yum install epel-release
sudo nano /etc/fail2ban/jail.local
[DEFAULT]
# Ban hosts for one hour:
bantime = 3600
ignoreip = 127.0.0.1/8 123.31.30.162 123.31.17.79
# Override /etc/fail2ban/jail.d/00-firewalld.conf:
banaction = iptables-multiport
[sshd]
enabled = true
maxretry = 5
port = ssh
logpath = %(sshd_log)s
sudo systemctl restart fail2ban
sudo fail2ban-client status
- wordpress configuration sample
server {
listen 80;
server_name bountysneakers.com;
root /var/www/bountysneakers.com/htdocs;
index index.html index.htm index.php;
location ~* \.php$ {
fastcgi_index index.php;
fastcgi_pass 127.0.0.1:9000;
#fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_intercept_errors on;
fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;
}
access_log /var/log/nginx/bountysneakers.access.log combined;
error_log /var/log/nginx/bountysneakers.error.log;
#wordpress
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location / {
# This is cool because no php is touched for static content.
# include the "?$args" part so non-default permalinks doesn't break when using query string
try_files $uri $uri/ /index.php?$args;
}
}
- https://laravel.com/docs/5.6/queues#supervisor-configuration
- https://docs.phalconphp.com/en/3.3/queue
- https://laravel.com/docs/5.6/queues#supervisor-configuration
#nginx config for pimcore5
upstream php72 {
#server unix:/var/www/php/php72.sock;
server unix:/var/www/php/php72.sock;
}
server {
listen 80;
server_name pimcore5.loc;
root /var/www/pimcore5.loc/htdocs/web;
index index.php;
access_log /var/www/pimcore5.loc/logs/access.log;
error_log /var/www/pimcore5.loc/logs/error.log warn;
location / {
try_files $uri /app.php$is_args$args;
}
location ~ /(app|install)\.php(/|$) {
fastcgi_index index.php;
fastcgi_pass php72;
#fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_intercept_errors on;
fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;
}
# Pimcore Head-Link Cache-Busting
rewrite ^/cache-buster-(?:\d+)/(.*) /$1 last;
# Stay secure
#
# a) don't allow PHP in folders allowing file uploads
location ~* /var/assets/*\.php(/|$) {
return 404;
}
# b) Prevent clients from accessing hidden files (starting with a dot)
# Access to `/.well-known/` is allowed.
# https://www.mnot.net/blog/2010/04/07/well-known
# https://tools.ietf.org/html/rfc5785
location ~* /\.(?!well-known/) {
deny all;
log_not_found off;
access_log off;
}
# c) Prevent clients from accessing to backup/config/source files
location ~* (?:\.(?:bak|conf(ig)?|dist|fla|in[ci]|log|psd|sh|sql|sw[op])|~)$ {
deny all;
}
# Some Admin Modules need this:
# Database Admin, Server Info
location ~* ^/admin/(adminer|external) {
rewrite .* /app.php$is_args$args last;
}
# Thumbnails
location ~* .*/(image|video)-thumb__\d+__.* {
try_files /var/tmp/$1-thumbnails$request_uri /app.php;
expires 2w;
access_log off;
add_header Cache-Control "public";
}
# Assets
# Still use a whitelist approach to prevent each and every missing asset to go through the PHP Engine.
location ~* (.+?)\.((?:css|js)(?:\.map)?|jpe?g|gif|png|svgz?|eps|exe|gz|zip|mp\d|ogg|ogv|webm|pdf|docx?|xlsx?|pptx?)$ {
try_files /var/assets$uri $uri =404;
expires 2w;
access_log off;
log_not_found off;
add_header Cache-Control "public";
}
# Installer
# Remove this if you don't need the web installer (anymore)
if (-f $document_root/install.php) {
rewrite ^/install(/?.*) /install.php$1 last;
}
# PHP-FPM Status and Ping
location /fpm- {
access_log off;
include fastcgi_params;
location /fpm-status {
allow 127.0.0.1;
# add additional IP's or Ranges
deny all;
fastcgi_pass php72;
}
location /fpm-ping {
fastcgi_pass php72;
}
}
# nginx Status
# see: https://nginx.org/en/docs/http/ngx_http_stub_status_module.html
location /nginx-status {
allow 127.0.0.1;
deny all;
access_log off;
stub_status;
}
}