Last active
February 6, 2018 14:14
-
-
Save justb3a/38bf6dd390c0b928b09f to your computer and use it in GitHub Desktop.
nginx
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # redirects | |
| server { | |
| listen 80; # 443 | |
| # ssl | |
| root /xxx/public; | |
| server_name domain.org; | |
| client_max_body_size 100m; | |
| # logs | |
| error_log /xxx/log/error.log; | |
| access_log /xxx/log/access; | |
| index index.php index.html index.htm; | |
| include conf.d/processwire.conf; | |
| # include conf.d/typo3.conf | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # ----------------------------------------------------------------------------------------------- | |
| # ProcessWire | |
| # ----------------------------------------------------------------------------------------------- | |
| # Block access to ProcessWire system files | |
| location ~ \.(inc|info|module|sh|sql)$ { | |
| deny all; | |
| } | |
| # Block access to any file or directory that begins with a period | |
| location ~ /\. { | |
| deny all; | |
| } | |
| # Block access to protected assets directories | |
| location ~ ^/(site|site-[^/]+)/assets/(cache|logs|backups|sessions|config|install|tmp)($|/.*$) { | |
| deny all; | |
| } | |
| # Block acceess to the /site/install/ directory | |
| location ~ ^/(site|site-[^/]+)/install($|/.*$) { | |
| deny all; | |
| } | |
| # Block dirs in /site/assets/ dirs that start with a hyphen | |
| location ~ ^/(site|site-[^/]+)/assets.*/-.+/.* { | |
| deny all; | |
| } | |
| # Block access to /wire/config.php, /site/config.php, /site/config-dev.php, and /wire/index.config.php | |
| location ~ ^/(wire|site|site-[^/]+)/(config|index\.config|config-dev)\.php$ { | |
| deny all; | |
| } | |
| # Block access to any PHP-based files in /templates-admin/ | |
| location ~ ^/(wire|site|site-[^/]+)/templates-admin($|/|/.*\.(php|html?|tpl|inc))$ { | |
| deny all; | |
| } | |
| # Block access to any PHP or markup files in /site/templates/ | |
| location ~ ^/(site|site-[^/]+)/templates($|/|/.*\.(php|html?|tpl|inc|twig))$ { | |
| deny all; | |
| } | |
| # Block access to any PHP files in /site/assets/ | |
| location ~ ^/(site|site-[^/]+)/assets($|/|/.*\.php)$ { | |
| deny all; | |
| } | |
| # Block access to any PHP files in core or core module directories | |
| location ~ ^/wire/(core|modules)/.*\.(php|inc|tpl|module)$ { | |
| deny all; | |
| } | |
| # Block access to any PHP files in /site/modules/ | |
| location ~ ^/(site|site-[^/]+)/modules/.*\.(php|inc|tpl|module)$ { | |
| deny all; | |
| } | |
| # Block access to any software identifying txt files | |
| location ~ ^/(COPYRIGHT|INSTALL|README|htaccess)\.(txt|md)$ { | |
| deny all; | |
| } | |
| # Block all http access to the default/uninstalled site-default directory | |
| location ~ ^/site-default/ { | |
| deny all; | |
| } | |
| # If the request is for a static file, then set expires header and disable logging. | |
| # Give control to ProcessWire if the requested file or directory is non-existing. | |
| location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|eot|woff|ttf)$ { | |
| expires 24h; | |
| log_not_found off; | |
| access_log off; | |
| try_files $uri $uri/ /index.php?it=$uri&$args; | |
| types { | |
| text/html html; | |
| text/javascript js; | |
| text/css css; | |
| image/gif gif; | |
| image/jpeg jpg; | |
| image/png png; | |
| image/svg+xml svg; | |
| } | |
| } | |
| # This location processes all other requests. If the request is for a file or directory that | |
| # physically exists on the server, then load the file. Else give control to ProcessWire. | |
| location / { | |
| try_files $uri $uri/ /index.php?it=$uri&$args; | |
| } | |
| # Cache everything by default | |
| set $no_cache 0; | |
| # Don't cache POST requests | |
| if ($request_method = POST) { | |
| set $no_cache 1; | |
| } | |
| # Don't cache if the URL contains a query string | |
| if ($query_string != "") { | |
| set $no_cache 1; | |
| } | |
| # Don't cache the following URLs | |
| if ($request_uri ~* "/(jos/|login.php)") { | |
| set $no_cache 1; | |
| } | |
| # Don't cache if there is a cookie called PHPSESSID | |
| if ($http_cookie = "PHPSESSID") { | |
| set $no_cache 1; | |
| } | |
| # Pass .php requests to fastcgi socket | |
| location ~ \.php$ { | |
| # Check if the requested PHP file actually exists for security | |
| try_files $uri =404; | |
| # Fix for server variables that behave differently under nginx/php-fpm than typically expected | |
| fastcgi_split_path_info ^(.+\.php)(/.+)$; | |
| # Set environment variables | |
| include fastcgi_params; | |
| fastcgi_param PATH_INFO $fastcgi_path_info; | |
| fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | |
| # Pass request to php-fpm fastcgi socket | |
| fastcgi_pass 127.0.0.1:9000; | |
| fastcgi_buffers 32 32k; | |
| fastcgi_buffer_size 128k; | |
| fastcgi_busy_buffers_size 256k; | |
| fastcgi_temp_file_write_size 256k; | |
| fastcgi_index index.php; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment