AESGCM+AES128:EECDH+AES128';
|
||||
ssl_ciphers 'TLS13+AESGCM+AES256:TLS13+AESGCM+AES128:TLS13+CHACHA20:EECDH+CHACHA20:EECDH+AESGCM:EECDH+AES';
|
||||
ssl_prefer_server_ciphers on;
|
||||
ssl_session_cache shared:SSL:50m;
|
||||
ssl_session_timeout 1d;
|
||||
|
|
@ -106,7 +106,8 @@ http
|
|||
more_set_headers "X-Xss-Protection : 1; mode=block";
|
||||
more_set_headers "X-Content-Type-Options : nosniff";
|
||||
more_set_headers "Referrer-Policy : strict-origin-when-cross-origin";
|
||||
more_set_headers "X-Download-Options : noopen;";
|
||||
more_set_headers "X-Download-Options : noopen";
|
||||
more_set_headers "Feature-Policy : geolocation none; midi none; notifications none; push none; sync-xhr none; microphone none; camera none; magnetometer none; gyroscope none; speaker none; vibrate none; fullscreen self; payment none; usb none";
|
||||
|
||||
##
|
||||
# Basic Settings
|
||||
|
|
@ -136,37 +137,8 @@ http
|
|||
##
|
||||
# Gzip Settings
|
||||
##
|
||||
|
||||
gzip on;
|
||||
gzip_vary on;
|
||||
gzip_proxied any;
|
||||
gzip_comp_level 6;
|
||||
gzip_buffers 16 8k;
|
||||
gzip_types application/atom+xml
|
||||
application/javascript
|
||||
application/json
|
||||
application/ld+json
|
||||
application/manifest+json
|
||||
application/rss+xml
|
||||
application/vnd.geo+json
|
||||
application/vnd.ms-fontobject
|
||||
application/x-font-ttf
|
||||
application/x-web-app-manifest+json
|
||||
application/xhtml+xml
|
||||
application/xml
|
||||
font/opentype
|
||||
image/bmp
|
||||
image/svg+xml
|
||||
image/x-icon
|
||||
text/cache-manifest
|
||||
text/css
|
||||
text/plain
|
||||
text/vcard
|
||||
text/vnd.rim.location.xloc
|
||||
text/vtt
|
||||
text/x-component
|
||||
text/x-cross-domain-policy
|
||||
text/javascript;
|
||||
# mitigation of CRIME/BREACH attacks
|
||||
gzip off;
|
||||
|
||||
##
|
||||
# Brotli Settings
|
||||
|
|
|
|||
|
|
@ -23,7 +23,7 @@ server {
|
|||
include common/acl.conf;
|
||||
|
||||
location / {
|
||||
try_files $uri $uri/ /index.php?$args;
|
||||
try_files $uri $uri/ /index.php$is_args$args;
|
||||
}
|
||||
|
||||
# nginx-vts-status
|
||||
|
|
@ -48,24 +48,7 @@ server {
|
|||
fastcgi_pass php72;
|
||||
}
|
||||
|
||||
# ViMbAdmin Rules
|
||||
location = /vimbadmin/ {
|
||||
return 301 $scheme://$host:22222/vimbadmin/public/;
|
||||
}
|
||||
|
||||
|
||||
|
||||
location ~* /vimbadmin/public/(.*)/(.*) {
|
||||
root /var/www/22222/htdocs/vimbadmin/public;
|
||||
try_files $uri $uri/ /vimbadmin/public/index.php?$args;
|
||||
}
|
||||
|
||||
location ~* /vimbadmin/public/(.*) {
|
||||
root /var/www/22222/htdocs/vimbadmin/public;
|
||||
try_files $uri $uri/ /vimbadmin/public/index.php?$args;
|
||||
}
|
||||
|
||||
location /netdata {
|
||||
location /netdata {
|
||||
return 301 /netdata/;
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue