YunoHost-Apps/concrete5_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/concrete5_ynh.git synced 2024-09-03 18:25:54 +02:00
Code Issues Activity Actions

Update nginx.conf

Browse source
This commit is contained in:
frju365 2017-03-03 11:33:07 +01:00 committed by GitHub
parent d30b491d4c
commit ac9be5b840
1 changed files with 29 additions and 144 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

171
conf/nginx.conf
View file

@ -1,148 +1,33 @@
# Don't log robots.txt or favicon.ico files location YNH_WWW_PATH {
location = /favicon.ico { log_not_found off; access_log off; }
location = /robots.txt { allow all; access_log off; log_not_found off; }
location ^~ YNH_WWW_PATH { # Path to source
alias YNH_WWW_FINALPATH/; alias YNH_WWW_ALIAS ;
try_files $uri $uri/ YNH_WWW_ROOTAPP/index.php?$query_string;
index index.php index.html index.htm;
if ($scheme = http) { # Example PHP configuration (remove if not used)
rewrite ^ https://$server_name$request_uri? permanent; index index.php;
# Common parameter to increase upload size limit in conjuction with dedicated php-fpm file
#client_max_body_size 50M;
try_files $uri $uri/ index.php;
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
# Filename to be changed if dedicated php-fpm process is required
# This is to be used INSTEAD of line above
# Don't forget to adjust scripts install/upgrade/remove/backup accordingly
#
#fastcgi_pass unix:/var/run/php5-fpm-YNH_WWW_APP.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param REMOTE_USER $remote_user;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $request_filename;
} }
# PHP configuration end
# Add headers to serve security related headers # Include SSOWAT user panel.
add_header "X-Frame-Options" "SAMEORIGIN"; include conf.d/yunohost_panel.conf.inc;
add_header "X-XSS-Protection" "1; mode=block";
add_header "X-Content-Type-Options" "nosniff";
location ~ YNH_WWW_ROOTPATH/\.ht {
deny all;
}
location ~ YNH_WWW_ROOTPATH/\.git {
deny all;
}
location YNH_WWW_ROOTPATH/src {
deny all;
}
location YNH_WWW_ROOTPATH/gen-src {
deny all;
}
location YNH_WWW_ROOTPATH/files/fonts {
deny all;
}
location YNH_WWW_ROOTPATH/files/private {
deny all;
}
location YNH_WWW_ROOTPATH/cache {
deny all;
}
location YNH_WWW_ROOTPATH/bin {
deny all;
}
location YNH_WWW_ROOTPATH/samples {
deny all;
}
location YNH_WWW_ROOTPATH/tests {
deny all;
}
location YNH_WWW_ROOTPATH/vendor {
deny all;
}
location YNH_WWW_ROOTPATH/conf {
deny all;
}
location YNH_WWW_ROOTPATH/logs {
deny all;
}
# Deny every non-public files in themes
location ~ YNH_WWW_ROOTPATH/themes/(.+)\.(php|yml|twig|xlf|rzn|rzt|rzg)$ {
deny all;
}
location ~ YNH_WWW_ROOTPATH/themes/([^/.]+)/(Resources|Command|Tests|Controllers|Entities|Form|Model|Services)/ {
deny all;
}
location ~* ^YNH_WWW_ROOTPATH/themes/*.*\.(?:ico|css|js|woff2?|eot|ttf|otf|svg|gif|jpe?g|png)$ {
expires 30d;
access_log off;
add_header "Pragma" "public";
add_header "Cache-Control" "public";
add_header "Vary" "Accept-Encoding";
add_header "X-Frame-Options" "SAMEORIGIN";
add_header "X-XSS-Protection" "1; mode=block";
add_header "X-Content-Type-Options" "nosniff";
if ($request_method = 'GET') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
}
}
# Enable Expire on native documents files
location ~* ^YNH_WWW_ROOTPATH/files/*.*\.(?:ico|gif|jpe?g|png)$ {
expires 15d;
access_log off;
add_header "Pragma" "public";
add_header "Cache-Control" "public";
add_header "Vary" "Accept-Encoding";
add_header "X-Frame-Options" "SAMEORIGIN";
add_header "X-XSS-Protection" "1; mode=block";
add_header "X-Content-Type-Options" "nosniff";
if ($request_method = 'GET') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
}
}
location YNH_WWW_PATH {
# First attempt to serve request as file, then
# as directory, then fall back to front-end controller
# (do not forget to pass GET parameters).
try_files $uri $uri/ YNH_WWW_ROOTAPP/index.php?$query_string;
}
location ~ YNH_WWW_ROOTPATH/install.php/ {
try_files $uri $uri/ YNH_WWW_ROOTAPP/install.php?$query_string;
}
location ~ YNH_WWW_ROOTPATH/dev.php/ {
try_files $uri $uri/ YNH_WWW_ROOTAPP/dev.php?$query_string;
}
location ~ YNH_WWW_ROOTPATH/preview.php/ {
try_files $uri $uri/ YNH_WWW_ROOTAPP/preview.php?$query_string;
}
location ~ YNH_WWW_ROOTPATH/clear_cache.php/ {
try_files $uri $uri/ YNH_WWW_ROOTAPP/clear_cache.php?$query_string;
}
#
# Production entry point.
#
location ~ ^YNH_WWW_ROOTPATH/index\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
# With php5-fpm:
fastcgi_pass unix:/var/run/php5-fpm.sock;
include fastcgi_params;
# Prevents URIs that include the front controller. This will 404:
# http://domain.tld/app.php/some-path
# Remove the internal directive to allow URIs like this
internal;
}
#
# Preview, Dev and Install entry points.
#
# In production server, don't deploy dev.php or install.php
#
location ~ ^YNH_WWW_ROOTPATH/(dev|install|preview|clear_cache)\.php(/|$) {
# Enforce OPCache PHP class cache invalidation at each request
#fastcgi_param PHP_VALUE "opcache.revalidate_freq=0";
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
# With php5-fpm:
fastcgi_pass unix:/var/run/php5-fpm.sock;
include fastcgi_params;
}
} }