Last active
July 22, 2016 15:32
-
-
Save jim912/cd47952cb5c1b9a4e9a72f6697966360 to your computer and use it in GitHub Desktop.
concrete5向けKUSANAGI設定ファイルサンプル。.htaccessは、そのまま適用可能です。apacheとnginxの設定ファイルは、c5.prime-strategy.co.jp と concrete5 を置換して適用してください、
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <Files ~ "^\.ht"> | |
| Deny from all | |
| </Files> | |
| <IfModule mod_rewrite.c> | |
| RewriteEngine On | |
| RewriteBase / | |
| RewriteRule ^index\.php$ - [L] | |
| RewriteCond %{REQUEST_URI} !\.(gif|css|js|swf|jpeg|jpg|jpe|png|ico|swd|pdf|svg|eot|ttf|woff)$ | |
| RewriteCond %{REQUEST_FILENAME} !-f | |
| RewriteCond %{REQUEST_FILENAME}/index.html !-f | |
| RewriteCond %{REQUEST_FILENAME}/index.php !-f | |
| RewriteRule . /index.php [L] | |
| </IfModule> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #======================================= | |
| # c5.prime-strategy.co.jp | |
| #--------------------------------------- | |
| <VirtualHost *:80> | |
| ServerAdmin webmaster@example.com | |
| DocumentRoot /home/kusanagi/concrete5/DocumentRoot | |
| ServerName c5.prime-strategy.co.jp | |
| ErrorLog /home/kusanagi/concrete5/log/httpd/error.log | |
| CustomLog /home/kusanagi/concrete5/log/httpd/access.log kusanagi env=!no_log | |
| <Directory "/home/kusanagi/concrete5/DocumentRoot"> | |
| Require all granted | |
| AllowOverride All | |
| Options FollowSymlinks | |
| </Directory> | |
| <ifModule mod_rewrite.c> | |
| RewriteEngine Off | |
| RewriteCond %{HTTPS} off | |
| RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R,L] | |
| </ifModule> | |
| <LocationMatch "/(login|index.php/login|index.php/dashboard*)"> | |
| Order deny,allow | |
| Deny from all | |
| Allow from all | |
| Allow from 127.0.0.1 | |
| AuthType Basic | |
| AuthName "ENTER YOUR NAME & PASSWORD TO LOGIN" | |
| AuthUserFile /home/kusanagi/.htpasswd | |
| Require valid-user | |
| Satisfy any | |
| </LocationMatch> | |
| </VirtualHost> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #======================================= | |
| # c5.prime-strategy.co.jp | |
| #--------------------------------------- | |
| server { | |
| listen 80; | |
| server_name c5.prime-strategy.co.jp; | |
| access_log /home/kusanagi/concrete5/log/nginx/access.log main; | |
| error_log /home/kusanagi/concrete5/log/nginx/error.log warn; | |
| # rewrite ^(.*)$ https://c5.prime-strategy.co.jp$request_uri permanent; # SSL ONLY | |
| charset UTF-8; | |
| client_max_body_size 16M; | |
| root /home/kusanagi/concrete5/DocumentRoot; | |
| index index.php index.html index.htm; | |
| location / { | |
| set $do_rewrite 1; | |
| if (-f $request_filename) { | |
| set $do_rewrite 0; | |
| } | |
| if (-f $request_filename/index.html) { | |
| set $do_rewrite 0; | |
| } | |
| if (-f $request_filename/index.php) { | |
| set $do_rewrite 0; | |
| } | |
| if ($do_rewrite = "1") { | |
| rewrite ^/(.*)$ /index.php/$1 last; | |
| } | |
| } | |
| location = /favicon.ico { | |
| log_not_found off; | |
| access_log off; | |
| } | |
| location ~* /\.well-known { | |
| allow all; | |
| } | |
| location ~* /\. { | |
| deny all; | |
| } | |
| location ~* /application/files/.*\.php$ { | |
| deny all; | |
| } | |
| location ~* \.(jpg|jpeg|gif|png|css|js|swf|ico|pdf|svg|eot|ttf|woff)$ { | |
| access_log off; | |
| } | |
| location ~* /index.php/(login|dashboard.*)$ { | |
| satisfy any; | |
| allow 0.0.0.0/0; | |
| allow 127.0.0.1; | |
| deny all; | |
| auth_basic "basic authentication"; | |
| auth_basic_user_file "/home/kusanagi/.htpasswd"; | |
| location ~ [^/]\.php(/|$) { | |
| fastcgi_split_path_info ^(.+?\.php)(/.*)$; | |
| if (!-f $document_root$fastcgi_script_name) { | |
| return 404; | |
| } | |
| fastcgi_pass 127.0.0.1:9000; | |
| fastcgi_index index.php; | |
| fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | |
| include fastcgi_params; | |
| fastcgi_buffers 256 128k; | |
| fastcgi_buffer_size 128k; | |
| fastcgi_intercept_errors on; | |
| fastcgi_read_timeout 120s; | |
| } | |
| } | |
| location ~ [^/]\.php(/|$) { | |
| fastcgi_split_path_info ^(.+?\.php)(/.*)$; | |
| if (!-f $document_root$fastcgi_script_name) { | |
| return 404; | |
| } | |
| fastcgi_pass 127.0.0.1:9000; | |
| fastcgi_index index.php; | |
| fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | |
| include fastcgi_params; | |
| fastcgi_buffers 256 128k; | |
| fastcgi_buffer_size 128k; | |
| fastcgi_intercept_errors on; | |
| fastcgi_read_timeout 120s; | |
| set $do_not_cache 0; ## page cache | |
| set $device "pc"; | |
| if ($request_method = POST) { | |
| set $do_not_cache 1; | |
| } | |
| if ($query_string != "") { | |
| set $do_not_cache 1; | |
| } | |
| if ($http_cookie ~* "CONCRETE5_LOGIN") { | |
| set $do_not_cache 1; | |
| } | |
| if ($http_user_agent ~* " Android |\(iPad|Android; Tablet; .+Firefox") { | |
| set $device "tablet"; | |
| } | |
| if ($http_user_agent ~* " Android .+ Mobile |\(iPhone|\(iPod|IEMobile|Android; Mobile; .+Firefox|Windows Phone") { | |
| set $device "smart"; | |
| } | |
| fastcgi_cache wpcache; | |
| fastcgi_cache_key "$device:$request_method:$scheme://$host$request_uri"; | |
| fastcgi_cache_valid 200 10m; | |
| fastcgi_no_cache $do_not_cache; | |
| fastcgi_cache_bypass $do_not_cache; | |
| add_header X-F-Cache $upstream_cache_status; | |
| add_header X-Signature KUSANAGI; | |
| } | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #------------------------------------------ | |
| # c5.prime-strategy.co.jp SSL | |
| #------------------------------------------ | |
| <VirtualHost *:443> | |
| Protocols h2 http/1.1 | |
| ServerAdmin webmaster@example.com | |
| DocumentRoot /home/kusanagi/concrete5/DocumentRoot | |
| ServerName c5.prime-strategy.co.jp | |
| ErrorLog /home/kusanagi/concrete5/log/httpd/ssl_error.log | |
| CustomLog /home/kusanagi/concrete5/log/httpd/ssl_access.log combined env=!no_log | |
| LogLevel warn | |
| SSLEngine on | |
| SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2 | |
| SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK | |
| SSLCertificateFile /etc/pki/tls/certs/localhost.crt | |
| SSLCertificateKeyFile /etc/pki/tls/private/localhost.key | |
| Define hsts 0 | |
| BrowserMatch "MSIE [2-5]" \ | |
| nokeepalive ssl-unclean-shutdown \ | |
| downgrade-1.0 force-response-1.0 | |
| <If "${hsts} = 1"> | |
| Header set Strict-Transport-Security "max-age=31536000" | |
| </If> | |
| <ElseIf "${hsts} = 2"> | |
| Header set Strict-Transport-Security "max-age=31536000; includeSubDomains" | |
| </ElseIf> | |
| <ElseIf "${hsts} = 3"> | |
| Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" | |
| </ElseIf> | |
| <Directory "/home/kusanagi/concrete5/DocumentRoot"> | |
| Require all granted AllowOverride All Options FollowSymlinks | |
| </Directory> | |
| <LocationMatch "/(login|index.php/login|index.php/dashboard*)"> | |
| Order deny,allow Deny from all Allow from all | |
| Allow from 127.0.0.1 | |
| AuthType Basic | |
| AuthName "ENTER YOUR NAME & PASSWORD TO LOGIN" | |
| AuthUserFile /home/kusanagi/.htpasswd | |
| Require valid-user | |
| Satisfy any | |
| </LocationMatch> | |
| </VirtualHost> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #======================================= | |
| # c5.prime-strategy.co.jp SSL | |
| #--------------------------------------- | |
| server { | |
| listen 443 ssl http2; | |
| server_name c5.prime-strategy.co.jp; | |
| ssl_certificate /etc/pki/tls/certs/localhost.crt; | |
| ssl_certificate_key /etc/pki/tls/private/localhost.key; | |
| ssl_dhparam /etc/kusanagi.d/ssl/dhparam.key; | |
| ssl_session_tickets on; | |
| ssl_session_ticket_key /etc/kusanagi.d/ssl_sess_ticket.key; | |
| ssl_session_cache shared:SSL:1m; | |
| ssl_session_timeout 5m; | |
| ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |
| ssl_ciphers "EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; | |
| ssl_prefer_server_ciphers on; | |
| ssl_stapling on; | |
| ssl_stapling_verify on; | |
| resolver 8.8.4.4 8.8.8.8 valid=300s; | |
| resolver_timeout 10s; | |
| access_log /home/kusanagi/concrete5/log/nginx/ssl_access.log main; | |
| error_log /home/kusanagi/concrete5/log/nginx/ssl_error.log warn; | |
| charset UTF-8; | |
| client_max_body_size 16M; | |
| root /home/kusanagi/concrete5/DocumentRoot; | |
| index index.php index.html index.htm; | |
| location / { | |
| set $do_rewrite 1; | |
| if (-f $request_filename) { | |
| set $do_rewrite 0; | |
| } | |
| if (-f $request_filename/index.html) { | |
| set $do_rewrite 0; | |
| } | |
| if (-f $request_filename/index.php) { | |
| set $do_rewrite 0; | |
| } | |
| if ($do_rewrite = "1") { | |
| rewrite ^/(.*)$ /index.php/$1 last; | |
| } | |
| } | |
| location = /favicon.ico { | |
| log_not_found off; | |
| access_log off; | |
| } | |
| location ~* /\.well-known { | |
| allow all; | |
| } | |
| location ~* /\. { | |
| deny all; | |
| } | |
| location ~* /application/files/.*\.php$ { | |
| deny all; | |
| } | |
| location ~* \.(jpg|jpeg|gif|png|css|js|swf|ico|pdf|svg|eot|ttf|woff)$ { | |
| access_log off; | |
| } | |
| location ~* /index.php/(login|dashboard.*)$ { | |
| satisfy any; | |
| allow 0.0.0.0/0; | |
| allow 127.0.0.1; | |
| deny all; | |
| auth_basic "basic authentication"; | |
| auth_basic_user_file "/home/kusanagi/.htpasswd"; | |
| location ~ [^/]\.php(/|$) { | |
| fastcgi_split_path_info ^(.+?\.php)(/.*)$; | |
| if (!-f $document_root$fastcgi_script_name) { | |
| return 404; | |
| } | |
| fastcgi_pass 127.0.0.1:9000; | |
| fastcgi_index index.php; | |
| fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | |
| include fastcgi_params; | |
| fastcgi_buffers 256 128k; | |
| fastcgi_buffer_size 128k; | |
| fastcgi_intercept_errors on; | |
| fastcgi_read_timeout 120s; | |
| } | |
| } | |
| location ~ [^/]\.php(/|$) { | |
| fastcgi_split_path_info ^(.+?\.php)(/.*)$; | |
| if (!-f $document_root$fastcgi_script_name) { | |
| return 404; | |
| } | |
| fastcgi_pass 127.0.0.1:9000; | |
| fastcgi_index index.php; | |
| fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | |
| include fastcgi_params; | |
| fastcgi_buffers 256 128k; | |
| fastcgi_buffer_size 128k; | |
| fastcgi_intercept_errors on; | |
| fastcgi_read_timeout 120s; | |
| set $do_not_cache 0; ## page cache | |
| set $device "pc"; | |
| set $hsts 0; | |
| if ($hsts = 1) { | |
| ## weak mode | |
| add_header Strict-Transport-Security "max-age=31536000"; | |
| } | |
| if ($hsts = 2) { | |
| ## mid mode | |
| add_header Strict-Transport-Security "max-age=31536000; includeSubDomains"; | |
| } | |
| if ($hsts = 3) { | |
| ## high mode | |
| add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"; | |
| } | |
| if ($request_method = POST) { | |
| set $do_not_cache 1; | |
| } | |
| if ($query_string != "") { | |
| set $do_not_cache 1; | |
| } | |
| if ($http_cookie ~* "CONCRETE5_LOGIN") { | |
| set $do_not_cache 1; | |
| } | |
| if ($http_user_agent ~* " Android |\(iPad|Android; Tablet; .+Firefox") { | |
| set $device "tablet"; | |
| } | |
| if ($http_user_agent ~* " Android .+ Mobile |\(iPhone|\(iPod|IEMobile|Android; Mobile; .+Firefox|Windows Phone") { | |
| set $device "smart"; | |
| } | |
| fastcgi_cache wpcache; | |
| fastcgi_cache_key "$device:$request_method:$scheme://$host$request_uri"; | |
| fastcgi_cache_valid 200 10m; | |
| fastcgi_no_cache $do_not_cache; | |
| fastcgi_cache_bypass $do_not_cache; | |
| add_header X-F-Cache $upstream_cache_status; | |
| add_header X-Signature KUSANAGI; | |
| } | |
| location ~ /fcache-purge/([^/]+)(/.*) { | |
| allow 127.0.0.1; | |
| deny all; | |
| fastcgi_cache_purge wpcache "$1:GET:$scheme://$host$2"; | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment