diff --git a/conf/nginx.conf b/conf/nginx.conf index c6d9d14..869d122 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,9 +1,7 @@ #sub_path_only rewrite ^__PATH__$ __PATH__/ permanent; location __PATH__/ { + alias __FINALPATH__/; - alias __FINALPATH__/ ; - - # Force usage of https if ($scheme = http) { rewrite ^ https://$server_name$request_uri? permanent; } @@ -11,19 +9,52 @@ location __PATH__/ { index index.php; try_files $uri $uri/ /index.php; - location ~ \.php$ { - include snippets/fastcgi-php.conf; - fastcgi_pass unix:/var/run/php/php__PHPVERSION__-fpm.sock; - } + location ~ [^/]\.php(/|$) { + if ($request_uri ~ "\/movim\/\?infos") { + return 403; + } - location __FINALPATH__/ws/ { - proxy_pass http://localhost:__PORT__/; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - include proxy_params; - } - + fastcgi_split_path_info ^(.+?\.php)(/.*)$; + fastcgi_pass unix:/var/run/php__PHPVERSION__-fpm-__NAME__.sock; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param REMOTE_USER $remote_user; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param SCRIPT_FILENAME $request_filename; + } + + location ~ ^__PATH__/ws/ { + proxy_pass http://localhost:__PORT__; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + proxy_redirect off; + + # To avoid disconnecting after 60sec : + proxy_read_timeout 14400s; + proxy_send_timeout 14400s; + # (14400s is 4h) + } # Include SSOWAT user panel. include conf.d/yunohost_panel.conf.inc; } + +location ~ /\.ht { + deny all; +} + +location ^~ /movim/log/ { + return 403; +} + +location ^~ /movim/config/ { + return 403; +} + +location ^~ /movim/?infos { + return 403; +} \ No newline at end of file