add chdir settings to php-fpm pools
* add chdir = / to unix socket php-fpm pools * cleanup old files and folders
This commit is contained in:
parent
260910017e
commit
e62301de87
|
@ -1,88 +0,0 @@
|
|||
/*
|
||||
|
||||
Atom One Dark by Daniel Gamage
|
||||
Original One Dark Syntax theme from https://github.com/atom/one-dark-syntax
|
||||
|
||||
base: #282c34
|
||||
mono-1: #abb2bf
|
||||
mono-2: #818896
|
||||
mono-3: #5c6370
|
||||
hue-1: #56b6c2
|
||||
hue-2: #61aeee
|
||||
hue-3: #c678dd
|
||||
hue-4: #98c379
|
||||
hue-5: #e06c75
|
||||
hue-5-2: #be5046
|
||||
hue-6: #d19a66
|
||||
hue-6-2: #e6c07b
|
||||
|
||||
*/
|
||||
|
||||
.hljs {
|
||||
display: block;
|
||||
overflow-x: auto;
|
||||
padding: 0.5em;
|
||||
color: #abb2bf;
|
||||
background: #282c34;
|
||||
}
|
||||
|
||||
.hljs-comment,
|
||||
.hljs-quote {
|
||||
color: #5c6370;
|
||||
font-style: italic;
|
||||
}
|
||||
|
||||
.hljs-doctag,
|
||||
.hljs-keyword,
|
||||
.hljs-formula {
|
||||
color: #c678dd;
|
||||
}
|
||||
|
||||
.hljs-literal {
|
||||
color: #56b6c2;
|
||||
}
|
||||
|
||||
.hljs-string,
|
||||
.hljs-regexp,
|
||||
.hljs-addition,
|
||||
.hljs-attribute,
|
||||
.hljs-meta-string {
|
||||
color: #98c379;
|
||||
}
|
||||
|
||||
.hljs-built_in,
|
||||
.hljs-class .hljs-title {
|
||||
color: #e6c07b;
|
||||
}
|
||||
|
||||
.hljs-attr,
|
||||
.hljs-variable,
|
||||
.hljs-template-variable,
|
||||
.hljs-type,
|
||||
.hljs-selector-class,
|
||||
.hljs-selector-attr,
|
||||
.hljs-selector-pseudo,
|
||||
.hljs-number {
|
||||
color: #d19a66;
|
||||
}
|
||||
|
||||
.hljs-symbol,
|
||||
.hljs-bullet,
|
||||
.hljs-link,
|
||||
.hljs-meta,
|
||||
.hljs-selector-id,
|
||||
.hljs-title {
|
||||
color: #61aeee;
|
||||
}
|
||||
|
||||
.hljs-emphasis {
|
||||
font-style: italic;
|
||||
}
|
||||
|
||||
.hljs-strong {
|
||||
font-weight: bold;
|
||||
}
|
||||
|
||||
.hljs-link {
|
||||
text-decoration: underline;
|
||||
}
|
|
@ -1,7 +0,0 @@
|
|||
---
|
||||
---
|
||||
|
||||
@import 'jekyll-theme-cayman';
|
||||
@media screen and (min-width: 64em) {
|
||||
max-width: 72rem;
|
||||
}
|
File diff suppressed because one or more lines are too long
File diff suppressed because it is too large
Load Diff
Binary file not shown.
|
@ -1,9 +0,0 @@
|
|||
[Definition]
|
||||
|
||||
# Option: failregex
|
||||
# Notes.: Auto block short UDP.
|
||||
# Values: TEXT
|
||||
#
|
||||
failregex = ^.*kernel: UDP: short packet: From <HOST>:.*$
|
||||
|
||||
ignoreregex =
|
|
@ -1,3 +0,0 @@
|
|||
[Definition]
|
||||
failregex = ^<HOST>.* "POST .*/wp-login.php([/\?#\\].*)? HTTP/.*" 200
|
||||
ignoreregex =
|
|
@ -1,4 +0,0 @@
|
|||
[Definition]
|
||||
failregex = ^ \[error\] \d+#\d+: .* forbidden .*, client: <HOST>, .*$
|
||||
|
||||
ignoreregex =
|
|
@ -1,24 +0,0 @@
|
|||
[recidive]
|
||||
enabled = true
|
||||
|
||||
[nginx-http-auth]
|
||||
enabled = true
|
||||
|
||||
[nginx-botsearch]
|
||||
enabled = true
|
||||
|
||||
[ee-wordpress]
|
||||
enabled = true
|
||||
filter = ee-wordpress
|
||||
action = iptables-multiport[name="ee-wordpress", port="http,https"]
|
||||
logpath = /var/log/nginx/*access.log
|
||||
maxretry = 5
|
||||
|
||||
[nginx-forbidden]
|
||||
enabled = true
|
||||
filter = nginx-forbidden
|
||||
port = http,https
|
||||
logpath = /var/log/nginx/*error*.log
|
||||
findtime = 60
|
||||
bantime = 6000
|
||||
maxretry = 3
|
|
@ -1,8 +0,0 @@
|
|||
[ddos]
|
||||
enabled = true
|
||||
port = 27015
|
||||
protocol = udp
|
||||
filter = ddos
|
||||
logpath = /var/log/kern.log
|
||||
maxretry = 3
|
||||
bantime = 6000
|
|
@ -1,187 +0,0 @@
|
|||
# MariaDB database server configuration file.
|
||||
#
|
||||
# You can copy this file to one of:
|
||||
# - "/etc/mysql/my.cnf" to set global options,
|
||||
# - "~/.my.cnf" to set user-specific options.
|
||||
#
|
||||
# One can use all long options that the program supports.
|
||||
# Run program with --help to get a list of available options and with
|
||||
# --print-defaults to see which it would actually understand and use.
|
||||
#
|
||||
# For explanations see
|
||||
# http://dev.mysql.com/doc/mysql/en/server-system-variables.html
|
||||
|
||||
# This will be passed to all mysql clients
|
||||
# It has been reported that passwords should be enclosed with ticks/quotes
|
||||
# escpecially if they contain "#" chars...
|
||||
# Remember to edit /etc/mysql/debian.cnf when changing the socket location.
|
||||
[client]
|
||||
port = 3306
|
||||
socket = /var/run/mysqld/mysqld.sock
|
||||
|
||||
[mysqld_safe]
|
||||
socket = /var/run/mysqld/mysqld.sock
|
||||
nice = 0
|
||||
|
||||
[mysqld]
|
||||
#
|
||||
# * Basic Settings
|
||||
#
|
||||
user = mysql
|
||||
pid-file = /var/run/mysqld/mysqld.pid
|
||||
socket = /var/run/mysqld/mysqld.sock
|
||||
port = 3306
|
||||
basedir = /usr
|
||||
datadir = /var/lib/mysql
|
||||
tmpdir = /tmp
|
||||
lc_messages_dir = /usr/share/mysql
|
||||
lc_messages = en_US
|
||||
skip-external-locking
|
||||
performance_schema = ON
|
||||
#
|
||||
# Instead of skip-networking the default is now to listen only on
|
||||
# localhost which is more compatible and is not less secure.
|
||||
bind-address = ::ffff:127.0.0.1
|
||||
#
|
||||
# * Fine Tuning
|
||||
#
|
||||
max_connections = 100
|
||||
connect_timeout = 5
|
||||
wait_timeout = 60
|
||||
max_allowed_packet = 16M
|
||||
thread_cache_size = 128
|
||||
sort_buffer_size = 4M
|
||||
bulk_insert_buffer_size = 16M
|
||||
tmp_table_size = 64M
|
||||
max_heap_table_size = 64M
|
||||
#
|
||||
# * MyISAM
|
||||
#
|
||||
# This replaces the startup script and checks MyISAM tables if needed
|
||||
# the first time they are touched. On error, make copy and try a repair.
|
||||
myisam_recover_options = BACKUP
|
||||
key_buffer_size = 128M
|
||||
open-files-limit = 500000
|
||||
table_open_cache = 500000
|
||||
myisam_sort_buffer_size = 512M
|
||||
concurrent_insert = 2
|
||||
read_buffer_size = 2M
|
||||
read_rnd_buffer_size = 1M
|
||||
#
|
||||
# * Query Cache Configuration
|
||||
#
|
||||
# Cache only tiny result sets, so we can fit more in the query cache.
|
||||
query_cache_limit = 128K
|
||||
query_cache_size = 0
|
||||
# for more write intensive setups, set to DEMAND or OFF
|
||||
query_cache_type = 0
|
||||
#
|
||||
# * Logging and Replication
|
||||
#
|
||||
# Both location gets rotated by the cronjob.
|
||||
# Be aware that this log type is a performance killer.
|
||||
# As of 5.1 you can enable the log at runtime!
|
||||
#general_log_file = /var/log/mysql/mysql.log
|
||||
#general_log = 1
|
||||
#
|
||||
# Error logging goes to syslog due to /etc/mysql/conf.d/mysqld_safe_syslog.cnf.
|
||||
#
|
||||
# we do want to know about network errors and such
|
||||
log_warnings = 2
|
||||
#
|
||||
# Enable the slow query log to see queries with especially long duration
|
||||
slow_query_log = 1
|
||||
slow_query_log_file = /var/log/mysql/mariadb-slow.log
|
||||
long_query_time = 10
|
||||
#log_slow_rate_limit = 1000
|
||||
log_slow_verbosity = query_plan
|
||||
|
||||
#log-queries-not-using-indexes
|
||||
#log_slow_admin_statements
|
||||
#
|
||||
# The following can be used as easy to replay backup logs or for replication.
|
||||
# note: if you are setting up a replication slave, see README.Debian about
|
||||
# other settings you may need to change.
|
||||
#server-id = 1
|
||||
#report_host = master1
|
||||
#auto_increment_increment = 2
|
||||
#auto_increment_offset = 1
|
||||
#log_bin = /var/log/mysql/mariadb-bin
|
||||
#log_bin_index = /var/log/mysql/mariadb-bin.index
|
||||
# not fab for performance, but safer
|
||||
#sync_binlog = 1
|
||||
#expire_logs_days = 10
|
||||
#max_binlog_size = 100M
|
||||
# slaves
|
||||
#relay_log = /var/log/mysql/relay-bin
|
||||
#relay_log_index = /var/log/mysql/relay-bin.index
|
||||
#relay_log_info_file = /var/log/mysql/relay-bin.info
|
||||
#log_slave_updates
|
||||
#read_only
|
||||
#
|
||||
# If applications support it, this stricter sql_mode prevents some
|
||||
# mistakes like inserting invalid dates etc.
|
||||
#sql_mode = NO_ENGINE_SUBSTITUTION,TRADITIONAL
|
||||
#
|
||||
# * InnoDB
|
||||
#
|
||||
# InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/.
|
||||
# Read the manual for more InnoDB related options. There are many!
|
||||
default_storage_engine = InnoDB
|
||||
# you can't just change log file size, requires special procedure
|
||||
innodb_log_file_size = 256M
|
||||
innodb_buffer_pool_size = 2G
|
||||
innodb_log_buffer_size = 512M
|
||||
innodb_file_per_table = 1
|
||||
innodb_open_files = 500000
|
||||
innodb_io_capacity = 500000
|
||||
innodb_flush_method = O_DIRECT
|
||||
#
|
||||
# * Security Features
|
||||
#
|
||||
# Read the manual, too, if you want chroot!
|
||||
# chroot = /var/lib/mysql/
|
||||
#
|
||||
# For generating SSL certificates I recommend the OpenSSL GUI "tinyca".
|
||||
#
|
||||
# ssl-ca=/etc/mysql/cacert.pem
|
||||
# ssl-cert=/etc/mysql/server-cert.pem
|
||||
# ssl-key=/etc/mysql/server-key.pem
|
||||
|
||||
#
|
||||
# * Galera-related settings
|
||||
#
|
||||
[galera]
|
||||
# Mandatory settings
|
||||
#wsrep_on=ON
|
||||
#wsrep_provider=
|
||||
#wsrep_cluster_address=
|
||||
#binlog_format=row
|
||||
#default_storage_engine=InnoDB
|
||||
#innodb_autoinc_lock_mode=2
|
||||
#
|
||||
# Allow server to accept connections on all interfaces.
|
||||
#
|
||||
#bind-address=0.0.0.0
|
||||
#
|
||||
# Optional setting
|
||||
#wsrep_slave_threads=1
|
||||
#innodb_flush_log_at_trx_commit=0
|
||||
|
||||
[mysqldump]
|
||||
quick
|
||||
quote-names
|
||||
max_allowed_packet = 16M
|
||||
|
||||
[mysql]
|
||||
#no-auto-rehash # faster start of mysql but no tab completion
|
||||
|
||||
[isamchk]
|
||||
key_buffer = 16M
|
||||
|
||||
#
|
||||
# * IMPORTANT: Additional settings that can override those from this file!
|
||||
# The files must end with '.cnf', otherwise they'll be ignored.
|
||||
#
|
||||
!include /etc/mysql/mariadb.cnf
|
||||
!includedir /etc/mysql/conf.d/
|
|
@ -1,8 +0,0 @@
|
|||
# EasyEngine (ee) protect locations using
|
||||
# HTTP authentication || IP address
|
||||
satisfy any;
|
||||
auth_basic "Restricted Area";
|
||||
auth_basic_user_file htpasswd-ee;
|
||||
# Allowed IP Address List
|
||||
allow 127.0.0.1;
|
||||
deny all;
|
|
@ -1,16 +0,0 @@
|
|||
error_page 400 /400-error.html;
|
||||
error_page 401 /401-error.html;
|
||||
error_page 403 /403-error.html;
|
||||
error_page 404 /404-error.html;
|
||||
error_page 500 /500-error.html;
|
||||
error_page 503 /503-error.html;
|
||||
error_page 504 /504-error.html;
|
||||
|
||||
location ~ /*-error.html {
|
||||
try_files $1-error.html @error;
|
||||
internal;
|
||||
}
|
||||
|
||||
location @error {
|
||||
root /var/www/error/_site;
|
||||
}
|
|
@ -1,2 +0,0 @@
|
|||
# Warning : this line enable HSTS for your subdomain (ngx_http_headers_module is required) (15768000 seconds = 6 months)
|
||||
add_header Strict-Transport-Security "max-age=31536000; preload";
|
|
@ -1,3 +0,0 @@
|
|||
# Warning : this line enable HSTS for your domain and all subdomains (ngx_http_headers_module is required) (15768000 seconds = 6 months)
|
||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
|
||||
|
|
@ -1,116 +0,0 @@
|
|||
# NGINX CONFIGURATION FOR COMMON LOCATION
|
||||
# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee)
|
||||
# Basic locations files
|
||||
location = /favicon.ico {
|
||||
access_log off;
|
||||
log_not_found off;
|
||||
expires max;
|
||||
}
|
||||
location = /robots.txt {
|
||||
# Some WordPress plugin gererate robots.txt file
|
||||
# Refer #340 issue
|
||||
try_files $uri $uri/ /index.php?$args;
|
||||
access_log off;
|
||||
log_not_found off;
|
||||
}
|
||||
# Cache static files
|
||||
location ~* \.(ogg|ogv|svg|svgz|eot|otf|woff|m4a|mp4|ttf|rss|atom|jpe?g|gif|cur|heic|png|tiff|ico|zip|webm|mp3|aac|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf|swf|webp)$ {
|
||||
add_header "Access-Control-Allow-Origin" "*";
|
||||
access_log off;
|
||||
log_not_found off;
|
||||
expires max;
|
||||
}
|
||||
# Cache css & js files
|
||||
location ~* \.(?:css(\.map)?|js(\.map)?)$ {
|
||||
add_header "Access-Control-Allow-Origin" "*";
|
||||
access_log off;
|
||||
log_not_found off;
|
||||
expires 30d;
|
||||
}
|
||||
# Security settings for better privacy
|
||||
# Deny hidden files
|
||||
location ~ /\.(?!well-known\/) {
|
||||
deny all;
|
||||
}
|
||||
# Use the directory /var/www/html to valide acme-challenge
|
||||
# just create the sub-directories .well-known/acme-challenge and set www-data as owner
|
||||
# #
|
||||
# chown -R www-data:www-data /var/www/html && sudo -u www-data mkdir -p /var/www/html/.well-known/acme-challenge
|
||||
# #
|
||||
location /.well-known/acme-challenge/ {
|
||||
alias /var/www/html/.well-known/acme-challenge/;
|
||||
}
|
||||
# Return 403 forbidden for readme.(txt|html) or license.(txt|html) or example.(txt|html) or other common git repository files
|
||||
location ~* "/(^$|readme|license|example|README|changelog)\.(txt|html|md)" {
|
||||
deny all;
|
||||
}
|
||||
# Deny backup extensions & log files and return 403 forbidden
|
||||
location ~* "\.(old|orig|original|php#|php~|php_bak|save|swo|aspx?|bash|bak?|cfg|cgi|dll|exe|git|hg|ini|jsp|log|mdb|out|sql|svn|swp|tar|rdf)$" {
|
||||
deny all;
|
||||
}
|
||||
# common nginx configuration to block sql injection and other attacks
|
||||
location ~* "(eval\()" {
|
||||
deny all;
|
||||
}
|
||||
location ~* "(127\.0\.0\.1)" {
|
||||
deny all;
|
||||
}
|
||||
location ~* "([a-z0-9]{2000})" {
|
||||
deny all;
|
||||
}
|
||||
location ~* "(javascript\:)(.*)(\;)" {
|
||||
deny all;
|
||||
}
|
||||
location ~* "(base64_encode)(.*)(\()" {
|
||||
deny all;
|
||||
}
|
||||
location ~* "(GLOBALS|REQUEST)(=|\[|%)" {
|
||||
deny all;
|
||||
}
|
||||
location ~* "(<|%3C).*script.*(>|%3)" {
|
||||
deny all;
|
||||
}
|
||||
location ~ "(\\|\.\.\.|\.\./|~|`|<|>|\|)" {
|
||||
deny all;
|
||||
}
|
||||
location ~* "(boot\.ini|etc/passwd|self/environ)" {
|
||||
deny all;
|
||||
}
|
||||
location ~* "(thumbs?(_editor|open)?|tim(thumb)?)\.php" {
|
||||
deny all;
|
||||
}
|
||||
location ~* "(\'|\")(.*)(drop|insert|md5|select|union)" {
|
||||
deny all;
|
||||
}
|
||||
location ~* "(https?|ftp|php):/" {
|
||||
deny all;
|
||||
}
|
||||
location ~* "(=\\\'|=\\%27|/\\\'/?)\." {
|
||||
deny all;
|
||||
}
|
||||
location ~ "(\{0\}|\(/\(|\.\.\.|\+\+\+|\\\"\\\")" {
|
||||
deny all;
|
||||
}
|
||||
location ~ "(~|`|<|>|:|;|%|\\|\s|\{|\}|\[|\]|\|)" {
|
||||
deny all;
|
||||
}
|
||||
location ~* "/(=|\$&|_mm|(wp-)?config\.|cgi-|etc/passwd|muieblack)" {
|
||||
deny all;
|
||||
}
|
||||
location ~* "(&pws=0|_vti_|\(null\)|\{\$itemURL\}|echo(.*)kae|etc/passwd|eval\(|self/environ)" {
|
||||
deny all;
|
||||
}
|
||||
location ~* "/(^$|mobiquo|phpinfo|shell|sqlpatch|thumb|thumb_editor|thumbopen|timthumb|webshell)\.php" {
|
||||
deny all;
|
||||
}
|
||||
# Status pages
|
||||
location = /nginx_status {
|
||||
stub_status on;
|
||||
access_log off;
|
||||
include common/acl.conf;
|
||||
}
|
||||
location ~ ^/(status|ping)$ {
|
||||
include fastcgi_params;
|
||||
include common/acl.conf;
|
||||
fastcgi_pass php7;
|
||||
}
|
|
@ -1,118 +0,0 @@
|
|||
# NGINX CONFIGURATION FOR COMMON LOCATION
|
||||
# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee)
|
||||
# Basic locations files
|
||||
location = /favicon.ico {
|
||||
access_log off;
|
||||
log_not_found off;
|
||||
expires max;
|
||||
}
|
||||
location = /robots.txt {
|
||||
# Some WordPress plugin gererate robots.txt file
|
||||
# Refer #340 issue
|
||||
try_files $uri $uri/ /index.php?$args;
|
||||
access_log off;
|
||||
log_not_found off;
|
||||
}
|
||||
# Cache static files
|
||||
location ~* \.(ogg|ogv|svg|svgz|eot|otf|woff|m4a|mp4|ttf|rss|atom|jpe?g|gif|cur|heic|png|tiff|ico|zip|webm|mp3|aac|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf|swf|webp)$
|
||||
{
|
||||
add_header "Access-Control-Allow-Origin" "*";
|
||||
access_log off;
|
||||
log_not_found off;
|
||||
expires max;
|
||||
}
|
||||
# Cache css & js files
|
||||
location ~* \.(?:css(\.map)?|js(\.map)?)$
|
||||
{
|
||||
add_header "Access-Control-Allow-Origin" "*";
|
||||
access_log off;
|
||||
log_not_found off;
|
||||
expires 30d;
|
||||
}
|
||||
# Security settings for better privacy
|
||||
# Deny hidden files
|
||||
location ~ /\.(?!well-known\/) {
|
||||
deny all;
|
||||
}
|
||||
# Use the directory /var/www/html to valide acme-challenge
|
||||
# just create the sub-directories .well-known/acme-challenge
|
||||
####
|
||||
# sudo chown -R www-data:www-data /var/www/html && sudo -u www-data mkdir -p /var/www/html/.well-known/acme-challenge
|
||||
####
|
||||
# location /.well-known/acme-challenge/ {
|
||||
# alias /var/www/html/.well-known/acme-challenge/;
|
||||
# }
|
||||
# Return 403 forbidden for readme.(txt|html) or license.(txt|html) or example.(txt|html) or other common git repository files
|
||||
location ~* "/(^$|readme|license|example|README|changelog)\.(txt|html|md)" {
|
||||
deny all;
|
||||
}
|
||||
# Deny backup extensions & log files and return 403 forbidden
|
||||
location ~* "\.(old|orig|original|php#|php~|php_bak|save|swo|aspx?|bash|bak?|cfg|cgi|dll|exe|git|hg|ini|jsp|log|mdb|out|sql|svn|swp|tar|rdf)$" {
|
||||
deny all;
|
||||
}
|
||||
# common nginx configuration to block sql injection and other attacks
|
||||
location ~* "(eval\()" {
|
||||
deny all;
|
||||
}
|
||||
location ~* "(127\.0\.0\.1)" {
|
||||
deny all;
|
||||
}
|
||||
location ~* "([a-z0-9]{2000})" {
|
||||
deny all;
|
||||
}
|
||||
location ~* "(javascript\:)(.*)(\;)" {
|
||||
deny all;
|
||||
}
|
||||
location ~* "(base64_encode)(.*)(\()" {
|
||||
deny all;
|
||||
}
|
||||
location ~* "(GLOBALS|REQUEST)(=|\[|%)" {
|
||||
deny all;
|
||||
}
|
||||
location ~* "(<|%3C).*script.*(>|%3)" {
|
||||
deny all;
|
||||
}
|
||||
location ~ "(\\|\.\.\.|\.\./|~|`|<|>|\|)" {
|
||||
deny all;
|
||||
}
|
||||
location ~* "(boot\.ini|etc/passwd|self/environ)" {
|
||||
deny all;
|
||||
}
|
||||
location ~* "(thumbs?(_editor|open)?|tim(thumb)?)\.php" {
|
||||
deny all;
|
||||
}
|
||||
location ~* "(\'|\")(.*)(drop|insert|md5|select|union)" {
|
||||
deny all;
|
||||
}
|
||||
location ~* "(https?|ftp|php):/" {
|
||||
deny all;
|
||||
}
|
||||
location ~* "(=\\\'|=\\%27|/\\\'/?)\." {
|
||||
deny all;
|
||||
}
|
||||
location ~ "(\{0\}|\(/\(|\.\.\.|\+\+\+|\\\"\\\")" {
|
||||
deny all;
|
||||
}
|
||||
location ~ "(~|`|<|>|:|;|%|\\|\s|\{|\}|\[|\]|\|)" {
|
||||
deny all;
|
||||
}
|
||||
location ~* "/(=|\$&|_mm|(wp-)?config\.|cgi-|etc/passwd|muieblack)" {
|
||||
deny all;
|
||||
}
|
||||
location ~* "(&pws=0|_vti_|\(null\)|\{\$itemURL\}|echo(.*)kae|etc/passwd|eval\(|self/environ)" {
|
||||
deny all;
|
||||
}
|
||||
location ~* "/(^$|mobiquo|phpinfo|shell|sqlpatch|thumb|thumb_editor|thumbopen|timthumb|webshell)\.php" {
|
||||
deny all;
|
||||
}
|
||||
# Status pages
|
||||
location /nginx_status {
|
||||
stub_status on;
|
||||
access_log off;
|
||||
include common/acl.conf;
|
||||
}
|
||||
location ~ ^/(status|ping) {
|
||||
include fastcgi_params;
|
||||
fastcgi_pass php71;
|
||||
include common/acl.conf;
|
||||
}
|
|
@ -1,122 +0,0 @@
|
|||
# NGINX CONFIGURATION FOR COMMON LOCATION
|
||||
# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee)
|
||||
# Basic locations files
|
||||
location = /favicon.ico {
|
||||
try_files /favicon.ico @empty;
|
||||
access_log off;
|
||||
log_not_found off;
|
||||
expires max;
|
||||
|
||||
}
|
||||
|
||||
location @empty {
|
||||
empty_gif;
|
||||
}
|
||||
location = /robots.txt {
|
||||
# Some WordPress plugin gererate robots.txt file
|
||||
# Refer #340 issue
|
||||
try_files $uri $uri/ /index.php?$args;
|
||||
access_log off;
|
||||
log_not_found off;
|
||||
}
|
||||
# Cache static files
|
||||
location ~* \.(ogg|ogv|svg|svgz|eot|otf|woff|woff2|ttf|m4a|mp4|ttf|rss|atom|jpe?g|gif|cur|heic|png|tiff|ico|zip|webm|mp3|aac|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf|swf|webp)$ {
|
||||
add_header "Access-Control-Allow-Origin" "*";
|
||||
access_log off;
|
||||
log_not_found off;
|
||||
expires max;
|
||||
}
|
||||
# Cache css & js files
|
||||
location ~* \.(?:css(\.map)?|js(\.map)?)$ {
|
||||
add_header "Access-Control-Allow-Origin" "*";
|
||||
access_log off;
|
||||
log_not_found off;
|
||||
expires 30d;
|
||||
}
|
||||
# Security settings for better privacy
|
||||
# Deny hidden files
|
||||
location ~ /\.(?!well-known\/) {
|
||||
deny all;
|
||||
}
|
||||
# Use the directory /var/www/html to valide acme-challenge
|
||||
# just create the sub-directories .well-known/acme-challenge
|
||||
####
|
||||
# sudo chown -R www-data:www-data /var/www/html && sudo -u www-data mkdir -p /var/www/html/.well-known/acme-challenge
|
||||
####
|
||||
# location /.well-known/acme-challenge/ {
|
||||
# alias /var/www/html/.well-known/acme-challenge/;
|
||||
# }
|
||||
# Return 403 forbidden for readme.(txt|html) or license.(txt|html) or example.(txt|html) or other common git repository files
|
||||
location ~* "/(^$|readme|license|example|README|LEGALNOTICE|INSTALLATION|CHANGELOG)\.(txt|html|md)" {
|
||||
deny all;
|
||||
}
|
||||
# Deny backup extensions & log files and return 403 forbidden
|
||||
location ~* "\.(old|orig|original|php#|php~|php_bak|save|swo|aspx?|tpl|sh|bash|bak?|cfg|cgi|dll|exe|git|hg|ini|jsp|log|mdb|out|sql|svn|swp|tar|rdf)$" {
|
||||
deny all;
|
||||
}
|
||||
# common nginx configuration to block sql injection and other attacks
|
||||
location ~* "(eval\()" {
|
||||
deny all;
|
||||
}
|
||||
location ~* "(127\.0\.0\.1)" {
|
||||
deny all;
|
||||
}
|
||||
location ~* "([a-z0-9]{2000})" {
|
||||
deny all;
|
||||
}
|
||||
location ~* "(javascript\:)(.*)(\;)" {
|
||||
deny all;
|
||||
}
|
||||
location ~* "(base64_encode)(.*)(\()" {
|
||||
deny all;
|
||||
}
|
||||
location ~* "(GLOBALS|REQUEST)(=|\[|%)" {
|
||||
deny all;
|
||||
}
|
||||
location ~* "(<|%3C).*script.*(>|%3)" {
|
||||
deny all;
|
||||
}
|
||||
location ~ "(\\|\.\.\.|\.\./|~|`|<|>|\|)" {
|
||||
deny all;
|
||||
}
|
||||
location ~* "(boot\.ini|etc/passwd|self/environ)" {
|
||||
deny all;
|
||||
}
|
||||
location ~* "(thumbs?(_editor|open)?|tim(thumb)?)\.php" {
|
||||
deny all;
|
||||
}
|
||||
location ~* "(\'|\")(.*)(drop|insert|md5|select|union)" {
|
||||
deny all;
|
||||
}
|
||||
location ~* "(https?|ftp|php):/" {
|
||||
deny all;
|
||||
}
|
||||
location ~* "(=\\\'|=\\%27|/\\\'/?)\." {
|
||||
deny all;
|
||||
}
|
||||
location ~ "(\{0\}|\(/\(|\.\.\.|\+\+\+|\\\"\\\")" {
|
||||
deny all;
|
||||
}
|
||||
location ~ "(~|`|<|>|:|;|%|\\|\s|\{|\}|\[|\]|\|)" {
|
||||
deny all;
|
||||
}
|
||||
location ~* "/(=|\$&|_mm|(wp-)?config\.|cgi-|etc/passwd|muieblack)" {
|
||||
deny all;
|
||||
}
|
||||
location ~* "(&pws=0|_vti_|\(null\)|\{\$itemURL\}|echo(.*)kae|etc/passwd|eval\(|self/environ)" {
|
||||
deny all;
|
||||
}
|
||||
location ~* "/(^$|mobiquo|phpinfo|shell|sqlpatch|thumb|thumb_editor|thumbopen|timthumb|webshell|config|settings|configuration)\.php" {
|
||||
deny all;
|
||||
}
|
||||
# Status pages
|
||||
location /nginx_status {
|
||||
stub_status on;
|
||||
access_log off;
|
||||
include common/acl.conf;
|
||||
}
|
||||
location ~ ^/(status|ping) {
|
||||
include fastcgi_params;
|
||||
include common/acl.conf;
|
||||
fastcgi_pass php72;
|
||||
}
|
|
@ -1,112 +0,0 @@
|
|||
# NGINX CONFIGURATION FOR COMMON LOCATION
|
||||
# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee)
|
||||
# Basic locations files
|
||||
location = /favicon.ico {
|
||||
access_log off;
|
||||
log_not_found off;
|
||||
expires max;
|
||||
}
|
||||
location = /robots.txt {
|
||||
# Some WordPress plugin gererate robots.txt file
|
||||
# Refer #340 issue
|
||||
try_files $uri $uri/ /index.php?$args;
|
||||
access_log off;
|
||||
log_not_found off;
|
||||
}
|
||||
# Cache static files
|
||||
location ~* \.(ogg|ogv|svg|svgz|eot|otf|woff|m4a|mp4|ttf|rss|atom|jpe?g|gif|cur|heic|png|tiff|ico|zip|webm|mp3|aac|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf|swf|webp)$ {
|
||||
add_header "Access-Control-Allow-Origin" "*";
|
||||
access_log off;
|
||||
log_not_found off;
|
||||
expires max;
|
||||
}
|
||||
# Cache css & js files
|
||||
location ~* \.(?:css(\.map)?|js(\.map)?)$ {
|
||||
add_header "Access-Control-Allow-Origin" "*";
|
||||
access_log off;
|
||||
log_not_found off;
|
||||
expires 30d;
|
||||
}
|
||||
# Security settings for better privacy
|
||||
# Deny hidden files
|
||||
location ~ /\.(?!well-known\/) {
|
||||
deny all;
|
||||
}
|
||||
# Use the directory /var/www/html to valide acme-challenge
|
||||
# just create the sub-directories .well-known/acme-challenge and set www-data as owner
|
||||
# #
|
||||
# chown -R www-data:www-data /var/www/html && sudo -u www-data mkdir -p /var/www/html/.well-known/acme-challenge
|
||||
# #
|
||||
location /.well-known/acme-challenge/ {
|
||||
alias /var/www/html/.well-known/acme-challenge/;
|
||||
}
|
||||
# Return 403 forbidden for readme.(txt|html) or license.(txt|html) or example.(txt|html) or other common git repository files
|
||||
location ~* "/(^$|readme|license|example|README|changelog)\.(txt|html|md)" {
|
||||
deny all;
|
||||
}
|
||||
# Deny backup extensions & log files and return 403 forbidden
|
||||
location ~* "\.(old|orig|original|php#|php~|php_bak|save|swo|aspx?|bash|bak?|cfg|cgi|dll|exe|git|hg|ini|jsp|log|mdb|out|sql|svn|swp|tar|rdf)$" {
|
||||
deny all;
|
||||
}
|
||||
# common nginx configuration to block sql injection and other attacks
|
||||
location ~* "(eval\()" {
|
||||
deny all;
|
||||
}
|
||||
location ~* "(127\.0\.0\.1)" {
|
||||
deny all;
|
||||
}
|
||||
location ~* "([a-z0-9]{2000})" {
|
||||
deny all;
|
||||
}
|
||||
location ~* "(javascript\:)(.*)(\;)" {
|
||||
deny all;
|
||||
}
|
||||
location ~* "(base64_encode)(.*)(\()" {
|
||||
deny all;
|
||||
}
|
||||
location ~* "(GLOBALS|REQUEST)(=|\[|%)" {
|
||||
deny all;
|
||||
}
|
||||
location ~* "(<|%3C).*script.*(>|%3)" {
|
||||
deny all;
|
||||
}
|
||||
location ~ "(\\|\.\.\.|\.\./|~|`|<|>|\|)" {
|
||||
deny all;
|
||||
}
|
||||
location ~* "(boot\.ini|etc/passwd|self/environ)" {
|
||||
deny all;
|
||||
}
|
||||
location ~* "(thumbs?(_editor|open)?|tim(thumb)?)\.php" {
|
||||
deny all;
|
||||
}
|
||||
location ~* "(\'|\")(.*)(drop|insert|md5|select|union)" {
|
||||
deny all;
|
||||
}
|
||||
location ~* "(https?|ftp|php):/" {
|
||||
deny all;
|
||||
}
|
||||
location ~* "(=\\\'|=\\%27|/\\\'/?)\." {
|
||||
deny all;
|
||||
}
|
||||
location ~ "(\{0\}|\(/\(|\.\.\.|\+\+\+|\\\"\\\")" {
|
||||
deny all;
|
||||
}
|
||||
location ~ "(~|`|<|>|:|;|%|\\|\s|\{|\}|\[|\]|\|)" {
|
||||
deny all;
|
||||
}
|
||||
location ~* "/(=|\$&|_mm|(wp-)?config\.|cgi-|etc/passwd|muieblack)" {
|
||||
deny all;
|
||||
}
|
||||
location ~* "(&pws=0|_vti_|\(null\)|\{\$itemURL\}|echo(.*)kae|etc/passwd|eval\(|self/environ)" {
|
||||
deny all;
|
||||
}
|
||||
location ~* "/(^$|mobiquo|phpinfo|shell|sqlpatch|thumb|thumb_editor|thumbopen|timthumb|webshell)\.php" {
|
||||
deny all;
|
||||
}
|
||||
# Status pages
|
||||
location = /nginx_status {
|
||||
stub_status on;
|
||||
access_log off;
|
||||
include common/acl.conf;
|
||||
}
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
##OCSP settings
|
||||
ssl_stapling on;
|
||||
ssl_stapling_verify on;
|
||||
#ssl_trusted_certificate /etc/ssl/private/ocsp-certs.pem; # <- Add signing certs here
|
|
@ -1,30 +0,0 @@
|
|||
pagespeed on;
|
||||
# Ensure requests for pagespeed optimized resources go to the pagespeed handler
|
||||
# and no extraneous headers get set.
|
||||
location ~ "\.pagespeed\.([a-z]\.)?[a-z]{2}\.[^.]{10}\.[^.]+" {
|
||||
add_header "" "";
|
||||
}
|
||||
location ~ "^/pagespeed_static/" { }
|
||||
location ~ "^/ngx_pagespeed_beacon$" { }
|
||||
pagespeed RewriteLevel PassThrough;
|
||||
pagespeed EnableFilters combine_css;
|
||||
pagespeed EnableFilters combine_javascript;
|
||||
pagespeed EnableFilters rewrite_javascript;
|
||||
#pagespeed EnableFilters rewrite_images;
|
||||
#pagespeed EnableFilters defer_javascript;
|
||||
#pagespeed EnableFilters convert_to_webp_lossless;
|
||||
#pagespeed EnableFilters resize_rendered_image_dimensions;
|
||||
pagespeed PreserveUrlRelativity on;
|
||||
#pagespeed MaxCombinedCssBytes -1;
|
||||
pagespeed AvoidRenamingIntrospectiveJavascript on;
|
||||
#pagespeed MaxInlinedPreviewImagesIndex -1;
|
||||
pagespeed EnableFilters convert_meta_tags,extend_cache,rewrite_javascript_inline;
|
||||
pagespeed Domain *.virtubox.net;
|
||||
|
||||
location /ngx_pagespeed_statistics { include common/acl.conf; }
|
||||
location /ngx_pagespeed_global_statistics { include common/acl.conf; }
|
||||
location /ngx_pagespeed_message { include common/acl.conf; }
|
||||
location /pagespeed_console { include common/acl.conf; }
|
||||
location ~ ^/pagespeed_admin { include common/acl.conf; }
|
||||
location ~ ^/pagespeed_global_admin { include common/acl.conf; }
|
||||
|
|
@ -1,10 +0,0 @@
|
|||
# PHP NGINX CONFIGURATION
|
||||
# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee)
|
||||
location / {
|
||||
try_files $uri $uri/ /index.php?$args;
|
||||
}
|
||||
location ~ \.php$ {
|
||||
try_files $uri =404;
|
||||
include fastcgi_params;
|
||||
fastcgi_pass php71;
|
||||
}
|
|
@ -1,10 +0,0 @@
|
|||
# PHP NGINX CONFIGURATION
|
||||
# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee)
|
||||
location / {
|
||||
try_files $uri $uri/ /index.php?$args;
|
||||
}
|
||||
location ~ \.php$ {
|
||||
try_files $uri =404;
|
||||
include fastcgi_params;
|
||||
fastcgi_pass php72;
|
||||
}
|
|
@ -1,21 +0,0 @@
|
|||
# nginx common web app exploits protection
|
||||
|
||||
location ~* "(eval\()" { deny all; }
|
||||
location ~* "(127\.0\.0\.1)" { deny all; }
|
||||
location ~* "([a-z0-9]{2000})" { deny all; }
|
||||
location ~* "(javascript\:)(.*)(\;)" { deny all; }
|
||||
location ~* "(base64_encode)(.*)(\()" { deny all; }
|
||||
location ~* "(GLOBALS|REQUEST)(=|\[|%)" { deny all; }
|
||||
location ~* "(<|%3C).*script.*(>|%3)" { deny all; }
|
||||
location ~ "(\\|\.\.\.|\.\./|~|`|<|>|\|)" { deny all; }
|
||||
location ~* "(boot\.ini|etc/passwd|self/environ)" { deny all; }
|
||||
location ~* "(thumbs?(_editor|open)?|tim(thumb)?)\.php" { deny all; }
|
||||
location ~* "(\'|\")(.*)(drop|insert|md5|select|union)" { deny all; }
|
||||
location ~* "(https?|ftp|php):/" { deny all; }
|
||||
location ~* "(=\\\'|=\\%27|/\\\'/?)\." { deny all; }
|
||||
location ~ "(\{0\}|\(/\(|\.\.\.|\+\+\+|\\\"\\\")" { deny all; }
|
||||
location ~ "(~|`|<|>|:|;|%|\\|\s|\{|\}|\[|\]|\|)" { deny all; }
|
||||
location ~* "/(=|\$&|_mm|(wp-)?config\.|cgi-|etc/passwd|muieblack)" { deny all; }
|
||||
location ~* "(&pws=0|_vti_|\(null\)|\{\$itemURL\}|echo(.*)kae|etc/passwd|eval\(|self/environ)" { deny all; }
|
||||
location ~* "\.(aspx?|bash|bak?|cfg|cgi|dll|exe|git|hg|ini|jsp|log|mdb|out|sql|svn|swp|tar|rdf)$" { deny all; }
|
||||
location ~* "/(^$|mobiquo|phpinfo|shell|sqlpatch|thumb|thumb_editor|thumbopen|timthumb|webshell)\.php" { deny all; }
|
|
@ -1,56 +0,0 @@
|
|||
# Redis NGINX CONFIGURATION
|
||||
# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee)
|
||||
set $skip_cache 0;
|
||||
# POST requests and URL with a query string should always go to php
|
||||
if ($request_method = POST) {
|
||||
set $skip_cache 1;
|
||||
}
|
||||
if ($query_string != "") {
|
||||
set $skip_cache 1;
|
||||
}
|
||||
# Don't cache URL containing the following segments
|
||||
if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|wp-.*\.php|index.php|/feed/|.*sitemap.*\.xml)") {
|
||||
set $skip_cache 1;
|
||||
}
|
||||
# Don't use the cache for logged in users or recent commenter or customer with items in cart
|
||||
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|[a-z0-9]+_items_in_cart") {
|
||||
set $skip_cache 1;
|
||||
}
|
||||
# Use cached or actual file if they exists, Otherwise pass request to WordPress
|
||||
location / {
|
||||
try_files $uri $uri/ /index.php?$args;
|
||||
}
|
||||
|
||||
location /redis-fetch {
|
||||
internal ;
|
||||
set $redis_key $args;
|
||||
redis_pass redis;
|
||||
}
|
||||
location /redis-store {
|
||||
internal ;
|
||||
set_unescape_uri $key $arg_key ;
|
||||
redis2_query set $key $echo_request_body;
|
||||
redis2_query expire $key 14400;
|
||||
redis2_pass redis;
|
||||
}
|
||||
|
||||
location ~ \.php$ {
|
||||
set $key "nginx-cache:$scheme$request_method$host$request_uri";
|
||||
try_files $uri =404;
|
||||
|
||||
srcache_fetch_skip $skip_cache;
|
||||
srcache_store_skip $skip_cache;
|
||||
|
||||
srcache_response_cache_control off;
|
||||
|
||||
set_escape_uri $escaped_key $key;
|
||||
|
||||
srcache_fetch GET /redis-fetch $key;
|
||||
srcache_store PUT /redis-store key=$escaped_key;
|
||||
|
||||
more_set_headers 'X-SRCache-Fetch-Status $srcache_fetch_status';
|
||||
more_set_headers 'X-SRCache-Store-Status $srcache_store_status';
|
||||
|
||||
include fastcgi_params;
|
||||
fastcgi_pass php71;
|
||||
}
|
|
@ -1,56 +0,0 @@
|
|||
# Redis NGINX CONFIGURATION
|
||||
# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee)
|
||||
set $skip_cache 0;
|
||||
# POST requests and URL with a query string should always go to php
|
||||
if ($request_method = POST) {
|
||||
set $skip_cache 1;
|
||||
}
|
||||
if ($query_string != "") {
|
||||
set $skip_cache 1;
|
||||
}
|
||||
# Don't cache URL containing the following segments
|
||||
if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|wp-.*\.php|index.php|/feed/|.*sitemap.*\.xml)") {
|
||||
set $skip_cache 1;
|
||||
}
|
||||
# Don't use the cache for logged in users or recent commenter or customer with items in cart
|
||||
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|[a-z0-9]+_items_in_cart") {
|
||||
set $skip_cache 1;
|
||||
}
|
||||
# Use cached or actual file if they exists, Otherwise pass request to WordPress
|
||||
location / {
|
||||
try_files $uri $uri/ /index.php?$args;
|
||||
}
|
||||
|
||||
location /redis-fetch {
|
||||
internal ;
|
||||
set $redis_key $args;
|
||||
redis_pass redis;
|
||||
}
|
||||
location /redis-store {
|
||||
internal ;
|
||||
set_unescape_uri $key $arg_key ;
|
||||
redis2_query set $key $echo_request_body;
|
||||
redis2_query expire $key 14400;
|
||||
redis2_pass redis;
|
||||
}
|
||||
|
||||
location ~ \.php$ {
|
||||
set $key "nginx-cache:$scheme$request_method$host$request_uri";
|
||||
try_files $uri =404;
|
||||
|
||||
srcache_fetch_skip $skip_cache;
|
||||
srcache_store_skip $skip_cache;
|
||||
|
||||
srcache_response_cache_control off;
|
||||
|
||||
set_escape_uri $escaped_key $key;
|
||||
|
||||
srcache_fetch GET /redis-fetch $key;
|
||||
srcache_store PUT /redis-store key=$escaped_key;
|
||||
|
||||
more_set_headers 'X-SRCache-Fetch-Status $srcache_fetch_status';
|
||||
more_set_headers 'X-SRCache-Store-Status $srcache_store_status';
|
||||
|
||||
include fastcgi_params;
|
||||
fastcgi_pass php72;
|
||||
}
|
|
@ -1,31 +0,0 @@
|
|||
|
||||
# W3TC NGINX CONFIGURATION
|
||||
# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee)
|
||||
set $cache_uri $request_uri;
|
||||
# POST requests and URL with a query string should always go to php
|
||||
if ($request_method = POST) {
|
||||
set $cache_uri 'null cache';
|
||||
}
|
||||
if ($query_string != "") {
|
||||
set $cache_uri 'null cache';
|
||||
}
|
||||
# Don't cache URL containing the following segments
|
||||
if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|wp-.*\.php|index.php|/feed/|.*sitemap.*\.xml)") {
|
||||
set $cache_uri 'null cache';
|
||||
}
|
||||
# Don't use the cache for logged in users or recent commenter or customer with items in cart
|
||||
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|[a-z0-9]+_items_in_cart") {
|
||||
set $cache_uri 'null cache';
|
||||
}
|
||||
# Use cached or actual file if they exists, Otherwise pass request to WordPress
|
||||
location / {
|
||||
try_files /wp-content/cache/page_enhanced/${host}${cache_uri}_index.html $uri $uri/ /index.php?$args;
|
||||
}
|
||||
location ~ ^/wp-content/cache/minify/(.+\.(css|js))$ {
|
||||
try_files $uri /wp-content/plugins/w3-total-cache/pub/minify.php?file=$1;
|
||||
}
|
||||
location ~ \.php$ {
|
||||
try_files $uri =404;
|
||||
include fastcgi_params;
|
||||
fastcgi_pass php71;
|
||||
}
|
|
@ -1,31 +0,0 @@
|
|||
|
||||
# W3TC NGINX CONFIGURATION
|
||||
# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee)
|
||||
set $cache_uri $request_uri;
|
||||
# POST requests and URL with a query string should always go to php
|
||||
if ($request_method = POST) {
|
||||
set $cache_uri 'null cache';
|
||||
}
|
||||
if ($query_string != "") {
|
||||
set $cache_uri 'null cache';
|
||||
}
|
||||
# Don't cache URL containing the following segments
|
||||
if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|wp-.*\.php|index.php|/feed/|.*sitemap.*\.xml)") {
|
||||
set $cache_uri 'null cache';
|
||||
}
|
||||
# Don't use the cache for logged in users or recent commenter or customer with items in cart
|
||||
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|[a-z0-9]+_items_in_cart") {
|
||||
set $cache_uri 'null cache';
|
||||
}
|
||||
# Use cached or actual file if they exists, Otherwise pass request to WordPress
|
||||
location / {
|
||||
try_files /wp-content/cache/page_enhanced/${host}${cache_uri}_index.html $uri $uri/ /index.php?$args;
|
||||
}
|
||||
location ~ ^/wp-content/cache/minify/(.+\.(css|js))$ {
|
||||
try_files $uri /wp-content/plugins/w3-total-cache/pub/minify.php?file=$1;
|
||||
}
|
||||
location ~ \.php$ {
|
||||
try_files $uri =404;
|
||||
include fastcgi_params;
|
||||
fastcgi_pass php72;
|
||||
}
|
|
@ -1,37 +0,0 @@
|
|||
# WordPress COMMON SETTINGS
|
||||
# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee)
|
||||
# Limit access to avoid brute force attack
|
||||
location = /wp-login.php {
|
||||
limit_req zone=one burst=1 nodelay;
|
||||
include fastcgi_params;
|
||||
fastcgi_pass php7;
|
||||
}
|
||||
# Disable wp-config.txt
|
||||
location = /wp-config.txt {
|
||||
deny all;
|
||||
access_log off;
|
||||
log_not_found off;
|
||||
}
|
||||
# Disallow php in upload folder and add webp rewrite
|
||||
location /wp-content/uploads/ {
|
||||
location ~ \.php$ {
|
||||
#Prevent Direct Access Of PHP Files From Web Browsers
|
||||
deny all;
|
||||
}
|
||||
# webp rewrite rules
|
||||
location ~ \.(png|jpe?g)$ {
|
||||
add_header Vary "Accept-Encoding";
|
||||
add_header "Access-Control-Allow-Origin" "*";
|
||||
add_header Cache-Control "public, no-transform";
|
||||
access_log off;
|
||||
log_not_found off;
|
||||
expires max;
|
||||
try_files $uri$webp_suffix $uri =404;
|
||||
}
|
||||
}
|
||||
# mitigate DoS attack CVE with WordPress script concatenation
|
||||
# add the following line to wp-config.php
|
||||
# define( 'CONCATENATE_SCRIPTS', false );
|
||||
location ~ \/wp-admin\/load-(scripts|styles).php {
|
||||
deny all;
|
||||
}
|
|
@ -1,37 +0,0 @@
|
|||
# WordPress COMMON SETTINGS
|
||||
# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee)
|
||||
# Limit access to avoid brute force attack
|
||||
location = /wp-login.php {
|
||||
limit_req zone=one burst=1 nodelay;
|
||||
include fastcgi_params;
|
||||
fastcgi_pass php71;
|
||||
}
|
||||
# Disable wp-config.txt
|
||||
location = /wp-config.txt {
|
||||
deny all;
|
||||
access_log off;
|
||||
log_not_found off;
|
||||
}
|
||||
# Disallow php in upload folder and add webp rewrite
|
||||
location /wp-content/uploads/ {
|
||||
location ~ \.php$ {
|
||||
#Prevent Direct Access Of PHP Files From Web Browsers
|
||||
deny all;
|
||||
}
|
||||
# webp rewrite rules
|
||||
location ~ \.(png|jpe?g)$ {
|
||||
add_header Vary "Accept-Encoding";
|
||||
add_header "Access-Control-Allow-Origin" "*";
|
||||
add_header Cache-Control "public, no-transform";
|
||||
access_log off;
|
||||
log_not_found off;
|
||||
expires max;
|
||||
try_files $uri$webp_suffix $uri =404;
|
||||
}
|
||||
}
|
||||
# mitigate DoS attack CVE with WordPress script concatenation
|
||||
# add the following line to wp-config.php
|
||||
# define( 'CONCATENATE_SCRIPTS', false );
|
||||
location ~ \/wp-admin\/load-(scripts|styles).php {
|
||||
deny all;
|
||||
}
|
|
@ -1,37 +0,0 @@
|
|||
# WordPress COMMON SETTINGS
|
||||
# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee)
|
||||
# Limit access to avoid brute force attack
|
||||
location = /wp-login.php {
|
||||
limit_req zone=one burst=1 nodelay;
|
||||
include fastcgi_params;
|
||||
fastcgi_pass php72;
|
||||
}
|
||||
# Disable wp-config.txt
|
||||
location = /wp-config.txt {
|
||||
deny all;
|
||||
access_log off;
|
||||
log_not_found off;
|
||||
}
|
||||
# Disallow php in upload folder and add webp rewrite
|
||||
location /wp-content/uploads/ {
|
||||
location ~ \.php$ {
|
||||
#Prevent Direct Access Of PHP Files From Web Browsers
|
||||
deny all;
|
||||
}
|
||||
# webp rewrite rules
|
||||
location ~ \.(png|jpe?g)$ {
|
||||
add_header Vary "Accept-Encoding";
|
||||
add_header "Access-Control-Allow-Origin" "*";
|
||||
add_header Cache-Control "public, no-transform";
|
||||
access_log off;
|
||||
log_not_found off;
|
||||
expires max;
|
||||
try_files $uri$webp_suffix $uri =404;
|
||||
}
|
||||
}
|
||||
# mitigate DoS attack CVE with WordPress script concatenation
|
||||
# add the following line to wp-config.php
|
||||
# define( 'CONCATENATE_SCRIPTS', false );
|
||||
location ~ \/wp-admin\/load-(scripts|styles).php {
|
||||
deny all;
|
||||
}
|
|
@ -1,37 +0,0 @@
|
|||
# WPFC NGINX CONFIGURATION
|
||||
# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee)
|
||||
set $skip_cache 0;
|
||||
# POST requests and URL with a query string should always go to php
|
||||
if ($request_method = POST) {
|
||||
set $skip_cache 1;
|
||||
}
|
||||
if ($query_string != "") {
|
||||
set $skip_cache 1;
|
||||
}
|
||||
# Don't cache URL containing the following segments
|
||||
if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|wp-.*\.php|index.php|/feed/|.*sitemap.*\.xml)") {
|
||||
set $skip_cache 1;
|
||||
}
|
||||
# Don't use the cache for logged in users or recent commenter or customer with items in cart
|
||||
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|[a-z0-9]+_items_in_cart") {
|
||||
set $skip_cache 1;
|
||||
}
|
||||
# Use cached or actual file if they exists, Otherwise pass request to WordPress
|
||||
location / {
|
||||
try_files $uri $uri/ /index.php?$args;
|
||||
}
|
||||
location ~ ^/wp-content/cache/minify/(.+\.(css|js))$ {
|
||||
try_files $uri /wp-content/plugins/w3-total-cache/pub/minify.php?file=$1;
|
||||
}
|
||||
location ~ \.php$ {
|
||||
try_files $uri =404;
|
||||
include fastcgi_params;
|
||||
fastcgi_pass php71;
|
||||
fastcgi_cache_bypass $skip_cache;
|
||||
fastcgi_no_cache $skip_cache;
|
||||
fastcgi_cache WORDPRESS;
|
||||
}
|
||||
location ~ /purge(/.*) {
|
||||
fastcgi_cache_purge WORDPRESS "$scheme$request_method$host$1";
|
||||
access_log off;
|
||||
}
|
|
@ -1,37 +0,0 @@
|
|||
# WPFC NGINX CONFIGURATION
|
||||
# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee)
|
||||
set $skip_cache 0;
|
||||
# POST requests and URL with a query string should always go to php
|
||||
if ($request_method = POST) {
|
||||
set $skip_cache 1;
|
||||
}
|
||||
if ($query_string != "") {
|
||||
set $skip_cache 1;
|
||||
}
|
||||
# Don't cache URL containing the following segments
|
||||
if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|wp-.*\.php|index.php|/feed/|.*sitemap.*\.xml)") {
|
||||
set $skip_cache 1;
|
||||
}
|
||||
# Don't use the cache for logged in users or recent commenter or customer with items in cart
|
||||
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|[a-z0-9]+_items_in_cart") {
|
||||
set $skip_cache 1;
|
||||
}
|
||||
# Use cached or actual file if they exists, Otherwise pass request to WordPress
|
||||
location / {
|
||||
try_files $uri $uri/ /index.php?$args;
|
||||
}
|
||||
location ~ ^/wp-content/cache/minify/(.+\.(css|js))$ {
|
||||
try_files $uri /wp-content/plugins/w3-total-cache/pub/minify.php?file=$1;
|
||||
}
|
||||
location ~ \.php$ {
|
||||
try_files $uri =404;
|
||||
include fastcgi_params;
|
||||
fastcgi_pass php72;
|
||||
fastcgi_cache_bypass $skip_cache;
|
||||
fastcgi_no_cache $skip_cache;
|
||||
fastcgi_cache WORDPRESS;
|
||||
}
|
||||
location ~ /purge(/.*) {
|
||||
fastcgi_cache_purge WORDPRESS "$scheme$request_method$host$1";
|
||||
access_log off;
|
||||
}
|
|
@ -1,31 +0,0 @@
|
|||
# WPSC NGINX CONFIGURATION
|
||||
# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee)
|
||||
set $cache_uri $request_uri;
|
||||
# POST requests and URL with a query string should always go to php
|
||||
if ($request_method = POST) {
|
||||
set $cache_uri 'null cache';
|
||||
}
|
||||
if ($query_string != "") {
|
||||
set $cache_uri 'null cache';
|
||||
}
|
||||
# Don't cache URL containing the following segments
|
||||
if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|wp-.*\.php|index.php|/feed/|.*sitemap.*\.xml)") {
|
||||
set $cache_uri 'null cache';
|
||||
}
|
||||
# Don't use the cache for logged in users or recent commenter or customer with items in cart
|
||||
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|[a-z0-9]+_items_in_cart") {
|
||||
set $cache_uri 'null cache';
|
||||
}
|
||||
# Use cached or actual file if they exists, Otherwise pass request to WordPress
|
||||
location / {
|
||||
# If we add index.php?$args its break WooCommerce like plugins
|
||||
# Ref: #330
|
||||
try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php;
|
||||
}
|
||||
location ~ \.php$ {
|
||||
try_files $uri =404;
|
||||
include fastcgi_params;
|
||||
fastcgi_pass php71;
|
||||
# Following line is needed by WP Super Cache plugin
|
||||
fastcgi_param SERVER_NAME $http_host;
|
||||
}
|
|
@ -1,31 +0,0 @@
|
|||
# WPSC NGINX CONFIGURATION
|
||||
# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee)
|
||||
set $cache_uri $request_uri;
|
||||
# POST requests and URL with a query string should always go to php
|
||||
if ($request_method = POST) {
|
||||
set $cache_uri 'null cache';
|
||||
}
|
||||
if ($query_string != "") {
|
||||
set $cache_uri 'null cache';
|
||||
}
|
||||
# Don't cache URL containing the following segments
|
||||
if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|wp-.*\.php|index.php|/feed/|.*sitemap.*\.xml)") {
|
||||
set $cache_uri 'null cache';
|
||||
}
|
||||
# Don't use the cache for logged in users or recent commenter or customer with items in cart
|
||||
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|[a-z0-9]+_items_in_cart") {
|
||||
set $cache_uri 'null cache';
|
||||
}
|
||||
# Use cached or actual file if they exists, Otherwise pass request to WordPress
|
||||
location / {
|
||||
# If we add index.php?$args its break WooCommerce like plugins
|
||||
# Ref: #330
|
||||
try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php;
|
||||
}
|
||||
location ~ \.php$ {
|
||||
try_files $uri =404;
|
||||
include fastcgi_params;
|
||||
fastcgi_pass php72;
|
||||
# Following line is needed by WP Super Cache plugin
|
||||
fastcgi_param SERVER_NAME $http_host;
|
||||
}
|
|
@ -1,27 +0,0 @@
|
|||
# $remote_addr rewriting in case of NGINX behind CloudFlare.
|
||||
# See also mod_cloudflare Apache module configuration.
|
||||
|
||||
set_real_ip_from 103.21.244.0/22;
|
||||
set_real_ip_from 103.22.200.0/22;
|
||||
set_real_ip_from 103.31.4.0/22;
|
||||
set_real_ip_from 104.16.0.0/12;
|
||||
set_real_ip_from 108.162.192.0/18;
|
||||
set_real_ip_from 131.0.72.0/22;
|
||||
set_real_ip_from 141.101.64.0/18;
|
||||
set_real_ip_from 162.158.0.0/15;
|
||||
set_real_ip_from 172.64.0.0/13;
|
||||
set_real_ip_from 173.245.48.0/20;
|
||||
set_real_ip_from 188.114.96.0/20;
|
||||
set_real_ip_from 190.93.240.0/20;
|
||||
set_real_ip_from 197.234.240.0/22;
|
||||
set_real_ip_from 198.41.128.0/17;
|
||||
set_real_ip_from 2400:cb00::/32;
|
||||
set_real_ip_from 2606:4700::/32;
|
||||
set_real_ip_from 2803:f800::/32;
|
||||
set_real_ip_from 2405:b500::/32;
|
||||
set_real_ip_from 2405:8100::/32;
|
||||
set_real_ip_from 2c0f:f248::/32;
|
||||
set_real_ip_from 2a06:98c0::/29;
|
||||
|
||||
real_ip_header CF-Connecting-IP;
|
||||
#real_ip_header X-Forwarded-For;
|
|
@ -1,19 +0,0 @@
|
|||
# FastCGI cache settings
|
||||
fastcgi_cache_path /var/run/nginx-cache levels=1:2 keys_zone=WORDPRESS:50m inactive=60m;
|
||||
fastcgi_cache_key "$scheme$request_method$host$request_uri";
|
||||
fastcgi_cache_use_stale error timeout invalid_header updating http_500 http_503;
|
||||
fastcgi_buffers 256 32k;
|
||||
fastcgi_buffer_size 256k;
|
||||
fastcgi_connect_timeout 4s;
|
||||
fastcgi_send_timeout 120s;
|
||||
fastcgi_busy_buffers_size 512k;
|
||||
fastcgi_temp_file_write_size 512K;
|
||||
fastcgi_param SERVER_NAME $http_host;
|
||||
fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
|
||||
fastcgi_keep_conn on;
|
||||
|
||||
#Others
|
||||
open_file_cache max=2000 inactive=20s;
|
||||
open_file_cache_valid 60s;
|
||||
open_file_cache_min_uses 5;
|
||||
open_file_cache_errors off;
|
|
@ -1,42 +0,0 @@
|
|||
map $http_x_requested_with $http_request_no_cache {
|
||||
default 0;
|
||||
XMLHttpRequest 1;
|
||||
}
|
||||
map $http_cookie $cookie_no_cache {
|
||||
default 0;
|
||||
"~*wordpress_[a-f0-9]+" 1;
|
||||
"~*wp-postpass" 1;
|
||||
"~*wordpress_logged_in" 1;
|
||||
"~*wordpress_no_cache" 1;
|
||||
"~*comment_author" 1;
|
||||
"~*woocommerce_items_in_cart" 1;
|
||||
"~*woocommerce_cart_hash" 1;
|
||||
"~*wptouch_switch_toogle" 1;
|
||||
"~*comment_author_email_" 1;
|
||||
}
|
||||
map $request_uri $uri_no_cache {
|
||||
default 0;
|
||||
"~*/wp-admin/" 1;
|
||||
"~*/wp-[a-zA-Z0-9-]+.php" 1;
|
||||
"~*/feed/" 1;
|
||||
"~*/index.php" 1;
|
||||
"~*/[a-z0-9_-]+-sitemap([0-9]+)?.xml" 1;
|
||||
"~*/sitemap(_index)?.xml" 1;
|
||||
"~*/wp-comments-popup.php" 1;
|
||||
"~*/wp-links-opml.php" 1;
|
||||
"~*/wp-locations.php" 1;
|
||||
"~*/wp-.*.php" 1;
|
||||
"~*/xmlrpc.php" 1;
|
||||
"~*/wp-app.php" 1;
|
||||
"~*/wp-login.php" 1;
|
||||
"~*/wp-register.php" 1;
|
||||
"~*/wp-mail.php" 1;
|
||||
}
|
||||
map $query_string $query_no_cache {
|
||||
default 1;
|
||||
"" 0;
|
||||
}
|
||||
map $http_request_no_cache$cookie_no_cache$uri_no_cache$query_no_cache $skip_cache {
|
||||
default 1;
|
||||
0000 0;
|
||||
}
|
|
@ -1,35 +0,0 @@
|
|||
# Common upstream settings
|
||||
upstream php {
|
||||
# server unix:/run/php5-fpm.sock;
|
||||
server 127.0.0.1:9000;
|
||||
}
|
||||
upstream debug {
|
||||
# Debug Pool
|
||||
server 127.0.0.1:9001;
|
||||
}
|
||||
# php7.0-fpm
|
||||
upstream php7 {
|
||||
server 127.0.0.1:9070;
|
||||
}
|
||||
|
||||
upstream debug7 {
|
||||
server 127.0.0.1:9170;
|
||||
}
|
||||
# php7.1-fpm
|
||||
upstream php71 {
|
||||
server 127.0.0.1:9080;
|
||||
}
|
||||
# php7.2-fpm
|
||||
upstream php72 {
|
||||
server 127.0.0.1:9090;
|
||||
}
|
||||
# redis
|
||||
upstream redis {
|
||||
server 127.0.0.1:6379;
|
||||
keepalive 10;
|
||||
}
|
||||
# netdata (optional)
|
||||
upstream netdata {
|
||||
server 127.0.0.1:19999;
|
||||
keepalive 64;
|
||||
}
|
|
@ -1,4 +0,0 @@
|
|||
map $http_accept $webp_suffix {
|
||||
default "";
|
||||
"~*webp" ".webp";
|
||||
}
|
|
@ -1,91 +0,0 @@
|
|||
|
||||
types {
|
||||
text/html html htm shtml;
|
||||
text/css css;
|
||||
text/xml xml;
|
||||
image/gif gif;
|
||||
image/jpeg jpeg jpg;
|
||||
application/javascript js;
|
||||
application/atom+xml atom;
|
||||
application/rss+xml rss;
|
||||
|
||||
text/mathml mml;
|
||||
text/plain txt;
|
||||
text/vnd.sun.j2me.app-descriptor jad;
|
||||
text/vnd.wap.wml wml;
|
||||
text/x-component htc;
|
||||
|
||||
image/png png;
|
||||
image/tiff tif tiff;
|
||||
image/vnd.wap.wbmp wbmp;
|
||||
image/x-icon ico;
|
||||
image/x-jng jng;
|
||||
image/x-ms-bmp bmp;
|
||||
image/svg+xml svg svgz;
|
||||
image/webp webp;
|
||||
|
||||
application/font-woff woff;
|
||||
application/font-woff2 woff2;
|
||||
application/x-font-ttf ttf;
|
||||
application/java-archive jar war ear;
|
||||
application/json json;
|
||||
application/mac-binhex40 hqx;
|
||||
application/msword doc;
|
||||
application/pdf pdf;
|
||||
application/postscript ps eps ai;
|
||||
application/rtf rtf;
|
||||
application/vnd.apple.mpegurl m3u8;
|
||||
application/vnd.ms-excel xls;
|
||||
application/vnd.ms-fontobject eot;
|
||||
application/vnd.ms-powerpoint ppt;
|
||||
application/vnd.wap.wmlc wmlc;
|
||||
application/vnd.google-earth.kml+xml kml;
|
||||
application/vnd.google-earth.kmz kmz;
|
||||
application/x-7z-compressed 7z;
|
||||
application/x-cocoa cco;
|
||||
application/x-java-archive-diff jardiff;
|
||||
application/x-java-jnlp-file jnlp;
|
||||
application/x-makeself run;
|
||||
application/x-perl pl pm;
|
||||
application/x-pilot prc pdb;
|
||||
application/x-rar-compressed rar;
|
||||
application/x-redhat-package-manager rpm;
|
||||
application/x-sea sea;
|
||||
application/x-shockwave-flash swf;
|
||||
application/x-stuffit sit;
|
||||
application/x-tcl tcl tk;
|
||||
application/x-x509-ca-cert der pem crt;
|
||||
application/x-xpinstall xpi;
|
||||
application/xhtml+xml xhtml;
|
||||
application/xspf+xml xspf;
|
||||
application/zip zip;
|
||||
|
||||
application/octet-stream bin exe dll;
|
||||
application/octet-stream deb;
|
||||
application/octet-stream dmg;
|
||||
application/octet-stream iso img;
|
||||
application/octet-stream msi msp msm;
|
||||
|
||||
application/vnd.openxmlformats-officedocument.wordprocessingml.document docx;
|
||||
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx;
|
||||
application/vnd.openxmlformats-officedocument.presentationml.presentation pptx;
|
||||
|
||||
audio/midi mid midi kar;
|
||||
audio/mpeg mp3;
|
||||
audio/ogg ogg;
|
||||
audio/x-m4a m4a;
|
||||
audio/x-realaudio ra;
|
||||
|
||||
video/3gpp 3gpp 3gp;
|
||||
video/mp2t ts;
|
||||
video/mp4 mp4;
|
||||
video/mpeg mpeg mpg;
|
||||
video/quicktime mov;
|
||||
video/webm webm;
|
||||
video/x-flv flv;
|
||||
video/x-m4v m4v;
|
||||
video/x-mng mng;
|
||||
video/x-ms-asf asx asf;
|
||||
video/x-ms-wmv wmv;
|
||||
video/x-msvideo avi;
|
||||
}
|
|
@ -1,167 +0,0 @@
|
|||
user www-data;
|
||||
worker_processes auto;
|
||||
worker_cpu_affinity auto;
|
||||
worker_rlimit_nofile 100000;
|
||||
pid /run/nginx.pid;
|
||||
|
||||
events
|
||||
{
|
||||
worker_connections 16384;
|
||||
multi_accept on;
|
||||
use epoll;
|
||||
}
|
||||
|
||||
http
|
||||
{
|
||||
##
|
||||
# EasyEngine Settings
|
||||
##
|
||||
|
||||
sendfile on;
|
||||
sendfile_max_chunk 512k;
|
||||
|
||||
tcp_nopush on;
|
||||
tcp_nodelay on;
|
||||
|
||||
keepalive_timeout 8;
|
||||
keepalive_requests 500;
|
||||
|
||||
lingering_time 20s;
|
||||
lingering_timeout 5s;
|
||||
|
||||
server_tokens off;
|
||||
reset_timedout_connection on;
|
||||
add_header X-Powered-By "EasyEngine v3.8.1 - Optimized by VirtuBox";
|
||||
add_header rt-Fastcgi-Cache $upstream_cache_status;
|
||||
|
||||
# Limit Request
|
||||
limit_req_status 403;
|
||||
limit_req_zone $remote_addr_ipscrub zone=one:10m rate=1r/s;
|
||||
|
||||
#Simple DOS mitigation
|
||||
##Max c/s by ip
|
||||
#limit_conn_zone $binary_remote_addr zone=limit_per_ip:10m;
|
||||
#limit_conn limit_per_ip 80;
|
||||
|
||||
##Max rq/s by ip
|
||||
#limit_req_zone $binary_remote_addr zone=allips:10m rate=400r/s;
|
||||
#limit_req zone=allips burst=400 nodelay;
|
||||
|
||||
# Proxy Settings
|
||||
# set_real_ip_from proxy-server-ip;
|
||||
# real_ip_header X-Forwarded-For;
|
||||
|
||||
fastcgi_read_timeout 300;
|
||||
client_max_body_size 100m;
|
||||
|
||||
#See - https://www.nginx.com/blog/thread-pools-boost-performance-9x/
|
||||
aio threads;
|
||||
|
||||
# tls dynamic records patch directive
|
||||
ssl_dyn_rec_enable on;
|
||||
|
||||
# nginx-vts-status module
|
||||
vhost_traffic_status_zone;
|
||||
|
||||
resolver 8.8.8.8 1.1.1.1 valid=300s;
|
||||
resolver_timeout 10;
|
||||
|
||||
##
|
||||
# GeoIP module configuration, before removing comments
|
||||
# read the tutorial : https://gist.github.com/VirtuBox/9ed03c9bd9169202c358a8be181b7840
|
||||
##
|
||||
#geoip_country /usr/share/GeoIP/GeoIP.dat;
|
||||
#geoip_city /usr/share/GeoIP/GeoIPCity.dat;
|
||||
|
||||
##
|
||||
# SSL Settings
|
||||
##
|
||||
# intermediate configuration. tweak to your needs.
|
||||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
|
||||
ssl_ciphers 'TLS13+AESGCM+AES128:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
|
||||
ssl_prefer_server_ciphers on;
|
||||
ssl_session_cache shared:SSL:50m;
|
||||
ssl_session_timeout 1d;
|
||||
ssl_session_tickets off;
|
||||
ssl_ecdh_curve X25519:sect571r1:secp521r1:secp384r1;
|
||||
|
||||
##Common headers for security
|
||||
more_set_headers "X-Frame-Options : SAMEORIGIN";
|
||||
more_set_headers "X-Xss-Protection : 1; mode=block";
|
||||
more_set_headers "X-Content-Type-Options : nosniff";
|
||||
more_set_headers "Referrer-Policy : strict-origin-when-cross-origin";
|
||||
|
||||
##
|
||||
# Basic Settings
|
||||
##
|
||||
# server_names_hash_bucket_size 64;
|
||||
# server_name_in_redirect off;
|
||||
|
||||
include /etc/nginx/mime.types;
|
||||
default_type application/octet-stream;
|
||||
|
||||
##
|
||||
# Logging Settings
|
||||
# access_log disabled for performance
|
||||
##
|
||||
|
||||
access_log off;
|
||||
error_log /var/log/nginx/error.log;
|
||||
|
||||
# Log format Settings
|
||||
log_format rt_cache '$remote_addr_ipscrub $upstream_response_time $upstream_cache_status [$time_local] '
|
||||
'$http_host "$request" $status $body_bytes_sent '
|
||||
'"$http_referer" "$http_user_agent" $server_protocol';
|
||||
|
||||
# ipscrub settings
|
||||
ipscrub_period_seconds 3600;
|
||||
|
||||
##
|
||||
# Gzip Settings
|
||||
##
|
||||
|
||||
gzip on;
|
||||
gzip_disable "msie6";
|
||||
|
||||
gzip_vary on;
|
||||
gzip_proxied any;
|
||||
gzip_comp_level 6;
|
||||
gzip_buffers 16 8k;
|
||||
gzip_http_version 1.1;
|
||||
gzip_types
|
||||
application/atom+xml
|
||||
application/javascript
|
||||
application/json
|
||||
application/rss+xml
|
||||
application/vnd.ms-fontobject
|
||||
application/x-font-ttf
|
||||
application/x-web-app-manifest+json
|
||||
application/xhtml+xml
|
||||
application/xml
|
||||
font/opentype
|
||||
image/svg+xml
|
||||
image/x-icon
|
||||
text/css
|
||||
text/plain
|
||||
text/x-component
|
||||
text/xml
|
||||
text/javascript;
|
||||
|
||||
##
|
||||
# Brotli Settings
|
||||
##
|
||||
|
||||
brotli on;
|
||||
brotli_static on;
|
||||
brotli_buffers 16 8k;
|
||||
brotli_comp_level 6;
|
||||
brotli_types *;
|
||||
|
||||
|
||||
##
|
||||
# Virtual Host Configs
|
||||
##
|
||||
include /etc/nginx/conf.d/*.conf;
|
||||
include /etc/nginx/sites-enabled/*;
|
||||
}
|
||||
|
|
@ -1,186 +0,0 @@
|
|||
user www-data;
|
||||
worker_processes auto;
|
||||
worker_cpu_affinity auto;
|
||||
worker_rlimit_nofile 100000;
|
||||
pid /run/nginx.pid;
|
||||
|
||||
events
|
||||
{
|
||||
worker_connections 16384;
|
||||
multi_accept on;
|
||||
use epoll;
|
||||
}
|
||||
|
||||
http
|
||||
{
|
||||
##
|
||||
# EasyEngine Settings
|
||||
##
|
||||
|
||||
sendfile on;
|
||||
sendfile_max_chunk 512k;
|
||||
|
||||
tcp_nopush on;
|
||||
tcp_nodelay on;
|
||||
|
||||
keepalive_timeout 8;
|
||||
keepalive_requests 500;
|
||||
|
||||
lingering_time 20s;
|
||||
lingering_timeout 5s;
|
||||
|
||||
server_tokens off;
|
||||
reset_timedout_connection on;
|
||||
add_header X-Powered-By "EasyEngine v3.8.1 - Optimized by VirtuBox";
|
||||
add_header rt-Fastcgi-Cache $upstream_cache_status;
|
||||
|
||||
# Limit Request
|
||||
limit_req_status 403;
|
||||
limit_req_zone $remote_addr_ipscrub zone=one:10m rate=1r/s;
|
||||
|
||||
#Simple DOS mitigation
|
||||
##Max c/s by ip
|
||||
#limit_conn_zone $binary_remote_addr zone=limit_per_ip:10m;
|
||||
#limit_conn limit_per_ip 80;
|
||||
|
||||
##Max rq/s by ip
|
||||
#limit_req_zone $binary_remote_addr zone=allips:10m rate=400r/s;
|
||||
#limit_req zone=allips burst=400 nodelay;
|
||||
|
||||
# Proxy Settings
|
||||
# set_real_ip_from proxy-server-ip;
|
||||
# real_ip_header X-Forwarded-For;
|
||||
|
||||
fastcgi_read_timeout 120s;
|
||||
client_max_body_size 100m;
|
||||
|
||||
#See - https://www.nginx.com/blog/thread-pools-boost-performance-9x/
|
||||
aio threads;
|
||||
|
||||
# tls dynamic records patch directive
|
||||
ssl_dyn_rec_enable on;
|
||||
|
||||
# nginx-vts-status module
|
||||
vhost_traffic_status_zone;
|
||||
|
||||
resolver 8.8.8.8 1.1.1.1 valid=300s;
|
||||
resolver_timeout 10;
|
||||
|
||||
##
|
||||
# GeoIP module configuration, before removing comments
|
||||
# read the tutorial : https://gist.github.com/VirtuBox/9ed03c9bd9169202c358a8be181b7840
|
||||
##
|
||||
#geoip_country /usr/share/GeoIP/GeoIP.dat;
|
||||
#geoip_city /usr/share/GeoIP/GeoIPCity.dat;
|
||||
|
||||
##
|
||||
# SSL Settings
|
||||
##
|
||||
ssl_protocols TLSv1.2;
|
||||
ssl_ciphers 'EECDH+CHACHA20:EECDH+AESGCM';
|
||||
ssl_prefer_server_ciphers on;
|
||||
ssl_session_cache shared:SSL:50m;
|
||||
ssl_session_timeout 1d;
|
||||
ssl_session_tickets off;
|
||||
ssl_ecdh_curve X25519:P-521:P-384:P-256;
|
||||
|
||||
##Common headers for security
|
||||
more_set_headers "X-Frame-Options : SAMEORIGIN";
|
||||
more_set_headers "X-Xss-Protection : 1; mode=block";
|
||||
more_set_headers "X-Content-Type-Options : nosniff";
|
||||
more_set_headers "Referrer-Policy : strict-origin-when-cross-origin";
|
||||
##
|
||||
# Basic Settings
|
||||
##
|
||||
# server_names_hash_bucket_size 64;
|
||||
# server_name_in_redirect off;
|
||||
|
||||
include /etc/nginx/mime.types;
|
||||
default_type application/octet-stream;
|
||||
|
||||
##
|
||||
# Logging Settings
|
||||
# access_log disabled for performance
|
||||
##
|
||||
|
||||
access_log off;
|
||||
error_log /var/log/nginx/error.log;
|
||||
|
||||
# Log format Settings
|
||||
log_format rt_cache '$remote_addr_ipscrub $upstream_response_time $upstream_cache_status [$time_local] '
|
||||
'$http_host "$request" $status $body_bytes_sent '
|
||||
'"$http_referer" "$http_user_agent" $server_protocol';
|
||||
|
||||
# ipscrub settings
|
||||
ipscrub_period_seconds 3600;
|
||||
|
||||
##
|
||||
# Gzip Settings
|
||||
##
|
||||
|
||||
gzip on;
|
||||
gzip_disable "msie6";
|
||||
|
||||
gzip_vary on;
|
||||
gzip_proxied any;
|
||||
gzip_comp_level 6;
|
||||
gzip_buffers 16 8k;
|
||||
gzip_http_version 1.1;
|
||||
gzip_types
|
||||
application/atom+xml
|
||||
application/javascript
|
||||
application/json
|
||||
application/rss+xml
|
||||
application/vnd.ms-fontobject
|
||||
application/x-font-ttf
|
||||
application/x-web-app-manifest+json
|
||||
application/xhtml+xml
|
||||
application/xml
|
||||
font/opentype
|
||||
image/svg+xml
|
||||
image/x-icon
|
||||
text/css
|
||||
text/plain
|
||||
text/x-component
|
||||
text/xml
|
||||
text/javascript;
|
||||
|
||||
##
|
||||
# Brotli Settings
|
||||
##
|
||||
|
||||
brotli on;
|
||||
brotli_static on;
|
||||
brotli_buffers 16 8k;
|
||||
brotli_comp_level 6;
|
||||
brotli_types *;
|
||||
|
||||
|
||||
##
|
||||
# Virtual Host Configs
|
||||
##
|
||||
include /etc/nginx/conf.d/*.conf;
|
||||
include /etc/nginx/sites-enabled/*;
|
||||
}
|
||||
|
||||
|
||||
#mail {
|
||||
# # See sample authentication script at:
|
||||
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
|
||||
#
|
||||
# # auth_http localhost/auth.php;
|
||||
# # pop3_capabilities "TOP" "USER";
|
||||
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
|
||||
#
|
||||
# server {
|
||||
# listen localhost:110;
|
||||
# protocol pop3;
|
||||
# proxy on;
|
||||
# }
|
||||
#
|
||||
# server {
|
||||
# listen localhost:143;
|
||||
# protocol imap;
|
||||
# proxy on;
|
||||
# }
|
||||
#}
|
|
@ -1,188 +0,0 @@
|
|||
user www-data;
|
||||
worker_processes auto;
|
||||
worker_cpu_affinity auto;
|
||||
worker_rlimit_nofile 100000;
|
||||
pid /run/nginx.pid;
|
||||
|
||||
events
|
||||
{
|
||||
worker_connections 16384;
|
||||
multi_accept on;
|
||||
use epoll;
|
||||
}
|
||||
|
||||
http
|
||||
{
|
||||
##
|
||||
# EasyEngine Settings
|
||||
##
|
||||
|
||||
sendfile on;
|
||||
sendfile_max_chunk 512k;
|
||||
|
||||
tcp_nopush on;
|
||||
tcp_nodelay on;
|
||||
|
||||
keepalive_timeout 8;
|
||||
keepalive_requests 500;
|
||||
|
||||
lingering_time 20s;
|
||||
lingering_timeout 5s;
|
||||
|
||||
server_tokens off;
|
||||
reset_timedout_connection on;
|
||||
add_header X-Powered-By "EasyEngine v3.8.1 - Optimized by VirtuBox";
|
||||
add_header rt-Fastcgi-Cache $upstream_cache_status;
|
||||
|
||||
# Limit Request
|
||||
limit_req_status 403;
|
||||
limit_req_zone $remote_addr_ipscrub zone=one:10m rate=1r/s;
|
||||
|
||||
#Simple DOS mitigation
|
||||
##Max c/s by ip
|
||||
#limit_conn_zone $binary_remote_addr zone=limit_per_ip:10m;
|
||||
#limit_conn limit_per_ip 80;
|
||||
|
||||
##Max rq/s by ip
|
||||
#limit_req_zone $binary_remote_addr zone=allips:10m rate=400r/s;
|
||||
#limit_req zone=allips burst=400 nodelay;
|
||||
|
||||
# Proxy Settings
|
||||
# set_real_ip_from proxy-server-ip;
|
||||
# real_ip_header X-Forwarded-For;
|
||||
|
||||
fastcgi_read_timeout 120s;
|
||||
client_max_body_size 100m;
|
||||
|
||||
#See - https://www.nginx.com/blog/thread-pools-boost-performance-9x/
|
||||
aio threads;
|
||||
|
||||
# tls dynamic records patch directive
|
||||
ssl_dyn_rec_enable on;
|
||||
|
||||
# nginx-vts-status module
|
||||
vhost_traffic_status_zone;
|
||||
|
||||
# dns resolver for oscp
|
||||
resolver 8.8.8.8 1.1.1.1 valid=300s;
|
||||
resolver_timeout 10;
|
||||
|
||||
##
|
||||
# GeoIP module configuration, before removing comments
|
||||
# read the tutorial : https://gist.github.com/VirtuBox/9ed03c9bd9169202c358a8be181b7840
|
||||
##
|
||||
#geoip_country /usr/share/GeoIP/GeoIP.dat;
|
||||
#geoip_city /usr/share/GeoIP/GeoIPCity.dat;
|
||||
|
||||
##
|
||||
# SSL Settings
|
||||
##
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_ciphers 'TLS13+AESGCM+AES128:EECDH+AES128';
|
||||
ssl_prefer_server_ciphers on;
|
||||
ssl_session_cache shared:SSL:50m;
|
||||
ssl_session_timeout 1d;
|
||||
ssl_session_tickets off;
|
||||
ssl_ecdh_curve X25519:sect571r1:secp521r1:secp384r1;
|
||||
|
||||
##Common headers for security
|
||||
more_set_headers "X-Frame-Options : SAMEORIGIN";
|
||||
more_set_headers "X-Xss-Protection : 1; mode=block";
|
||||
more_set_headers "X-Content-Type-Options : nosniff";
|
||||
more_set_headers "Referrer-Policy : strict-origin-when-cross-origin";
|
||||
|
||||
##
|
||||
# Basic Settings
|
||||
##
|
||||
# server_names_hash_bucket_size 64;
|
||||
# server_name_in_redirect off;
|
||||
|
||||
include /etc/nginx/mime.types;
|
||||
default_type application/octet-stream;
|
||||
|
||||
##
|
||||
# Logging Settings
|
||||
# access_log disabled for performance
|
||||
##
|
||||
|
||||
access_log off;
|
||||
error_log /var/log/nginx/error.log;
|
||||
|
||||
# Log format Settings
|
||||
log_format rt_cache '$remote_addr_ipscrub $upstream_response_time $upstream_cache_status [$time_local] '
|
||||
'$http_host "$request" $status $body_bytes_sent '
|
||||
'"$http_referer" "$http_user_agent" $server_protocol';
|
||||
|
||||
# ipscrub settings
|
||||
ipscrub_period_seconds 3600;
|
||||
|
||||
##
|
||||
# Gzip Settings
|
||||
##
|
||||
|
||||
gzip on;
|
||||
gzip_disable "msie6";
|
||||
|
||||
gzip_vary on;
|
||||
gzip_proxied any;
|
||||
gzip_comp_level 6;
|
||||
gzip_buffers 16 8k;
|
||||
gzip_http_version 1.1;
|
||||
gzip_types
|
||||
application/atom+xml
|
||||
application/javascript
|
||||
application/json
|
||||
application/rss+xml
|
||||
application/vnd.ms-fontobject
|
||||
application/x-font-ttf
|
||||
application/x-web-app-manifest+json
|
||||
application/xhtml+xml
|
||||
application/xml
|
||||
font/opentype
|
||||
image/svg+xml
|
||||
image/x-icon
|
||||
text/css
|
||||
text/plain
|
||||
text/x-component
|
||||
text/xml
|
||||
text/javascript;
|
||||
|
||||
##
|
||||
# Brotli Settings
|
||||
##
|
||||
|
||||
brotli on;
|
||||
brotli_static on;
|
||||
brotli_buffers 16 8k;
|
||||
brotli_comp_level 6;
|
||||
brotli_types *;
|
||||
|
||||
|
||||
##
|
||||
# Virtual Host Configs
|
||||
##
|
||||
include /etc/nginx/conf.d/*.conf;
|
||||
include /etc/nginx/sites-enabled/*;
|
||||
}
|
||||
|
||||
|
||||
#mail {
|
||||
# # See sample authentication script at:
|
||||
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
|
||||
#
|
||||
# # auth_http localhost/auth.php;
|
||||
# # pop3_capabilities "TOP" "USER";
|
||||
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
|
||||
#
|
||||
# server {
|
||||
# listen localhost:110;
|
||||
# protocol pop3;
|
||||
# proxy on;
|
||||
# }
|
||||
#
|
||||
# server {
|
||||
# listen localhost:143;
|
||||
# protocol imap;
|
||||
# proxy on;
|
||||
# }
|
||||
#}
|
|
@ -1,13 +0,0 @@
|
|||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
||||
proxy_buffering on;
|
||||
proxy_buffer_size 128k;
|
||||
proxy_buffers 256 16k;
|
||||
proxy_busy_buffers_size 256k;
|
||||
proxy_temp_file_write_size 256k;
|
||||
proxy_max_temp_file_size 0;
|
||||
proxy_read_timeout 3000;
|
||||
proxy_send_timeout 3000;
|
|
@ -1,90 +0,0 @@
|
|||
# EasyEngine admin NGINX CONFIGURATION
|
||||
|
||||
server {
|
||||
|
||||
listen 22222 default_server ssl http2;
|
||||
|
||||
access_log off;
|
||||
error_log /var/log/nginx/22222.error.log;
|
||||
|
||||
ssl_certificate /var/www/22222/cert/22222.crt;
|
||||
ssl_certificate_key /var/www/22222/cert/22222.key;
|
||||
|
||||
# Force HTTP to HTTPS
|
||||
error_page 497 =200 https://$host:22222$request_uri;
|
||||
|
||||
root /var/www/22222/htdocs;
|
||||
index index.php index.htm index.html;
|
||||
|
||||
# Turn on directory listing
|
||||
autoindex on;
|
||||
|
||||
# HTTP Authentication on port 22222
|
||||
include common/acl.conf;
|
||||
|
||||
location / {
|
||||
try_files $uri $uri/ /index.php?$args;
|
||||
}
|
||||
|
||||
# nginx-vts-status
|
||||
location /vts_status {
|
||||
vhost_traffic_status_display;
|
||||
vhost_traffic_status_display_format html;
|
||||
}
|
||||
|
||||
# Display menu at location /fpm/status/
|
||||
location = /fpm/status/ {}
|
||||
|
||||
location ~ /fpm/status/(.*) {
|
||||
try_files $uri =404;
|
||||
include fastcgi_params;
|
||||
fastcgi_param SCRIPT_NAME /status;
|
||||
fastcgi_pass $1;
|
||||
}
|
||||
|
||||
location ~ \.php$ {
|
||||
try_files $uri =404;
|
||||
include fastcgi_params;
|
||||
fastcgi_pass php7;
|
||||
}
|
||||
|
||||
# ViMbAdmin Rules
|
||||
location = /vimbadmin/ {
|
||||
return 301 $scheme://$host:22222/vimbadmin/public/;
|
||||
}
|
||||
|
||||
|
||||
|
||||
location ~* /vimbadmin/public/(.*)/(.*) {
|
||||
root /var/www/22222/htdocs/vimbadmin/public;
|
||||
try_files $uri $uri/ /vimbadmin/public/index.php?$args;
|
||||
}
|
||||
|
||||
location ~* /vimbadmin/public/(.*) {
|
||||
root /var/www/22222/htdocs/vimbadmin/public;
|
||||
try_files $uri $uri/ /vimbadmin/public/index.php?$args;
|
||||
}
|
||||
|
||||
location /netdata {
|
||||
return 301 /netdata/;
|
||||
}
|
||||
|
||||
location ~ /netdata/(?<ndpath>.*) {
|
||||
proxy_redirect off;
|
||||
proxy_set_header Host $host;
|
||||
|
||||
proxy_set_header X-Forwarded-Host $host;
|
||||
proxy_set_header X-Forwarded-Server $host;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_http_version 1.1;
|
||||
proxy_pass_request_headers on;
|
||||
proxy_set_header Connection "keep-alive";
|
||||
proxy_store off;
|
||||
proxy_pass http://netdata/$ndpath$is_args$args;
|
||||
|
||||
gzip on;
|
||||
gzip_proxied any;
|
||||
gzip_types *;
|
||||
}
|
||||
|
||||
}
|
|
@ -1,112 +0,0 @@
|
|||
##
|
||||
# You should look at the following URL's in order to grasp a solid understanding
|
||||
# of Nginx configuration files in order to fully unleash the power of Nginx.
|
||||
# http://wiki.nginx.org/Pitfalls
|
||||
# http://wiki.nginx.org/QuickStart
|
||||
# http://wiki.nginx.org/Configuration
|
||||
#
|
||||
# Generally, you will want to move this file somewhere, and start with a clean
|
||||
# file but keep this around for reference. Or just disable in sites-enabled.
|
||||
#
|
||||
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
|
||||
##
|
||||
|
||||
# Default server configuration
|
||||
#
|
||||
|
||||
server {
|
||||
listen 80 default_server;
|
||||
listen [::]:80 default_server;
|
||||
|
||||
# SSL configuration
|
||||
#
|
||||
# listen 443 ssl default_server;
|
||||
# listen [::]:443 ssl default_server;
|
||||
#
|
||||
# Self signed certs generated by the ssl-cert package
|
||||
# Don't use them in a production server!
|
||||
# include snippets/snakeoil.conf;
|
||||
#
|
||||
# ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # don’t use SSLv3 ref: POODLE
|
||||
# ssl_ciphers HIGH:!aNULL:!MD5;
|
||||
# ssl_prefer_server_ciphers on;
|
||||
|
||||
root /var/www/html;
|
||||
|
||||
# Add index.php to the list if you are using PHP
|
||||
index index.html index.htm index.nginx-debian.html;
|
||||
|
||||
server_name _;
|
||||
|
||||
access_log off;
|
||||
error_log /var/log/nginx/default.error.log;
|
||||
|
||||
location / {
|
||||
# First attempt to serve request as file, then
|
||||
# as directory, then fall back to displaying a 404.
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
|
||||
location /stub_status {
|
||||
stub_status on;
|
||||
access_log off;
|
||||
allow 127.0.0.1;
|
||||
deny all;
|
||||
}
|
||||
|
||||
|
||||
# Status pages
|
||||
location /nginx_status {
|
||||
stub_status on;
|
||||
access_log off;
|
||||
allow 127.0.0.1;
|
||||
deny all;
|
||||
}
|
||||
|
||||
# phpfpm pool monitoring
|
||||
location ~ ^/(status|ping) {
|
||||
include fastcgi_params;
|
||||
fastcgi_pass php7;
|
||||
include common/acl.conf;
|
||||
}
|
||||
|
||||
|
||||
|
||||
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
|
||||
#
|
||||
#location ~ \.php$ {
|
||||
# include snippets/fastcgi-php.conf;
|
||||
#
|
||||
# # With php5-cgi alone:
|
||||
# fastcgi_pass 127.0.0.1:9000;
|
||||
# # With php5-fpm:
|
||||
# fastcgi_pass unix:/var/run/php5-fpm.sock;
|
||||
#}
|
||||
|
||||
# deny access to .htaccess files, if Apache's document root
|
||||
# concurs with nginx's one
|
||||
#
|
||||
#location ~ /\.ht {
|
||||
# deny all;
|
||||
#}
|
||||
}
|
||||
|
||||
|
||||
# Virtual Host configuration for example.com
|
||||
#
|
||||
# You can move that to a different file under sites-available/ and symlink that
|
||||
# to sites-enabled/ to enable it.
|
||||
#
|
||||
#server {
|
||||
# listen 80;
|
||||
# listen [::]:80;
|
||||
#
|
||||
# server_name example.com;
|
||||
#
|
||||
# root /var/www/example.com;
|
||||
# index index.html;
|
||||
#
|
||||
# location / {
|
||||
# try_files $uri $uri/ =404;
|
||||
# }
|
||||
#}
|
|
@ -1,72 +0,0 @@
|
|||
# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help
|
||||
|
||||
driftfile /var/lib/ntp/ntp.drift
|
||||
|
||||
# Enable this if you want statistics to be logged.
|
||||
#statsdir /var/log/ntpstats/
|
||||
|
||||
statistics loopstats peerstats clockstats
|
||||
filegen loopstats file loopstats type day enable
|
||||
filegen peerstats file peerstats type day enable
|
||||
filegen clockstats file clockstats type day enable
|
||||
|
||||
# Specify one or more NTP servers.
|
||||
|
||||
# Use servers from the NTP Pool Project. Approved by Ubuntu Technical Board
|
||||
# on 2011-02-08 (LP: #104525). See http://www.pool.ntp.org/join.html for
|
||||
# more information.
|
||||
#pool 0.ubuntu.pool.ntp.org iburst
|
||||
#pool 1.ubuntu.pool.ntp.org iburst
|
||||
#pool 2.ubuntu.pool.ntp.org iburst
|
||||
#pool 3.ubuntu.pool.ntp.org iburst
|
||||
|
||||
server 0.fr.pool.ntp.org
|
||||
server 1.fr.pool.ntp.org
|
||||
server 2.fr.pool.ntp.org
|
||||
server 3.fr.pool.ntp.org
|
||||
|
||||
|
||||
# Use Ubuntu's ntp server as a fallback.
|
||||
#pool ntp.ubuntu.com
|
||||
|
||||
# Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for
|
||||
# details. The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions>
|
||||
# might also be helpful.
|
||||
#
|
||||
# Note that "restrict" applies to both servers and clients, so a configuration
|
||||
# that might be intended to block requests from certain clients could also end
|
||||
# up blocking replies from your own upstream servers.
|
||||
|
||||
# By default, exchange time with everybody, but don't allow configuration.
|
||||
restrict -4 default kod notrap nomodify nopeer noquery limited
|
||||
restrict -6 default kod notrap nomodify nopeer noquery limited
|
||||
|
||||
# Local users may interrogate the ntp server more closely.
|
||||
restrict 127.0.0.1
|
||||
restrict ::1
|
||||
|
||||
# Needed for adding pool entries
|
||||
restrict source notrap nomodify noquery
|
||||
|
||||
# Clients from this (example!) subnet have unlimited access, but only if
|
||||
# cryptographically authenticated.
|
||||
#restrict 192.168.123.0 mask 255.255.255.0 notrust
|
||||
|
||||
|
||||
# If you want to provide time to your local subnet, change the next line.
|
||||
# (Again, the address is an example only.)
|
||||
#broadcast 192.168.123.255
|
||||
|
||||
# If you want to listen to time broadcasts on your local subnet, de-comment the
|
||||
# next lines. Please do this only if you trust everybody on the network!
|
||||
#disable auth
|
||||
#broadcastclient
|
||||
|
||||
#Changes recquired to use pps synchonisation as explained in documentation:
|
||||
#http://www.ntp.org/ntpfaq/NTP-s-config-adv.htm#AEN3918
|
||||
|
||||
#server 127.127.8.1 mode 135 prefer # Meinberg GPS167 with PPS
|
||||
#fudge 127.127.8.1 time1 0.0042 # relative to PPS for my hardware
|
||||
|
||||
#server 127.127.22.1 # ATOM(PPS)
|
||||
#fudge 127.127.22.1 flag3 1 # enable PPS API
|
|
@ -1,191 +0,0 @@
|
|||
[PHP]
|
||||
engine = On
|
||||
short_open_tag = Off
|
||||
precision = 14
|
||||
output_buffering = 8096
|
||||
zlib.output_compression = Off
|
||||
implicit_flush = Off
|
||||
unserialize_callback_func =
|
||||
serialize_precision = 17
|
||||
disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,
|
||||
disable_classes =
|
||||
zend.enable_gc = On
|
||||
expose_php = Off
|
||||
max_execution_time = 300
|
||||
max_input_time = 600
|
||||
max_input_vars = 10000
|
||||
memory_limit = -1
|
||||
error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
|
||||
display_errors = Off
|
||||
display_startup_errors = Off
|
||||
log_errors = On
|
||||
log_errors_max_len = 1024
|
||||
ignore_repeated_errors = Off
|
||||
ignore_repeated_source = Off
|
||||
report_memleaks = On
|
||||
track_errors = Off
|
||||
html_errors = On
|
||||
variables_order = "GPCS"
|
||||
request_order = "GP"
|
||||
register_argc_argv = Off
|
||||
auto_globals_jit = On
|
||||
post_max_size = 128M
|
||||
auto_prepend_file =
|
||||
auto_append_file =
|
||||
default_mimetype = "text/html"
|
||||
default_charset = "UTF-8"
|
||||
doc_root =
|
||||
user_dir =
|
||||
enable_dl = Off
|
||||
file_uploads = On
|
||||
upload_max_filesize = 128M
|
||||
max_file_uploads = 20
|
||||
allow_url_fopen = On
|
||||
allow_url_include = Off
|
||||
default_socket_timeout = 60
|
||||
|
||||
[CLI Server]
|
||||
cli_server.color = On
|
||||
|
||||
[Date]
|
||||
date.timezone = Europe/Paris
|
||||
|
||||
[filter]
|
||||
|
||||
[iconv]
|
||||
|
||||
[intl]
|
||||
|
||||
[sqlite3]
|
||||
|
||||
[Pcre]
|
||||
|
||||
[Pdo]
|
||||
|
||||
[Pdo_mysql]
|
||||
pdo_mysql.cache_size = 2000
|
||||
pdo_mysql.default_socket =
|
||||
|
||||
[Phar]
|
||||
|
||||
[mail function]
|
||||
smtp = localhost
|
||||
smtp_port = 25
|
||||
mail.add_x_header = On
|
||||
|
||||
[SQL]
|
||||
sql.safe_mode = Off
|
||||
|
||||
[ODBC]
|
||||
odbc.allow_persistent = On
|
||||
odbc.check_persistent = On
|
||||
odbc.max_persistent = -1
|
||||
odbc.max_links = -1
|
||||
odbc.defaultlrl = 4096
|
||||
odbc.defaultbinmode = 1
|
||||
|
||||
[Interbase]
|
||||
ibase.allow_persistent = 1
|
||||
ibase.max_persistent = -1
|
||||
ibase.max_links = -1
|
||||
ibase.timestampformat = "%Y-%m-%d %H:%M:%S"
|
||||
ibase.dateformat = "%Y-%m-%d"
|
||||
ibase.timeformat = "%H:%M:%S"
|
||||
|
||||
[MySQLi]
|
||||
mysqli.max_persistent = -1
|
||||
mysqli.allow_persistent = On
|
||||
mysqli.max_links = -1
|
||||
mysqli.cache_size = 2000
|
||||
mysqli.default_port = 3306
|
||||
mysqli.default_socket =
|
||||
mysqli.default_host =
|
||||
mysqli.default_user =
|
||||
mysqli.default_pw =
|
||||
mysqli.reconnect = Off
|
||||
|
||||
[mysqlnd]
|
||||
mysqlnd.collect_statistics = On
|
||||
mysqlnd.collect_memory_statistics = Off
|
||||
|
||||
[OCI8]
|
||||
|
||||
[OCI8]
|
||||
|
||||
[PostgreSQL]
|
||||
pgsql.allow_persistent = On
|
||||
pgsql.auto_reset_persistent = Off
|
||||
pgsql.max_persistent = -1
|
||||
pgsql.max_links = -1
|
||||
pgsql.ignore_notice = 0
|
||||
pgsql.log_notice = 0
|
||||
|
||||
[bcmath]
|
||||
bcmath.scale = 0
|
||||
|
||||
[browscap]
|
||||
|
||||
[Session]
|
||||
session.save_handler = files
|
||||
session.use_strict_mode = 0
|
||||
session.use_cookies = 1
|
||||
session.use_only_cookies = 1
|
||||
session.name = PHPSESSID
|
||||
session.auto_start = 0
|
||||
session.cookie_lifetime = 0
|
||||
session.cookie_path = /
|
||||
session.cookie_domain =
|
||||
session.cookie_httponly =
|
||||
session.serialize_handler = php
|
||||
session.gc_probability = 0
|
||||
session.gc_divisor = 1000
|
||||
session.gc_maxlifetime = 1440
|
||||
session.referer_check =
|
||||
session.cache_limiter = nocache
|
||||
session.cache_expire = 180
|
||||
session.use_trans_sid = 0
|
||||
|
||||
url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"
|
||||
|
||||
[Assertion]
|
||||
zend.assertions = -1
|
||||
|
||||
[COM]
|
||||
|
||||
[mbstring]
|
||||
|
||||
[gd]
|
||||
|
||||
[exif]
|
||||
|
||||
[Tidy]
|
||||
tidy.clean_output = Off
|
||||
|
||||
[soap]
|
||||
soap.wsdl_cache_enabled = 1
|
||||
soap.wsdl_cache_dir = "/tmp"
|
||||
soap.wsdl_cache_ttl = 86400
|
||||
soap.wsdl_cache_limit = 5
|
||||
|
||||
[sysvshm]
|
||||
|
||||
[ldap]
|
||||
ldap.max_links = -1
|
||||
|
||||
[mcrypt]
|
||||
|
||||
[dba]
|
||||
|
||||
[opcache]
|
||||
opcache.enable=1
|
||||
opcache.enable_cli=1
|
||||
opcache.interned_strings_buffer=8
|
||||
opcache.max_accelerated_files=10000
|
||||
opcache.memory_consumption=256
|
||||
opcache.save_comments=1
|
||||
opcache.revalidate_freq=1
|
||||
|
||||
|
||||
[curl]
|
||||
|
||||
[openssl]
|
|
@ -1,191 +0,0 @@
|
|||
[PHP]
|
||||
engine = On
|
||||
short_open_tag = Off
|
||||
precision = 14
|
||||
output_buffering = 8096
|
||||
zlib.output_compression = Off
|
||||
implicit_flush = Off
|
||||
unserialize_callback_func =
|
||||
serialize_precision = 17
|
||||
disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,
|
||||
disable_classes =
|
||||
zend.enable_gc = On
|
||||
expose_php = Off
|
||||
max_execution_time = 300
|
||||
max_input_time = 600
|
||||
max_input_vars = 10000
|
||||
memory_limit = 256M
|
||||
error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
|
||||
display_errors = Off
|
||||
display_startup_errors = Off
|
||||
log_errors = On
|
||||
log_errors_max_len = 1024
|
||||
ignore_repeated_errors = Off
|
||||
ignore_repeated_source = Off
|
||||
report_memleaks = On
|
||||
track_errors = Off
|
||||
html_errors = On
|
||||
variables_order = "GPCS"
|
||||
request_order = "GP"
|
||||
register_argc_argv = Off
|
||||
auto_globals_jit = On
|
||||
post_max_size = 128M
|
||||
auto_prepend_file =
|
||||
auto_append_file =
|
||||
default_mimetype = "text/html"
|
||||
default_charset = "UTF-8"
|
||||
doc_root =
|
||||
user_dir =
|
||||
enable_dl = Off
|
||||
file_uploads = On
|
||||
upload_max_filesize = 128M
|
||||
max_file_uploads = 20
|
||||
allow_url_fopen = On
|
||||
allow_url_include = Off
|
||||
default_socket_timeout = 60
|
||||
|
||||
[CLI Server]
|
||||
cli_server.color = On
|
||||
|
||||
[Date]
|
||||
date.timezone = Europe/Paris
|
||||
|
||||
[filter]
|
||||
|
||||
[iconv]
|
||||
|
||||
[intl]
|
||||
|
||||
[sqlite3]
|
||||
|
||||
[Pcre]
|
||||
|
||||
[Pdo]
|
||||
|
||||
[Pdo_mysql]
|
||||
pdo_mysql.cache_size = 2000
|
||||
pdo_mysql.default_socket =
|
||||
|
||||
[Phar]
|
||||
|
||||
[mail function]
|
||||
smtp = localhost
|
||||
smtp_port = 25
|
||||
mail.add_x_header = On
|
||||
|
||||
[SQL]
|
||||
sql.safe_mode = Off
|
||||
|
||||
[ODBC]
|
||||
odbc.allow_persistent = On
|
||||
odbc.check_persistent = On
|
||||
odbc.max_persistent = -1
|
||||
odbc.max_links = -1
|
||||
odbc.defaultlrl = 4096
|
||||
odbc.defaultbinmode = 1
|
||||
|
||||
[Interbase]
|
||||
ibase.allow_persistent = 1
|
||||
ibase.max_persistent = -1
|
||||
ibase.max_links = -1
|
||||
ibase.timestampformat = "%Y-%m-%d %H:%M:%S"
|
||||
ibase.dateformat = "%Y-%m-%d"
|
||||
ibase.timeformat = "%H:%M:%S"
|
||||
|
||||
[MySQLi]
|
||||
mysqli.max_persistent = -1
|
||||
mysqli.allow_persistent = On
|
||||
mysqli.max_links = -1
|
||||
mysqli.cache_size = 2000
|
||||
mysqli.default_port = 3306
|
||||
mysqli.default_socket =
|
||||
mysqli.default_host =
|
||||
mysqli.default_user =
|
||||
mysqli.default_pw =
|
||||
mysqli.reconnect = Off
|
||||
|
||||
[mysqlnd]
|
||||
mysqlnd.collect_statistics = On
|
||||
mysqlnd.collect_memory_statistics = Off
|
||||
|
||||
[OCI8]
|
||||
|
||||
[OCI8]
|
||||
|
||||
[PostgreSQL]
|
||||
pgsql.allow_persistent = On
|
||||
pgsql.auto_reset_persistent = Off
|
||||
pgsql.max_persistent = -1
|
||||
pgsql.max_links = -1
|
||||
pgsql.ignore_notice = 0
|
||||
pgsql.log_notice = 0
|
||||
|
||||
[bcmath]
|
||||
bcmath.scale = 0
|
||||
|
||||
[browscap]
|
||||
|
||||
[Session]
|
||||
session.save_handler = files
|
||||
session.use_strict_mode = 0
|
||||
session.use_cookies = 1
|
||||
session.use_only_cookies = 1
|
||||
session.name = PHPSESSID
|
||||
session.auto_start = 0
|
||||
session.cookie_lifetime = 0
|
||||
session.cookie_path = /
|
||||
session.cookie_domain =
|
||||
session.cookie_httponly =
|
||||
session.serialize_handler = php
|
||||
session.gc_probability = 0
|
||||
session.gc_divisor = 1000
|
||||
session.gc_maxlifetime = 1440
|
||||
session.referer_check =
|
||||
session.cache_limiter = nocache
|
||||
session.cache_expire = 180
|
||||
session.use_trans_sid = 0
|
||||
|
||||
url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"
|
||||
|
||||
[Assertion]
|
||||
zend.assertions = -1
|
||||
|
||||
[COM]
|
||||
|
||||
[mbstring]
|
||||
|
||||
[gd]
|
||||
|
||||
[exif]
|
||||
|
||||
[Tidy]
|
||||
tidy.clean_output = Off
|
||||
|
||||
[soap]
|
||||
soap.wsdl_cache_enabled = 1
|
||||
soap.wsdl_cache_dir = "/tmp"
|
||||
soap.wsdl_cache_ttl = 86400
|
||||
soap.wsdl_cache_limit = 5
|
||||
|
||||
[sysvshm]
|
||||
|
||||
[ldap]
|
||||
ldap.max_links = -1
|
||||
|
||||
[mcrypt]
|
||||
|
||||
[dba]
|
||||
|
||||
[opcache]
|
||||
opcache.enable=1
|
||||
opcache.enable_cli=1
|
||||
opcache.interned_strings_buffer=8
|
||||
opcache.max_accelerated_files=10000
|
||||
opcache.memory_consumption=256
|
||||
opcache.save_comments=1
|
||||
opcache.revalidate_freq=1
|
||||
|
||||
|
||||
[curl]
|
||||
|
||||
[openssl]
|
|
@ -1,190 +0,0 @@
|
|||
[PHP]
|
||||
|
||||
engine = On
|
||||
short_open_tag = Off
|
||||
precision = 14
|
||||
output_buffering = 4096
|
||||
zlib.output_compression = Off
|
||||
implicit_flush = Off
|
||||
unserialize_callback_func =
|
||||
serialize_precision = -1
|
||||
disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,
|
||||
disable_classes =
|
||||
zend.enable_gc = On
|
||||
expose_php = Off
|
||||
max_execution_time = 300
|
||||
max_input_time = 600
|
||||
max_input_vars = 20000
|
||||
memory_limit = -1
|
||||
error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
|
||||
display_errors = Off
|
||||
display_startup_errors = Off
|
||||
log_errors = On
|
||||
log_errors_max_len = 1024
|
||||
ignore_repeated_errors = Off
|
||||
ignore_repeated_source = Off
|
||||
report_memleaks = On
|
||||
track_errors = Off
|
||||
html_errors = On
|
||||
variables_order = "GPCS"
|
||||
request_order = "GP"
|
||||
register_argc_argv = Off
|
||||
auto_globals_jit = On
|
||||
post_max_size = 128M
|
||||
auto_prepend_file =
|
||||
auto_append_file =
|
||||
default_mimetype = "text/html"
|
||||
default_charset = "UTF-8"
|
||||
doc_root =
|
||||
user_dir =
|
||||
enable_dl = Off
|
||||
file_uploads = On
|
||||
upload_max_filesize = 128M
|
||||
max_file_uploads = 20
|
||||
allow_url_fopen = On
|
||||
allow_url_include = Off
|
||||
default_socket_timeout = 60
|
||||
|
||||
[CLI Server]
|
||||
cli_server.color = On
|
||||
|
||||
[Date]
|
||||
date.timezone = Europe/Paris
|
||||
|
||||
[filter]
|
||||
|
||||
[iconv]
|
||||
|
||||
[intl]
|
||||
|
||||
[sqlite3]
|
||||
|
||||
[Pcre]
|
||||
|
||||
[Pdo]
|
||||
|
||||
[Pdo_mysql]
|
||||
pdo_mysql.cache_size = 2000
|
||||
pdo_mysql.default_socket=
|
||||
|
||||
[Phar]
|
||||
|
||||
[mail function]
|
||||
SMTP = localhost
|
||||
smtp_port = 25
|
||||
mail.add_x_header = On
|
||||
|
||||
[SQL]
|
||||
sql.safe_mode = Off
|
||||
|
||||
[ODBC]
|
||||
odbc.allow_persistent = On
|
||||
odbc.check_persistent = On
|
||||
odbc.max_persistent = -1
|
||||
odbc.max_links = -1
|
||||
odbc.defaultlrl = 4096
|
||||
odbc.defaultbinmode = 1
|
||||
|
||||
[Interbase]
|
||||
ibase.allow_persistent = 1
|
||||
ibase.max_persistent = -1
|
||||
ibase.max_links = -1
|
||||
ibase.timestampformat = "%Y-%m-%d %H:%M:%S"
|
||||
ibase.dateformat = "%Y-%m-%d"
|
||||
ibase.timeformat = "%H:%M:%S"
|
||||
|
||||
[MySQLi]
|
||||
mysqli.max_persistent = -1
|
||||
mysqli.allow_persistent = On
|
||||
mysqli.max_links = -1
|
||||
mysqli.cache_size = 2000
|
||||
mysqli.default_port = 3306
|
||||
mysqli.default_socket =
|
||||
mysqli.default_host =
|
||||
mysqli.default_user =
|
||||
mysqli.default_pw =
|
||||
mysqli.reconnect = Off
|
||||
|
||||
[mysqlnd]
|
||||
mysqlnd.collect_statistics = On
|
||||
mysqlnd.collect_memory_statistics = Off
|
||||
|
||||
[OCI8]
|
||||
|
||||
[PostgreSQL]
|
||||
pgsql.allow_persistent = On
|
||||
pgsql.auto_reset_persistent = Off
|
||||
pgsql.max_persistent = -1
|
||||
pgsql.max_links = -1
|
||||
pgsql.ignore_notice = 0
|
||||
pgsql.log_notice = 0
|
||||
|
||||
[bcmath]
|
||||
bcmath.scale = 0
|
||||
|
||||
[browscap]
|
||||
|
||||
[Session]
|
||||
session.save_handler = files
|
||||
session.use_strict_mode = 0
|
||||
session.use_cookies = 1
|
||||
session.cookie_secure = 1
|
||||
session.use_only_cookies = 1
|
||||
session.name = PHPSESSID
|
||||
session.auto_start = 0
|
||||
session.cookie_lifetime = 0
|
||||
session.cookie_path = /
|
||||
session.cookie_domain =
|
||||
session.cookie_httponly = 1
|
||||
session.serialize_handler = php
|
||||
session.gc_probability = 0
|
||||
session.gc_divisor = 1000
|
||||
session.gc_maxlifetime = 1440
|
||||
session.referer_check =
|
||||
session.cache_limiter = nocache
|
||||
session.cache_expire = 180
|
||||
session.use_trans_sid = 0
|
||||
session.sid_length = 26
|
||||
session.trans_sid_tags = "a=href,area=href,frame=src,form="
|
||||
session.sid_bits_per_character = 5
|
||||
|
||||
[Assertion]
|
||||
zend.assertions = -1
|
||||
|
||||
[COM]
|
||||
|
||||
[mbstring]
|
||||
|
||||
[gd]
|
||||
|
||||
[exif]
|
||||
|
||||
[Tidy]
|
||||
tidy.clean_output = Off
|
||||
|
||||
[soap]
|
||||
soap.wsdl_cache_enabled=1
|
||||
soap.wsdl_cache_dir="/tmp"
|
||||
soap.wsdl_cache_ttl=86400
|
||||
soap.wsdl_cache_limit = 5
|
||||
|
||||
[sysvshm]
|
||||
|
||||
[ldap]
|
||||
ldap.max_links = -1
|
||||
|
||||
[mcrypt]
|
||||
|
||||
[dba]
|
||||
|
||||
[opcache]
|
||||
opcache.enable=1
|
||||
opcache.enable_cli=1
|
||||
opcache.interned_strings_buffer=8
|
||||
opcache.max_accelerated_files=10000
|
||||
opcache.memory_consumption=256
|
||||
opcache.save_comments=1
|
||||
opcache.revalidate_freq=1
|
||||
|
||||
[curl]
|
||||
[openssl]
|
|
@ -1,191 +0,0 @@
|
|||
[PHP]
|
||||
|
||||
engine = On
|
||||
short_open_tag = Off
|
||||
precision = 14
|
||||
output_buffering = 4096
|
||||
zlib.output_compression = Off
|
||||
implicit_flush = Off
|
||||
unserialize_callback_func =
|
||||
serialize_precision = -1
|
||||
disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,
|
||||
disable_classes =
|
||||
zend.enable_gc = On
|
||||
expose_php = Off
|
||||
max_execution_time = 300
|
||||
max_input_time = 600
|
||||
max_input_vars = 10000
|
||||
memory_limit = 256M
|
||||
error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
|
||||
display_errors = Off
|
||||
display_startup_errors = Off
|
||||
log_errors = On
|
||||
log_errors_max_len = 1024
|
||||
ignore_repeated_errors = Off
|
||||
ignore_repeated_source = Off
|
||||
report_memleaks = On
|
||||
track_errors = Off
|
||||
html_errors = On
|
||||
variables_order = "GPCS"
|
||||
request_order = "GP"
|
||||
register_argc_argv = Off
|
||||
auto_globals_jit = On
|
||||
post_max_size = 128M
|
||||
auto_prepend_file =
|
||||
auto_append_file =
|
||||
default_mimetype = "text/html"
|
||||
default_charset = "UTF-8"
|
||||
doc_root =
|
||||
user_dir =
|
||||
enable_dl = Off
|
||||
file_uploads = On
|
||||
upload_max_filesize = 128M
|
||||
max_file_uploads = 20
|
||||
allow_url_fopen = On
|
||||
allow_url_include = Off
|
||||
default_socket_timeout = 60
|
||||
|
||||
[CLI Server]
|
||||
cli_server.color = On
|
||||
|
||||
[Date]
|
||||
date.timezone = Europe/Paris
|
||||
|
||||
[filter]
|
||||
|
||||
[iconv]
|
||||
|
||||
[intl]
|
||||
|
||||
[sqlite3]
|
||||
|
||||
[Pcre]
|
||||
|
||||
[Pdo]
|
||||
|
||||
[Pdo_mysql]
|
||||
pdo_mysql.cache_size = 2000
|
||||
pdo_mysql.default_socket=
|
||||
|
||||
[Phar]
|
||||
|
||||
[mail function]
|
||||
SMTP = localhost
|
||||
smtp_port = 25
|
||||
mail.add_x_header = On
|
||||
|
||||
[SQL]
|
||||
sql.safe_mode = Off
|
||||
|
||||
[ODBC]
|
||||
odbc.allow_persistent = On
|
||||
odbc.check_persistent = On
|
||||
odbc.max_persistent = -1
|
||||
odbc.max_links = -1
|
||||
odbc.defaultlrl = 4096
|
||||
odbc.defaultbinmode = 1
|
||||
|
||||
[Interbase]
|
||||
ibase.allow_persistent = 1
|
||||
ibase.max_persistent = -1
|
||||
ibase.max_links = -1
|
||||
ibase.timestampformat = "%Y-%m-%d %H:%M:%S"
|
||||
ibase.dateformat = "%Y-%m-%d"
|
||||
ibase.timeformat = "%H:%M:%S"
|
||||
|
||||
[MySQLi]
|
||||
mysqli.max_persistent = -1
|
||||
mysqli.allow_persistent = On
|
||||
mysqli.max_links = -1
|
||||
mysqli.cache_size = 2000
|
||||
mysqli.default_port = 3306
|
||||
mysqli.default_socket =
|
||||
mysqli.default_host =
|
||||
mysqli.default_user =
|
||||
mysqli.default_pw =
|
||||
mysqli.reconnect = Off
|
||||
|
||||
[mysqlnd]
|
||||
mysqlnd.collect_statistics = On
|
||||
mysqlnd.collect_memory_statistics = Off
|
||||
|
||||
[OCI8]
|
||||
|
||||
[PostgreSQL]
|
||||
pgsql.allow_persistent = On
|
||||
pgsql.auto_reset_persistent = Off
|
||||
pgsql.max_persistent = -1
|
||||
pgsql.max_links = -1
|
||||
pgsql.ignore_notice = 0
|
||||
pgsql.log_notice = 0
|
||||
|
||||
[bcmath]
|
||||
bcmath.scale = 0
|
||||
|
||||
[browscap]
|
||||
|
||||
[Session]
|
||||
session.save_handler = files
|
||||
session.use_strict_mode = 0
|
||||
session.use_cookies = 1
|
||||
session.cookie_secure = 1
|
||||
session.use_only_cookies = 1
|
||||
session.name = PHPSESSID
|
||||
session.auto_start = 0
|
||||
session.cookie_lifetime = 0
|
||||
session.cookie_path = /
|
||||
session.cookie_domain =
|
||||
session.cookie_httponly = 1
|
||||
session.serialize_handler = php
|
||||
session.gc_probability = 0
|
||||
session.gc_divisor = 1000
|
||||
session.gc_maxlifetime = 1440
|
||||
session.referer_check =
|
||||
session.cache_limiter = nocache
|
||||
session.cache_expire = 180
|
||||
session.use_trans_sid = 0
|
||||
session.sid_length = 26
|
||||
session.trans_sid_tags = "a=href,area=href,frame=src,form="
|
||||
session.sid_bits_per_character = 5
|
||||
|
||||
[Assertion]
|
||||
zend.assertions = -1
|
||||
|
||||
[COM]
|
||||
|
||||
[mbstring]
|
||||
|
||||
[gd]
|
||||
|
||||
[exif]
|
||||
|
||||
[Tidy]
|
||||
tidy.clean_output = Off
|
||||
|
||||
[soap]
|
||||
soap.wsdl_cache_enabled=1
|
||||
soap.wsdl_cache_dir="/tmp"
|
||||
soap.wsdl_cache_ttl=86400
|
||||
soap.wsdl_cache_limit = 5
|
||||
|
||||
[sysvshm]
|
||||
|
||||
[ldap]
|
||||
ldap.max_links = -1
|
||||
|
||||
[mcrypt]
|
||||
|
||||
[dba]
|
||||
|
||||
[opcache]
|
||||
opcache.enable=1
|
||||
opcache.enable_cli=1
|
||||
opcache.interned_strings_buffer=8
|
||||
opcache.max_accelerated_files=10000
|
||||
opcache.memory_consumption=256
|
||||
opcache.save_comments=1
|
||||
opcache.revalidate_freq=1
|
||||
|
||||
[curl]
|
||||
|
||||
[openssl]
|
|
@ -1,15 +0,0 @@
|
|||
[www]
|
||||
user = www-data
|
||||
group = www-data
|
||||
listen = 127.0.0.1:9080
|
||||
listen.owner = www-data
|
||||
listen.group = www-data
|
||||
pm = ondemand
|
||||
pm.max_children = 100
|
||||
pm.start_servers = 20
|
||||
pm.min_spare_servers = 10
|
||||
pm.max_spare_servers = 30
|
||||
ping.path = /ping
|
||||
pm.status_path = /status
|
||||
pm.max_requests = 500
|
||||
request_terminate_timeout = 300
|
|
@ -1,185 +0,0 @@
|
|||
[PHP]
|
||||
|
||||
engine = On
|
||||
short_open_tag = Off
|
||||
precision = 14
|
||||
output_buffering = 4096
|
||||
zlib.output_compression = Off
|
||||
implicit_flush = Off
|
||||
unserialize_callback_func =
|
||||
serialize_precision = -1
|
||||
disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,
|
||||
disable_classes =
|
||||
zend.enable_gc = On
|
||||
expose_php = Off
|
||||
max_execution_time = 300
|
||||
max_input_vars = 10000
|
||||
max_input_time = 600
|
||||
memory_limit = -1
|
||||
error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
|
||||
display_errors = Off
|
||||
display_startup_errors = Off
|
||||
log_errors = On
|
||||
log_errors_max_len = 1024
|
||||
ignore_repeated_errors = Off
|
||||
ignore_repeated_source = Off
|
||||
report_memleaks = On
|
||||
html_errors = On
|
||||
variables_order = "GPCS"
|
||||
request_order = "GP"
|
||||
register_argc_argv = Off
|
||||
auto_globals_jit = On
|
||||
post_max_size = 128M
|
||||
auto_prepend_file =
|
||||
auto_append_file =
|
||||
default_mimetype = "text/html"
|
||||
default_charset = "UTF-8"
|
||||
doc_root =
|
||||
user_dir =
|
||||
enable_dl = Off
|
||||
file_uploads = On
|
||||
upload_max_filesize = 128M
|
||||
max_file_uploads = 20
|
||||
allow_url_fopen = On
|
||||
allow_url_include = Off
|
||||
default_socket_timeout = 60
|
||||
|
||||
[CLI Server]
|
||||
cli_server.color = On
|
||||
|
||||
[Date]
|
||||
date.timezone = Europe/Paris
|
||||
|
||||
[filter]
|
||||
|
||||
[iconv]
|
||||
|
||||
[intl]
|
||||
|
||||
[sqlite3]
|
||||
|
||||
[Pcre]
|
||||
|
||||
[Pdo]
|
||||
|
||||
[Pdo_mysql]
|
||||
pdo_mysql.cache_size = 2000
|
||||
pdo_mysql.default_socket=
|
||||
|
||||
[Phar]
|
||||
|
||||
[mail function]
|
||||
SMTP = localhost
|
||||
smtp_port = 25
|
||||
mail.add_x_header = On
|
||||
|
||||
[ODBC]
|
||||
odbc.allow_persistent = On
|
||||
odbc.check_persistent = On
|
||||
odbc.max_persistent = -1
|
||||
odbc.max_links = -1
|
||||
odbc.defaultlrl = 4096
|
||||
odbc.defaultbinmode = 1
|
||||
|
||||
[Interbase]
|
||||
ibase.allow_persistent = 1
|
||||
ibase.max_persistent = -1
|
||||
ibase.max_links = -1
|
||||
ibase.timestampformat = "%Y-%m-%d %H:%M:%S"
|
||||
ibase.dateformat = "%Y-%m-%d"
|
||||
ibase.timeformat = "%H:%M:%S"
|
||||
|
||||
[MySQLi]
|
||||
mysqli.max_persistent = -1
|
||||
mysqli.allow_persistent = On
|
||||
mysqli.max_links = -1
|
||||
mysqli.cache_size = 2000
|
||||
mysqli.default_port = 3306
|
||||
mysqli.default_socket =
|
||||
mysqli.default_host =
|
||||
mysqli.default_user =
|
||||
mysqli.default_pw =
|
||||
mysqli.reconnect = Off
|
||||
|
||||
[mysqlnd]
|
||||
mysqlnd.collect_statistics = On
|
||||
mysqlnd.collect_memory_statistics = Off
|
||||
|
||||
[OCI8]
|
||||
|
||||
[PostgreSQL]
|
||||
pgsql.allow_persistent = On
|
||||
pgsql.auto_reset_persistent = Off
|
||||
pgsql.max_persistent = -1
|
||||
pgsql.max_links = -1
|
||||
pgsql.ignore_notice = 0
|
||||
pgsql.log_notice = 0
|
||||
|
||||
[bcmath]
|
||||
bcmath.scale = 0
|
||||
|
||||
[browscap]
|
||||
|
||||
[Session]
|
||||
session.save_handler = files
|
||||
session.use_strict_mode = 0
|
||||
session.use_cookies = 1
|
||||
session.cookie_secure = 1
|
||||
session.use_only_cookies = 1
|
||||
session.name = PHPSESSID
|
||||
session.auto_start = 0
|
||||
session.cookie_lifetime = 0
|
||||
session.cookie_path = /
|
||||
session.cookie_domain =
|
||||
session.cookie_httponly =
|
||||
session.serialize_handler = php
|
||||
session.gc_probability = 0
|
||||
session.gc_divisor = 1000
|
||||
session.gc_maxlifetime = 1440
|
||||
session.referer_check =
|
||||
session.cache_limiter = nocache
|
||||
session.cache_expire = 180
|
||||
session.use_trans_sid = 0
|
||||
session.sid_length = 26
|
||||
session.trans_sid_tags = "a=href,area=href,frame=src,form="
|
||||
session.sid_bits_per_character = 5
|
||||
|
||||
[Assertion]
|
||||
zend.assertions = -1
|
||||
|
||||
[COM]
|
||||
|
||||
[mbstring]
|
||||
|
||||
[gd]
|
||||
|
||||
[exif]
|
||||
|
||||
[Tidy]
|
||||
tidy.clean_output = Off
|
||||
|
||||
[soap]
|
||||
soap.wsdl_cache_enabled=1
|
||||
soap.wsdl_cache_dir="/tmp"
|
||||
soap.wsdl_cache_ttl=86400
|
||||
soap.wsdl_cache_limit = 5
|
||||
|
||||
[sysvshm]
|
||||
|
||||
[ldap]
|
||||
ldap.max_links = -1
|
||||
|
||||
[dba]
|
||||
|
||||
[opcache]
|
||||
opcache.enable=1
|
||||
opcache.enable_cli=1
|
||||
opcache.interned_strings_buffer=8
|
||||
opcache.max_accelerated_files=10000
|
||||
opcache.memory_consumption=256
|
||||
opcache.save_comments=1
|
||||
opcache.revalidate_freq=1
|
||||
|
||||
[curl]
|
||||
|
||||
[openssl]
|
|
@ -1,185 +0,0 @@
|
|||
[PHP]
|
||||
|
||||
engine = On
|
||||
short_open_tag = Off
|
||||
precision = 14
|
||||
output_buffering = 4096
|
||||
zlib.output_compression = Off
|
||||
implicit_flush = Off
|
||||
unserialize_callback_func =
|
||||
serialize_precision = -1
|
||||
disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,
|
||||
disable_classes =
|
||||
zend.enable_gc = On
|
||||
expose_php = Off
|
||||
max_execution_time = 300
|
||||
max_input_vars = 10000
|
||||
max_input_time = 600
|
||||
memory_limit = 256M
|
||||
error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
|
||||
display_errors = Off
|
||||
display_startup_errors = Off
|
||||
log_errors = On
|
||||
log_errors_max_len = 1024
|
||||
ignore_repeated_errors = Off
|
||||
ignore_repeated_source = Off
|
||||
report_memleaks = On
|
||||
html_errors = On
|
||||
variables_order = "GPCS"
|
||||
request_order = "GP"
|
||||
register_argc_argv = Off
|
||||
auto_globals_jit = On
|
||||
post_max_size = 128M
|
||||
auto_prepend_file =
|
||||
auto_append_file =
|
||||
default_mimetype = "text/html"
|
||||
default_charset = "UTF-8"
|
||||
doc_root =
|
||||
user_dir =
|
||||
enable_dl = Off
|
||||
file_uploads = On
|
||||
upload_max_filesize = 128M
|
||||
max_file_uploads = 20
|
||||
allow_url_fopen = On
|
||||
allow_url_include = Off
|
||||
default_socket_timeout = 60
|
||||
|
||||
[CLI Server]
|
||||
cli_server.color = On
|
||||
|
||||
[Date]
|
||||
date.timezone = Europe/Paris
|
||||
|
||||
[filter]
|
||||
|
||||
[iconv]
|
||||
|
||||
[intl]
|
||||
|
||||
[sqlite3]
|
||||
|
||||
[Pcre]
|
||||
|
||||
[Pdo]
|
||||
|
||||
[Pdo_mysql]
|
||||
pdo_mysql.cache_size = 2000
|
||||
pdo_mysql.default_socket=
|
||||
|
||||
[Phar]
|
||||
|
||||
[mail function]
|
||||
SMTP = localhost
|
||||
smtp_port = 25
|
||||
mail.add_x_header = On
|
||||
|
||||
[ODBC]
|
||||
odbc.allow_persistent = On
|
||||
odbc.check_persistent = On
|
||||
odbc.max_persistent = -1
|
||||
odbc.max_links = -1
|
||||
odbc.defaultlrl = 4096
|
||||
odbc.defaultbinmode = 1
|
||||
|
||||
[Interbase]
|
||||
ibase.allow_persistent = 1
|
||||
ibase.max_persistent = -1
|
||||
ibase.max_links = -1
|
||||
ibase.timestampformat = "%Y-%m-%d %H:%M:%S"
|
||||
ibase.dateformat = "%Y-%m-%d"
|
||||
ibase.timeformat = "%H:%M:%S"
|
||||
|
||||
[MySQLi]
|
||||
mysqli.max_persistent = -1
|
||||
mysqli.allow_persistent = On
|
||||
mysqli.max_links = -1
|
||||
mysqli.cache_size = 2000
|
||||
mysqli.default_port = 3306
|
||||
mysqli.default_socket =
|
||||
mysqli.default_host =
|
||||
mysqli.default_user =
|
||||
mysqli.default_pw =
|
||||
mysqli.reconnect = Off
|
||||
|
||||
[mysqlnd]
|
||||
mysqlnd.collect_statistics = On
|
||||
mysqlnd.collect_memory_statistics = Off
|
||||
|
||||
[OCI8]
|
||||
|
||||
[PostgreSQL]
|
||||
pgsql.allow_persistent = On
|
||||
pgsql.auto_reset_persistent = Off
|
||||
pgsql.max_persistent = -1
|
||||
pgsql.max_links = -1
|
||||
pgsql.ignore_notice = 0
|
||||
pgsql.log_notice = 0
|
||||
|
||||
[bcmath]
|
||||
bcmath.scale = 0
|
||||
|
||||
[browscap]
|
||||
|
||||
[Session]
|
||||
session.save_handler = files
|
||||
session.use_strict_mode = 0
|
||||
session.use_cookies = 1
|
||||
session.cookie_secure = 1
|
||||
session.use_only_cookies = 1
|
||||
session.name = PHPSESSID
|
||||
session.auto_start = 0
|
||||
session.cookie_lifetime = 0
|
||||
session.cookie_path = /
|
||||
session.cookie_domain =
|
||||
session.cookie_httponly =
|
||||
session.serialize_handler = php
|
||||
session.gc_probability = 0
|
||||
session.gc_divisor = 1000
|
||||
session.gc_maxlifetime = 1440
|
||||
session.referer_check =
|
||||
session.cache_limiter = nocache
|
||||
session.cache_expire = 180
|
||||
session.use_trans_sid = 0
|
||||
session.sid_length = 26
|
||||
session.trans_sid_tags = "a=href,area=href,frame=src,form="
|
||||
session.sid_bits_per_character = 5
|
||||
|
||||
[Assertion]
|
||||
zend.assertions = -1
|
||||
|
||||
[COM]
|
||||
|
||||
[mbstring]
|
||||
|
||||
[gd]
|
||||
|
||||
[exif]
|
||||
|
||||
[Tidy]
|
||||
tidy.clean_output = Off
|
||||
|
||||
[soap]
|
||||
soap.wsdl_cache_enabled=1
|
||||
soap.wsdl_cache_dir="/tmp"
|
||||
soap.wsdl_cache_ttl=86400
|
||||
soap.wsdl_cache_limit = 5
|
||||
|
||||
[sysvshm]
|
||||
|
||||
[ldap]
|
||||
ldap.max_links = -1
|
||||
|
||||
[dba]
|
||||
|
||||
[opcache]
|
||||
opcache.enable=1
|
||||
opcache.enable_cli=1
|
||||
opcache.interned_strings_buffer=8
|
||||
opcache.max_accelerated_files=10000
|
||||
opcache.memory_consumption=256
|
||||
opcache.save_comments=1
|
||||
opcache.revalidate_freq=1
|
||||
|
||||
[curl]
|
||||
|
||||
[openssl]
|
|
@ -1,15 +0,0 @@
|
|||
[www]
|
||||
user = www-data
|
||||
group = www-data
|
||||
listen = 127.0.0.1:9090
|
||||
listen.owner = www-data
|
||||
listen.group = www-data
|
||||
pm = ondemand
|
||||
pm.max_children = 100
|
||||
pm.start_servers = 20
|
||||
pm.min_spare_servers = 10
|
||||
pm.max_spare_servers = 30
|
||||
ping.path = /ping
|
||||
pm.status_path = /status
|
||||
pm.max_requests = 500
|
||||
request_terminate_timeout = 300
|
|
@ -1,61 +0,0 @@
|
|||
# /etc/security/limits.conf
|
||||
#
|
||||
#Each line describes a limit for a user in the form:
|
||||
#
|
||||
#<domain> <type> <item> <value>
|
||||
#
|
||||
#Where:
|
||||
#<domain> can be:
|
||||
# - a user name
|
||||
# - a group name, with @group syntax
|
||||
# - the wildcard *, for default entry
|
||||
# - the wildcard %, can be also used with %group syntax,
|
||||
# for maxlogin limit
|
||||
# - NOTE: group and wildcard limits are not applied to root.
|
||||
# To apply a limit to the root user, <domain> must be
|
||||
# the literal username root.
|
||||
#
|
||||
#<type> can have the two values:
|
||||
# - "soft" for enforcing the soft limits
|
||||
# - "hard" for enforcing hard limits
|
||||
#
|
||||
#<item> can be one of the following:
|
||||
# - core - limits the core file size (KB)
|
||||
# - data - max data size (KB)
|
||||
# - fsize - maximum filesize (KB)
|
||||
# - memlock - max locked-in-memory address space (KB)
|
||||
# - nofile - max number of open files
|
||||
# - rss - max resident set size (KB)
|
||||
# - stack - max stack size (KB)
|
||||
# - cpu - max CPU time (MIN)
|
||||
# - nproc - max number of processes
|
||||
# - as - address space limit (KB)
|
||||
# - maxlogins - max number of logins for this user
|
||||
# - maxsyslogins - max number of logins on the system
|
||||
# - priority - the priority to run user process with
|
||||
# - locks - max number of file locks the user can hold
|
||||
# - sigpending - max number of pending signals
|
||||
# - msgqueue - max memory used by POSIX message queues (bytes)
|
||||
# - nice - max nice priority allowed to raise to values: [-20, 19]
|
||||
# - rtprio - max realtime priority
|
||||
# - chroot - change root to directory (Debian-specific)
|
||||
#
|
||||
#<domain> <type> <item> <value>
|
||||
#
|
||||
|
||||
#* soft core 0
|
||||
#root hard core 100000
|
||||
#* hard rss 10000
|
||||
#@student hard nproc 20
|
||||
#@faculty soft nproc 20
|
||||
#@faculty hard nproc 50
|
||||
#ftp hard nproc 0
|
||||
#ftp - chroot /ftp
|
||||
#@student - maxlogins 4
|
||||
|
||||
# End of file
|
||||
* hard nofile 500000
|
||||
* soft nofile 500000
|
||||
root hard nofile 500000
|
||||
root soft nofile 500000
|
||||
|
|
@ -1,45 +0,0 @@
|
|||
# Use a custom port in the following range : 1024-65536
|
||||
Port 22
|
||||
|
||||
#Prefer ed25519 & ECDSA keys rather than 2048 bit RSA
|
||||
HostKey /etc/ssh/ssh_host_rsa_key
|
||||
HostKey /etc/ssh/ssh_host_ecdsa_key
|
||||
HostKey /etc/ssh/ssh_host_ed25519_key
|
||||
|
||||
# Allow root access with ssh keys
|
||||
PermitRootLogin without-password
|
||||
|
||||
# Allow ssh access to some users only
|
||||
AllowUsers root
|
||||
|
||||
# allow ssh key Authentication
|
||||
PubkeyAuthentication yes
|
||||
|
||||
# ssh keys path in ~/.ssh/authorized_keys
|
||||
AuthorizedKeysFile %h/.ssh/authorized_keys
|
||||
|
||||
# No password or empty passwords Authentication
|
||||
PasswordAuthentication no
|
||||
PermitEmptyPasswords no
|
||||
|
||||
# No challenge response Authentication
|
||||
ChallengeResponseAuthentication no
|
||||
|
||||
UsePAM yes
|
||||
X11Forwarding yes
|
||||
|
||||
#PrintMotd no
|
||||
|
||||
# Allow client to pass locale environment variables
|
||||
AcceptEnv LANG LC_*
|
||||
|
||||
# override default of no subsystems
|
||||
Subsystem sftp /usr/lib/openssh/sftp-server
|
||||
|
||||
# Host keys the client accepts - order here is honored by OpenSSH
|
||||
HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ssh-rsa,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256
|
||||
|
||||
# use strong ciphers (you may have to comment those lines with some sftp clients)
|
||||
KexAlgorithms curve25519-sha256@libssh.org
|
||||
Ciphers chacha20-poly1305@openssh.com
|
||||
MACs umac-128-etm@openssh.com,umac-128@openssh.com
|
|
@ -1,266 +0,0 @@
|
|||
# Kernel sysctl configuration file for Linux
|
||||
#
|
||||
# Version 1.16 - 2018-10-23
|
||||
# Michiel Klaver - IT Professional
|
||||
# Modified by VirtuBox
|
||||
#
|
||||
# Instructions available on https://github.com/VirtuBox/ubuntu-nginx-web-server
|
||||
#
|
||||
# Sources :
|
||||
# https://klaver.it/linux/sysctl.conf
|
||||
# https://easyengine.io/tutorials/linux/sysctl-conf/
|
||||
#
|
||||
#
|
||||
# Credits:
|
||||
#
|
||||
# http://www.enigma.id.au/linux_tuning.txt
|
||||
# http://www.securityfocus.com/infocus/1729
|
||||
# http://fasterdata.es.net/TCP-tuning/linux.html
|
||||
# http://fedorahosted.org/ktune/browser/sysctl.ktune
|
||||
# http://www.cymru.com/Documents/ip-stack-tuning.html
|
||||
# http://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt
|
||||
# http://www.frozentux.net/ipsysctl-tutorial/chunkyhtml/index.html
|
||||
# http://knol.google.com/k/linux-performance-tuning-and-measurement
|
||||
# http://www.cyberciti.biz/faq/linux-kernel-tuning-virtual-memory-subsystem/
|
||||
# http://www.redbooks.ibm.com/abstracts/REDP4285.html
|
||||
# http://www.speedguide.net/read_articles.php?id=121
|
||||
# http://lartc.org/howto/lartc.kernel.obscure.html
|
||||
# http://en.wikipedia.org/wiki/Sysctl
|
||||
#
|
||||
# Usage
|
||||
# wget -O /etc/sysctl.d/60-ubuntu-nginx-web-server.conf https://virtubox.github.io/ubuntu-nginx-web-server/files/etc/sysctl.d/60-ubuntu-nginx-web-server.conf
|
||||
#
|
||||
# sysctl -e -p /etc/sysctl.d/60-ubuntu-nginx-web-server.conf
|
||||
# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and sysctl.conf(5) for more details.
|
||||
#
|
||||
|
||||
###
|
||||
### GENERAL SYSTEM SECURITY OPTIONS ###
|
||||
###
|
||||
|
||||
# Controls the System Request debugging functionality of the kernel
|
||||
kernel.sysrq = 0
|
||||
|
||||
# Controls whether core dumps will append the PID to the core filename.
|
||||
# Useful for debugging multi-threaded applications.
|
||||
kernel.core_uses_pid = 1
|
||||
|
||||
#Allow for more PIDs
|
||||
kernel.pid_max = 65535
|
||||
|
||||
# The contents of /proc/<pid>/maps and smaps files are only visible to
|
||||
# readers that are allowed to ptrace() the process
|
||||
kernel.maps_protect = 1
|
||||
|
||||
#Enable ExecShield protection
|
||||
kernel.exec-shield = 1
|
||||
kernel.randomize_va_space = 2
|
||||
|
||||
# Controls the maximum size of a message, in bytes
|
||||
kernel.msgmnb = 65535
|
||||
|
||||
# Controls the default maxmimum size of a mesage queue
|
||||
kernel.msgmax = 65535
|
||||
|
||||
# Restrict core dumps
|
||||
fs.suid_dumpable = 0
|
||||
|
||||
# Hide exposed kernel pointers
|
||||
kernel.kptr_restrict = 1
|
||||
|
||||
###
|
||||
### IMPROVE SYSTEM MEMORY MANAGEMENT ###
|
||||
###
|
||||
|
||||
# Increase size of file handles and inode cache
|
||||
fs.file-max = 209708
|
||||
|
||||
# Do less swapping
|
||||
vm.swappiness = 10
|
||||
vm.dirty_ratio = 30
|
||||
vm.dirty_background_ratio = 5
|
||||
|
||||
# specifies the minimum virtual address that a process is allowed to mmap
|
||||
vm.mmap_min_addr = 4096
|
||||
|
||||
# 50% overcommitment of available memory
|
||||
vm.overcommit_ratio = 50
|
||||
|
||||
# allow memory overcommit required for redis
|
||||
vm.overcommit_memory = 1
|
||||
|
||||
# Set maximum amount of memory allocated to shm to 256MB
|
||||
kernel.shmmax = 268435456
|
||||
kernel.shmall = 268435456
|
||||
|
||||
# Keep at least 64MB of free RAM space available
|
||||
vm.min_free_kbytes = 65535
|
||||
|
||||
###
|
||||
### GENERAL NETWORK SECURITY OPTIONS ###
|
||||
###
|
||||
|
||||
#Prevent SYN attack, enable SYNcookies (they will kick-in when the max_syn_backlog reached)
|
||||
net.ipv4.tcp_syncookies = 1
|
||||
net.ipv4.tcp_syn_retries = 2
|
||||
net.ipv4.tcp_synack_retries = 2
|
||||
net.ipv4.tcp_max_syn_backlog = 4096
|
||||
|
||||
# Disables IP source routing
|
||||
net.ipv4.conf.all.send_redirects = 0
|
||||
net.ipv4.conf.default.send_redirects = 0
|
||||
net.ipv4.conf.all.accept_source_route = 0
|
||||
net.ipv4.conf.default.accept_source_route = 0
|
||||
net.ipv6.conf.all.accept_source_route = 0
|
||||
net.ipv6.conf.default.accept_source_route = 0
|
||||
|
||||
# Enable IP spoofing protection, turn on source route verification
|
||||
net.ipv4.conf.all.rp_filter = 1
|
||||
net.ipv4.conf.default.rp_filter = 1
|
||||
|
||||
# Disable ICMP Redirect Acceptance
|
||||
net.ipv4.conf.all.accept_redirects = 0
|
||||
net.ipv4.conf.default.accept_redirects = 0
|
||||
net.ipv4.conf.all.secure_redirects = 0
|
||||
net.ipv4.conf.default.secure_redirects = 0
|
||||
net.ipv6.conf.all.accept_redirects = 0
|
||||
net.ipv6.conf.default.accept_redirects = 0
|
||||
|
||||
# Enable Log Spoofed Packets, Source Routed Packets, Redirect Packets
|
||||
net.ipv4.conf.all.log_martians = 1
|
||||
net.ipv4.conf.default.log_martians = 1
|
||||
|
||||
# Decrease the time default value for tcp_fin_timeout connection
|
||||
net.ipv4.tcp_fin_timeout = 7
|
||||
|
||||
# Decrease the time default value for connections to keep alive
|
||||
net.ipv4.tcp_keepalive_time = 300
|
||||
net.ipv4.tcp_keepalive_probes = 5
|
||||
net.ipv4.tcp_keepalive_intvl = 15
|
||||
|
||||
# Don't relay bootp
|
||||
net.ipv4.conf.all.bootp_relay = 0
|
||||
|
||||
# Don't proxy arp for anyone
|
||||
net.ipv4.conf.all.proxy_arp = 0
|
||||
|
||||
# Turn on the tcp_timestamps, accurate timestamp make TCP congestion control algorithms work better
|
||||
net.ipv4.tcp_timestamps = 1
|
||||
|
||||
# Don't ignore directed pings
|
||||
net.ipv4.icmp_echo_ignore_all = 0
|
||||
|
||||
# Enable ignoring broadcasts request
|
||||
net.ipv4.icmp_echo_ignore_broadcasts = 1
|
||||
|
||||
# Enable bad error message Protection
|
||||
net.ipv4.icmp_ignore_bogus_error_responses = 1
|
||||
|
||||
# Allowed local port range
|
||||
net.ipv4.ip_local_port_range = 16384 65535
|
||||
|
||||
# Enable a fix for RFC1337 - time-wait assassination hazards in TCP
|
||||
net.ipv4.tcp_rfc1337 = 1
|
||||
|
||||
# Do not auto-configure IPv6
|
||||
net.ipv6.conf.all.autoconf=0
|
||||
net.ipv6.conf.all.accept_ra=0
|
||||
net.ipv6.conf.default.autoconf=0
|
||||
net.ipv6.conf.default.accept_ra=0
|
||||
net.ipv6.conf.all.accept_ra_defrtr = 0
|
||||
net.ipv6.conf.default.accept_ra_defrtr = 0
|
||||
net.ipv6.conf.all.accept_ra_pinfo = 0
|
||||
net.ipv6.conf.default.accept_ra_pinfo = 0
|
||||
|
||||
###
|
||||
### TUNING NETWORK PERFORMANCE ###
|
||||
###
|
||||
|
||||
# For servers with tcp-heavy workloads, enable 'fq' queue management scheduler (kernel > 3.12)
|
||||
net.core.default_qdisc = fq
|
||||
|
||||
# Turn on the tcp_window_scaling
|
||||
net.ipv4.tcp_window_scaling = 1
|
||||
|
||||
# Increase the read-buffer space allocatable
|
||||
net.ipv4.tcp_rmem = 8192 87380 16777216
|
||||
net.ipv4.udp_rmem_min = 16384
|
||||
net.core.rmem_default = 262144
|
||||
net.core.rmem_max = 16777216
|
||||
|
||||
# Increase the write-buffer-space allocatable
|
||||
net.ipv4.tcp_wmem = 8192 65536 16777216
|
||||
net.ipv4.udp_wmem_min = 16384
|
||||
net.core.wmem_default = 262144
|
||||
net.core.wmem_max = 16777216
|
||||
|
||||
# Increase number of incoming connections
|
||||
net.core.somaxconn = 32768
|
||||
|
||||
# Increase number of incoming connections backlog
|
||||
net.core.netdev_max_backlog = 16384
|
||||
net.core.dev_weight = 64
|
||||
|
||||
# Increase the maximum amount of option memory buffers
|
||||
net.core.optmem_max = 65535
|
||||
|
||||
# Increase the tcp-time-wait buckets pool size to prevent simple DOS attacks
|
||||
net.ipv4.tcp_max_tw_buckets = 1440000
|
||||
|
||||
# try to reuse time-wait connections, but don't recycle them (recycle can break clients behind NAT)
|
||||
net.ipv4.tcp_tw_recycle = 0
|
||||
net.ipv4.tcp_tw_reuse = 1
|
||||
|
||||
# Limit number of orphans, each orphan can eat up to 16M (max wmem) of unswappable memory
|
||||
net.ipv4.tcp_max_orphans = 16384
|
||||
net.ipv4.tcp_orphan_retries = 0
|
||||
|
||||
# Limit the maximum memory used to reassemble IP fragments (CVE-2018-5391)
|
||||
net.ipv4.ipfrag_low_thresh = 196608
|
||||
net.ipv6.ip6frag_low_thresh = 196608
|
||||
net.ipv4.ipfrag_high_thresh = 262144
|
||||
net.ipv6.ip6frag_high_thresh = 262144
|
||||
|
||||
|
||||
# don't cache ssthresh from previous connection
|
||||
net.ipv4.tcp_no_metrics_save = 1
|
||||
net.ipv4.tcp_moderate_rcvbuf = 1
|
||||
|
||||
# Increase size of RPC datagram queue length
|
||||
net.unix.max_dgram_qlen = 50
|
||||
|
||||
# Don't allow the arp table to become bigger than this
|
||||
net.ipv4.neigh.default.gc_thresh3 = 2048
|
||||
|
||||
# Tell the gc when to become aggressive with arp table cleaning.
|
||||
# Adjust this based on size of the LAN. 1024 is suitable for most /24 networks
|
||||
net.ipv4.neigh.default.gc_thresh2 = 1024
|
||||
|
||||
# Adjust where the gc will leave arp table alone - set to 32.
|
||||
net.ipv4.neigh.default.gc_thresh1 = 32
|
||||
|
||||
# Adjust to arp table gc to clean-up more often
|
||||
net.ipv4.neigh.default.gc_interval = 30
|
||||
|
||||
# Increase TCP queue length
|
||||
net.ipv4.neigh.default.proxy_qlen = 96
|
||||
net.ipv4.neigh.default.unres_qlen = 6
|
||||
|
||||
# Enable Explicit Congestion Notification (RFC 3168), disable it if it doesn't work for you
|
||||
net.ipv4.tcp_ecn = 1
|
||||
net.ipv4.tcp_reordering = 3
|
||||
|
||||
# How many times to retry killing an alive TCP connection
|
||||
net.ipv4.tcp_retries2 = 15
|
||||
net.ipv4.tcp_retries1 = 3
|
||||
|
||||
# Avoid falling back to slow start after a connection goes idle
|
||||
# keeps our cwnd large with the keep alive connections (kernel > 3.6)
|
||||
net.ipv4.tcp_slow_start_after_idle = 0
|
||||
|
||||
# Allow the TCP fastopen flag to be used, beware some firewalls do not like TFO! (kernel > 3.7)
|
||||
net.ipv4.tcp_fastopen = 3
|
||||
|
||||
# This will enusre that immediatly subsequent connections use the new values
|
||||
net.ipv4.route.flush = 1
|
||||
net.ipv6.route.flush = 1
|
|
@ -1,2 +0,0 @@
|
|||
[Service]
|
||||
LimitNOFILE=500000
|
|
@ -1,2 +0,0 @@
|
|||
[Service]
|
||||
LimitNOFILE=30000
|
|
@ -1,2 +0,0 @@
|
|||
[Service]
|
||||
LimitNOFILE=30000
|
|
@ -1,70 +0,0 @@
|
|||
# uncomment for a colored prompt, if the terminal has the capability; turned
|
||||
# off by default to not distract the user: the focus in a terminal window
|
||||
# should be on the output of commands, not on the prompt
|
||||
force_color_prompt=yes
|
||||
|
||||
if [ -n "$force_color_prompt" ]; then
|
||||
if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then
|
||||
# We have color support; assume it's compliant with Ecma-48
|
||||
# (ISO/IEC-6429). (Lack of such support is extremely rare, and such
|
||||
# a case would tend to support setf rather than setaf.)
|
||||
color_prompt=yes
|
||||
else
|
||||
color_prompt=
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ "$color_prompt" = yes ]; then
|
||||
#PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
|
||||
PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u\[\033[01;33m\]@\[\033[01;36m\]\h \[\033[01;33m\]\w \[\033[01;35m\]\$ \[\033[00m\]'
|
||||
else
|
||||
PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ '
|
||||
fi
|
||||
unset color_prompt force_color_prompt
|
||||
|
||||
# If this is an xterm set the title to user@host:dir
|
||||
case "$TERM" in
|
||||
xterm*|rxvt*)
|
||||
PS1="\[\e]0;${debian_chroot:+($debian_chroot)}\u@\h: \w\a\]$PS1"
|
||||
;;
|
||||
*)
|
||||
;;
|
||||
esac
|
||||
|
||||
# some more ls aliases
|
||||
alias ll='ls -alhF'
|
||||
alias la='ls -A'
|
||||
alias l='ls -CF'
|
||||
|
||||
# Alias definitions.
|
||||
# You may want to put all your additions into a separate file like
|
||||
# ~/.bash_aliases, instead of adding them here directly.
|
||||
# See /usr/share/doc/bash-doc/examples in the bash-doc package.
|
||||
|
||||
if [ -f ~/.bash_aliases ]; then
|
||||
. ~/.bash_aliases
|
||||
fi
|
||||
|
||||
# enable programmable completion features (you don't need to enable
|
||||
# this, if it's already enabled in /etc/bash.bashrc and /etc/profile
|
||||
# sources /etc/bash.bashrc).
|
||||
if ! shopt -oq posix; then
|
||||
if [ -f /usr/share/bash-completion/bash_completion ]; then
|
||||
. /usr/share/bash-completion/bash_completion
|
||||
elif [ -f /etc/bash_completion ]; then
|
||||
. /etc/bash_completion
|
||||
fi
|
||||
fi
|
||||
|
||||
# enable color support of ls and also add handy aliases
|
||||
if [ -x /usr/bin/dircolors ]; then
|
||||
test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)"
|
||||
alias ls='ls --color=auto'
|
||||
#alias dir='dir --color=auto'
|
||||
#alias vdir='vdir --color=auto'
|
||||
|
||||
alias grep='grep --color=auto'
|
||||
alias fgrep='fgrep --color=auto'
|
||||
alias egrep='egrep --color=auto'
|
||||
fi
|
||||
|
|
@ -1,7 +0,0 @@
|
|||
# ~/.profile: executed by Bourne-compatible login shells.
|
||||
|
||||
if [ "$BASH" ]; then
|
||||
if [ -f ~/.bashrc ]; then
|
||||
. ~/.bashrc
|
||||
fi
|
||||
fi
|
|
@ -9,7 +9,7 @@ listen.group = www-data
|
|||
listen.mode = 0660
|
||||
listen.backlog = 32768
|
||||
|
||||
|
||||
chdir = /
|
||||
catch_workers_output = yes
|
||||
|
||||
pm = ondemand
|
||||
|
|
|
@ -9,7 +9,7 @@ listen.group = www-data
|
|||
listen.mode = 0660
|
||||
listen.backlog = 32768
|
||||
|
||||
|
||||
chdir = /
|
||||
catch_workers_output = yes
|
||||
|
||||
pm = ondemand
|
||||
|
|
|
@ -9,7 +9,7 @@ listen.group = www-data
|
|||
listen.mode = 0660
|
||||
listen.backlog = 32768
|
||||
|
||||
|
||||
chdir = /
|
||||
catch_workers_output = yes
|
||||
|
||||
pm = ondemand
|
||||
|
|
|
@ -9,7 +9,7 @@ listen.group = www-data
|
|||
listen.mode = 0660
|
||||
listen.backlog = 32768
|
||||
|
||||
|
||||
chdir = /
|
||||
catch_workers_output = yes
|
||||
|
||||
pm = ondemand
|
||||
|
|
|
@ -9,7 +9,7 @@ listen.group = www-data
|
|||
listen.mode = 0660
|
||||
listen.backlog = 32768
|
||||
|
||||
|
||||
chdir = /
|
||||
catch_workers_output = yes
|
||||
|
||||
pm = ondemand
|
||||
|
|
|
@ -9,7 +9,7 @@ listen.group = www-data
|
|||
listen.mode = 0660
|
||||
listen.backlog = 32768
|
||||
|
||||
|
||||
chdir = /
|
||||
catch_workers_output = yes
|
||||
|
||||
pm = ondemand
|
||||
|
|
|
@ -9,7 +9,7 @@ listen.group = www-data
|
|||
listen.mode = 0660
|
||||
listen.backlog = 32768
|
||||
|
||||
|
||||
chdir = /
|
||||
catch_workers_output = yes
|
||||
|
||||
pm = ondemand
|
||||
|
|
|
@ -9,7 +9,7 @@ listen.group = www-data
|
|||
listen.mode = 0660
|
||||
listen.backlog = 32768
|
||||
|
||||
|
||||
chdir = /
|
||||
catch_workers_output = yes
|
||||
|
||||
pm = ondemand
|
||||
|
|
Loading…
Reference in New Issue