YunoHost-Apps/grav_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/grav_ynh.git synced 2024-09-03 19:16:01 +02:00
Code Issues Activity Actions 1
grav_ynh/conf/nginx.conf
tituspijean 2909df6045
Upgrade to v1.6.26, YNH v3.7 permissions system, PHP version handling, fix CI badge (#39) 
* Fix check_process (#34)

* Upgrade to 1.6.26, YNH v3.7 permissions system and PHP version handling (#37)

* [upg] grav 1.6.16
Makes the app agnostic regarding the needed PHP version.
Includes experimental helpers to install various PHP versions, if needed.
Includes Grav v1.6.16 with PHP 7.2.

* [enh] adding LDAP login for designated admin
It is a bit hacky, since YNH does not have yet LDAP groups support: groups=usernames.
To add more users, manually edit the configuration file in the admin.

* [enh] use the permissions system

* [enh] setting permissions up

* [enh] restore php before adding conf file

* [enh] avoid adding repo if sury list already exists
This prevents getting multiple warning messages about duplicated repos.

* [fix] remove order

* [fix] testing and setting permissions

* [upg] app version and remove php7.0-fpm dependency

* Fix check_process (#34)

* [upg] permissions configuration for install and upgrade

* [upg] grav v1.6.23

* [upg] new permissions system

* [fix] check_process is_public

* [fix] missing 1 more_set_headers in nginx.conf

* [fix] upgrade: allow visitors if was public

* [fix] experimental_helpers directory in remove

* [fix] retrieve phpversion in remove

* [fix] remove old php-fpm config if needed in upgrade

* [fix] helpers in subdirectory

* [enh] no default group needed

* [enh] update all plugins during upgrade

* [enh] adding progress messages

* [fix] specify phpversion in change_url

* [enh] to v3.7 standards

* [upg] grav v1.6.26

* [rem] ynh_permission_has_user is now official

* [upg] check_process

* [fix] php-fpm upgrade

* [fix] use YNH_PHP_VERSION instead of phpversion in restore

* [fix] php and chown in upgrade

* [fix] check_process

* [fix] app-upgrade.src

* [fix] php-fpm and [rem] progression --time

* [fix] restart php-fpm instead of reloading

* [fix] user home_dir and permissions

* [fix] upgrade publicness

* [fix] CI badge on README (#38)

* Fix failing check_process (#35)

* Fix check_process (#34)

* Fix CI badge on README

Co-authored-by: tituspijean <tituspijean@outlook.com>

Co-authored-by: Kayou <pierre.moltess@gmail.com>
Co-authored-by: Alexandre Aubin <alex.aubin@mailoo.org>
2020-07-10 19:22:37 +02:00

56 lines
2.2 KiB
Nginx Configuration File
Raw Blame History

#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent;
location __PATH__/ {
alias __FINALPATH__/;
index index.php;
if (!-e $request_filename)
{
rewrite ^(.+)$ __PATH__/index.php?q=$1 last;
}
if ($scheme = http) {
rewrite ^ https://$server_name$request_uri? permanent;
}
client_max_body_size 30m;
# Add headers to serve security related headers
more_set_headers "Strict-Transport-Security: max-age=15768000";
more_set_headers "X-Content-Type-Options: nosniff";
more_set_headers "X-Frame-Options: SAMEORIGIN";
more_set_headers "X-XSS-Protection: 1; mode=block";
more_set_headers "X-Download-Options: noopen";
more_set_headers "X-Permitted-Cross-Domain-Policies: none";
location ~* \.(jpg|jpeg|gif|css|png|js|ico|swf|mp3|pdf)$ {
# Le contenu statique, est signalé au navigateur comme étant
# à garder en cache une semaine. Si il y a un proxy sur la
# route, celui-ci est autorisé à faire une copie et à la
# cacher.
expires 1w;
more_set_headers "Cache-Control: public";
}
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
fastcgi_pass unix:/var/run/php/php__PHPVERSION__-fpm-__NAME__.sock;
fastcgi_index index.php;
include fastcgi_params;
# https://learn.getgrav.org/webservers-hosting/servers/nginx#fix-against-httpoxy-vulnerability
fastcgi_param HTTP_PROXY "";
fastcgi_param REMOTE_USER $remote_user;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $request_filename;
}
## Begin - Security
# deny all direct access for these folders
location ~* /(.git|cache|bin|logs|backups)/.*$ { return 403; }
# deny running scripts inside core system folders
location ~* /(system|vendor)/.*\.(txt|xml|md|html|yaml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
# deny running scripts inside user folder
location ~* /user/.*\.(txt|md|yaml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
# deny access to specific files in the root folder
location ~ /(LICENSE|composer.lock|composer.json|nginx.conf|web.config|htaccess.txt|\.htaccess) { return 403; }
## End - Security
#--PRIVATE--# Include SSOWAT user panel.
#--PRIVATE--include conf.d/yunohost_panel.conf.inc;
}
Reference in a new issue View git blame Copy permalink