2018-10-30 10:25:13 +01:00
|
|
|
#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent;
|
2021-05-17 22:16:06 +02:00
|
|
|
location ^~ __PATH__/ {
|
2018-10-30 10:25:13 +01:00
|
|
|
|
|
|
|
# Path to source
|
|
|
|
alias __FINALPATH__/ ;
|
|
|
|
|
|
|
|
# Force usage of https
|
|
|
|
if ($scheme = http) {
|
|
|
|
rewrite ^ https://$server_name$request_uri? permanent;
|
|
|
|
}
|
|
|
|
|
2021-05-17 22:16:06 +02:00
|
|
|
more_set_headers "Referrer-Policy; origin always";
|
|
|
|
more_set_headers "X-Content-Type-Options: nosniff";
|
|
|
|
more_set_headers "X-XSS-Protection: 1; mode=block";
|
|
|
|
|
2018-10-30 10:25:13 +01:00
|
|
|
index index.php;
|
|
|
|
|
2020-12-11 10:07:46 +01:00
|
|
|
# Common parameter to increase upload size limit in conjunction with dedicated PHP-FPM file
|
|
|
|
client_max_body_size 100M;
|
2018-10-30 10:25:13 +01:00
|
|
|
|
2021-05-17 21:54:15 +02:00
|
|
|
try_files $uri $uri/ =404;
|
|
|
|
|
2021-05-17 18:35:17 +02:00
|
|
|
location ~ [^/]\.php(/|$) {
|
2021-05-17 22:16:06 +02:00
|
|
|
include snippets/fastcgi-php.conf;
|
2021-05-17 18:35:17 +02:00
|
|
|
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
|
2020-05-31 00:00:08 +02:00
|
|
|
fastcgi_pass unix:/var/run/php/php__PHPVERSION__-fpm-__NAME__.sock;
|
2021-05-17 18:35:17 +02:00
|
|
|
|
2021-05-17 22:16:06 +02:00
|
|
|
#fastcgi_index index.php;
|
|
|
|
#include fastcgi_params;
|
|
|
|
#fastcgi_param REMOTE_USER $remote_user;
|
|
|
|
#fastcgi_param PATH_INFO $fastcgi_path_info;
|
|
|
|
#fastcgi_param SCRIPT_FILENAME $request_filename;
|
2018-10-30 10:25:13 +01:00
|
|
|
}
|
|
|
|
|
2021-05-07 13:02:33 +02:00
|
|
|
## deny access to all other .php files
|
|
|
|
location ~* ^.+\.php$ {
|
|
|
|
deny all;
|
|
|
|
return 403;
|
|
|
|
}
|
|
|
|
|
|
|
|
## disable all access to the following directories
|
2021-05-17 22:16:06 +02:00
|
|
|
location ~ ^__PATH__/(config|tmp|core|lang) {
|
2021-05-07 13:02:33 +02:00
|
|
|
deny all;
|
2021-05-17 22:16:06 +02:00
|
|
|
return 404;
|
2021-05-07 13:02:33 +02:00
|
|
|
}
|
|
|
|
|
2021-05-17 18:27:27 +02:00
|
|
|
location __PATH__/\.ht {
|
|
|
|
deny all;
|
|
|
|
return 403;
|
|
|
|
}
|
|
|
|
|
|
|
|
location ~ js/container_.*_preview\.js$ {
|
2021-05-07 13:02:33 +02:00
|
|
|
expires off;
|
|
|
|
more_set_headers "Cache-Control: private, no-cache, no-store";
|
|
|
|
}
|
|
|
|
|
|
|
|
location ~ \.(gif|ico|jpg|png|svg|js|css|htm|html|mp3|mp4|wav|ogg|avi|ttf|eot|woff|woff2|json)$ {
|
|
|
|
allow all;
|
|
|
|
## Cache images,CSS,JS and webfonts for an hour
|
|
|
|
## Increasing the duration may improve the load-time, but may cause old files to show after an Matomo upgrade
|
|
|
|
expires 1h;
|
|
|
|
more_set_headers "Cache-Control: public";
|
|
|
|
more_set_headers "Pragma: public";
|
|
|
|
}
|
|
|
|
|
|
|
|
location __PATH__/(libs|vendor|plugins|misc|node_modules) {
|
|
|
|
deny all;
|
|
|
|
return 403;
|
|
|
|
}
|
|
|
|
|
|
|
|
## properly display textfiles in root directory
|
2021-05-17 18:27:27 +02:00
|
|
|
location __PATH__/(.*\.md|LEGALNOTICE|LICENSE) {
|
2021-05-07 13:02:33 +02:00
|
|
|
default_type text/plain;
|
|
|
|
}
|
|
|
|
|
2018-10-30 10:25:13 +01:00
|
|
|
# Include SSOWAT user panel.
|
|
|
|
include conf.d/yunohost_panel.conf.inc;
|
|
|
|
}
|