From ac9be5b8407ca5e2e6cd53347cf7c17c9d7e3466 Mon Sep 17 00:00:00 2001 From: frju365 Date: Fri, 3 Mar 2017 11:33:07 +0100 Subject: [PATCH] Update nginx.conf --- conf/nginx.conf | 173 ++++++++---------------------------------------- 1 file changed, 29 insertions(+), 144 deletions(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index 667210b..33d823f 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,148 +1,33 @@ -# Don't log robots.txt or favicon.ico files -location = /favicon.ico { log_not_found off; access_log off; } -location = /robots.txt { allow all; access_log off; log_not_found off; } +location YNH_WWW_PATH { -location ^~ YNH_WWW_PATH { - alias YNH_WWW_FINALPATH/; - try_files $uri $uri/ YNH_WWW_ROOTAPP/index.php?$query_string; - index index.php index.html index.htm; - - if ($scheme = http) { - rewrite ^ https://$server_name$request_uri? permanent; + # Path to source + alias YNH_WWW_ALIAS ; + + # Example PHP configuration (remove if not used) + index index.php; + + # Common parameter to increase upload size limit in conjuction with dedicated php-fpm file + #client_max_body_size 50M; + + try_files $uri $uri/ index.php; + location ~ [^/]\.php(/|$) { + fastcgi_split_path_info ^(.+?\.php)(/.*)$; + fastcgi_pass unix:/var/run/php5-fpm.sock; + + # Filename to be changed if dedicated php-fpm process is required + # This is to be used INSTEAD of line above + # Don't forget to adjust scripts install/upgrade/remove/backup accordingly + # + #fastcgi_pass unix:/var/run/php5-fpm-YNH_WWW_APP.sock; + + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param REMOTE_USER $remote_user; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param SCRIPT_FILENAME $request_filename; } + # PHP configuration end - # Add headers to serve security related headers - add_header "X-Frame-Options" "SAMEORIGIN"; - add_header "X-XSS-Protection" "1; mode=block"; - add_header "X-Content-Type-Options" "nosniff"; - - location ~ YNH_WWW_ROOTPATH/\.ht { - deny all; - } - location ~ YNH_WWW_ROOTPATH/\.git { - deny all; - } - location YNH_WWW_ROOTPATH/src { - deny all; - } - location YNH_WWW_ROOTPATH/gen-src { - deny all; - } - location YNH_WWW_ROOTPATH/files/fonts { - deny all; - } - location YNH_WWW_ROOTPATH/files/private { - deny all; - } - location YNH_WWW_ROOTPATH/cache { - deny all; - } - location YNH_WWW_ROOTPATH/bin { - deny all; - } - location YNH_WWW_ROOTPATH/samples { - deny all; - } - location YNH_WWW_ROOTPATH/tests { - deny all; - } - location YNH_WWW_ROOTPATH/vendor { - deny all; - } - location YNH_WWW_ROOTPATH/conf { - deny all; - } - location YNH_WWW_ROOTPATH/logs { - deny all; - } - # Deny every non-public files in themes - location ~ YNH_WWW_ROOTPATH/themes/(.+)\.(php|yml|twig|xlf|rzn|rzt|rzg)$ { - deny all; - } - location ~ YNH_WWW_ROOTPATH/themes/([^/.]+)/(Resources|Command|Tests|Controllers|Entities|Form|Model|Services)/ { - deny all; - } - location ~* ^YNH_WWW_ROOTPATH/themes/*.*\.(?:ico|css|js|woff2?|eot|ttf|otf|svg|gif|jpe?g|png)$ { - expires 30d; - access_log off; - add_header "Pragma" "public"; - add_header "Cache-Control" "public"; - add_header "Vary" "Accept-Encoding"; - add_header "X-Frame-Options" "SAMEORIGIN"; - add_header "X-XSS-Protection" "1; mode=block"; - add_header "X-Content-Type-Options" "nosniff"; - - if ($request_method = 'GET') { - add_header 'Access-Control-Allow-Origin' '*'; - add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; - add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'; - } - } - # Enable Expire on native documents files - location ~* ^YNH_WWW_ROOTPATH/files/*.*\.(?:ico|gif|jpe?g|png)$ { - expires 15d; - access_log off; - add_header "Pragma" "public"; - add_header "Cache-Control" "public"; - add_header "Vary" "Accept-Encoding"; - add_header "X-Frame-Options" "SAMEORIGIN"; - add_header "X-XSS-Protection" "1; mode=block"; - add_header "X-Content-Type-Options" "nosniff"; - - if ($request_method = 'GET') { - add_header 'Access-Control-Allow-Origin' '*'; - add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; - add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'; - } - } - location YNH_WWW_PATH { - # First attempt to serve request as file, then - # as directory, then fall back to front-end controller - # (do not forget to pass GET parameters). - try_files $uri $uri/ YNH_WWW_ROOTAPP/index.php?$query_string; - } - location ~ YNH_WWW_ROOTPATH/install.php/ { - try_files $uri $uri/ YNH_WWW_ROOTAPP/install.php?$query_string; - } - location ~ YNH_WWW_ROOTPATH/dev.php/ { - try_files $uri $uri/ YNH_WWW_ROOTAPP/dev.php?$query_string; - } - location ~ YNH_WWW_ROOTPATH/preview.php/ { - try_files $uri $uri/ YNH_WWW_ROOTAPP/preview.php?$query_string; - } - location ~ YNH_WWW_ROOTPATH/clear_cache.php/ { - try_files $uri $uri/ YNH_WWW_ROOTAPP/clear_cache.php?$query_string; - } - - # - # Production entry point. - # - location ~ ^YNH_WWW_ROOTPATH/index\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_split_path_info ^(.+\.php)(/.+)$; - # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini - # With php5-fpm: - fastcgi_pass unix:/var/run/php5-fpm.sock; - include fastcgi_params; - # Prevents URIs that include the front controller. This will 404: - # http://domain.tld/app.php/some-path - # Remove the internal directive to allow URIs like this - internal; - } - - # - # Preview, Dev and Install entry points. - # - # In production server, don't deploy dev.php or install.php - # - location ~ ^YNH_WWW_ROOTPATH/(dev|install|preview|clear_cache)\.php(/|$) { - # Enforce OPCache PHP class cache invalidation at each request - #fastcgi_param PHP_VALUE "opcache.revalidate_freq=0"; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_split_path_info ^(.+\.php)(/.+)$; - # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini - # With php5-fpm: - fastcgi_pass unix:/var/run/php5-fpm.sock; - include fastcgi_params; - } + # Include SSOWAT user panel. + include conf.d/yunohost_panel.conf.inc; }