From d15105f38d1601ee3b21b4d31319c2ed85f32c67 Mon Sep 17 00:00:00 2001
From: opi <opi@no-log.org>
Date: Sun, 20 Jul 2014 15:28:18 +0200
Subject: [PATCH] [enh] Nginx conf improvments (security, static files cache).

---
 conf/nginx.conf | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/conf/nginx.conf b/conf/nginx.conf
index e90050f..cdc2dcf 100644
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@@ -1,10 +1,15 @@
 location YNH_WWW_PATH {
+
   alias YNH_WWW_ALIAS ;
+
+  # Force https
   if ($scheme = http) {
     rewrite ^ https://$server_name$request_uri? permanent;
   }
+
   index index.php;
   try_files $uri $uri/ index.php;
+
   location ~ [^/]\.php(/|$) {
     fastcgi_split_path_info ^(.+?\.php)(/.*)$;
     fastcgi_pass unix:/var/run/php5-fpm.sock;
@@ -14,6 +19,22 @@ location YNH_WWW_PATH {
     fastcgi_param  PATH_INFO $fastcgi_path_info;
   }
 
+  # Secure DokuWiki
+  location ~ ^/dokuwiki/(data|conf|bin|inc)/ {
+    deny all;
+  }
+
+  # Deny Access to htaccess-Files for Apache
+  location ~ /\.ht {
+    deny all;
+  }
+
+  # Serve static files
+  location ~ ^/lib.*\.(gif|png|ico|jpg)$ {
+    expires 30d;
+  }
+
+
   # Include SSOWAT user panel.
   include conf.d/yunohost_panel.conf.inc;
 }