From f3d71c011094f6075947034d21aa8c2c1d11d4f8 Mon Sep 17 00:00:00 2001 From: Gofannon <17145502+Gofannon@users.noreply.github.com> Date: Tue, 31 Jul 2018 00:16:42 +0200 Subject: [PATCH] [enh] fix nginx 'alias_traversal' --- conf/nginx.conf | 15 +++++---------- manifest.json | 2 +- 2 files changed, 6 insertions(+), 11 deletions(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index 9a23ebc..8ae6307 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,13 +1,15 @@ -location __PATH__ { +#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent; +location __PATH__/ { # Path to source alias __FINALPATH__/ ; + # Force usage of https if ($scheme = http) { rewrite ^ https://$server_name$request_uri? permanent; } - # Example PHP configuration (remove if not used) +### Example PHP configuration (remove it if not used) index index.php; # Common parameter to increase upload size limit in conjuction with dedicated php-fpm file @@ -18,20 +20,13 @@ location __PATH__ { fastcgi_split_path_info ^(.+?\.php)(/.*)$; fastcgi_pass unix:/var/run/php5-fpm-__NAME__.sock; - # If you don't use a dedicated fpm config for your app, - # use a general fpm pool. - # This is to be used INSTEAD of line above - # Don't forget to adjust scripts install/upgrade/remove/backup accordingly - # - #fastcgi_pass unix:/var/run/php5-fpm.sock; - fastcgi_index index.php; include fastcgi_params; fastcgi_param REMOTE_USER $remote_user; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param SCRIPT_FILENAME $request_filename; } - # PHP configuration end +### End of PHP configuration part # Very important security restriction # See https://forum.cheky.net/information-sur-message-avertissement-securite-t553-p1.html#p2127 diff --git a/manifest.json b/manifest.json index 7480cc8..3482dc5 100644 --- a/manifest.json +++ b/manifest.json @@ -27,7 +27,7 @@ } ], "requirements": { - "yunohost": ">> 2.6.4" + "yunohost": ">> 2.7.14" }, "multi_instance": true, "services": [