Last active
June 12, 2019 05:24
-
-
Save trickymast3r/28b92a055e196f0062c00def10f5a09a to your computer and use it in GitHub Desktop.
Nginx Config
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[kho] | |
user = $pool | |
group = $pool | |
listen = /run/php/fpm.$pool.sock | |
listen.owner = www-data | |
listen.group = www-data | |
;listen.mode = 0660 | |
;listen.allowed_clients = 127.0.0.1 | |
; process.priority = -19 | |
pm = dynamic | |
pm.max_children = 5 | |
pm.start_servers = 1 | |
pm.min_spare_servers = 1 | |
pm.max_spare_servers = 3 | |
pm.process_idle_timeout = 30s | |
pm.max_requests = 512 | |
slowlog = /var/log/php/$pool.log.slow | |
request_slowlog_timeout = 1m | |
request_slowlog_trace_depth = 20 | |
request_terminate_timeout = 2m | |
;chroot = | |
;chdir = /var/www | |
security.limit_extensions = .php .php3 .php4 .php5 .php7 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
index index.php index.html index.htm index.nginx-debian.html; | |
# security headers | |
add_header X-Frame-Options "SAMEORIGIN" always; | |
add_header X-XSS-Protection "1; mode=block" always; | |
add_header X-Content-Type-Options "nosniff" always; | |
add_header Referrer-Policy "no-referrer-when-downgrade" always; | |
add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always; | |
# . files | |
location ~ /\. { | |
deny all; | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
gzip on; | |
gzip_vary on; | |
gzip_proxied any; | |
gzip_comp_level 6; | |
gzip_types text/plain text/css text/xml application/json application/javascript application/xml+rss application/atom+xml image/svg+xml; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
user www-data; | |
worker_processes auto; | |
worker_rlimit_nofile 65535; | |
pid /run/nginx.pid; | |
include /etc/nginx/modules-enabled/*.conf; | |
events { | |
worker_connections 4096; | |
multi_accept on; | |
} | |
http { | |
## | |
# Basic Settings | |
## | |
charset utf-8; | |
sendfile on; | |
tcp_nopush on; | |
tcp_nodelay on; | |
keepalive_timeout 60; | |
keepalive_requests 10240; | |
types_hash_max_size 2048; | |
client_max_body_size 64M; | |
client_body_timeout 30; | |
reset_timedout_connection on; | |
send_timeout 30; | |
server_tokens off; | |
log_not_found off; | |
include /etc/nginx/mime.types; | |
default_type application/octet-stream; | |
access_log off; | |
error_log /var/log/nginx/error.log; | |
open_file_cache max=200000 inactive=20s; | |
open_file_cache_valid 30s; | |
open_file_cache_min_uses 2; | |
open_file_cache_errors on; | |
## | |
# Virtual Host Configs | |
## | |
include /etc/nginx/conf.d/*.conf; | |
include /etc/nginx/sites-enabled/*; | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
location / { | |
try_files $uri $uri/ /index.php?$query_string; | |
} | |
location ~ \.php$ { | |
fastcgi_pass unix:/var/run/php/fpm.$vuser.sock; | |
fastcgi_index index.php; | |
#fastcgi_split_path_info ^(.+\.php)(/.+)$; | |
fastcgi_intercept_errors off; | |
fastcgi_buffer_size 128k; | |
fastcgi_buffers 256 16k; | |
fastcgi_busy_buffers_size 256k; | |
fastcgi_temp_file_write_size 256k; | |
fastcgi_param PHP_ADMIN_VALUE open_basedir=$vroot/:/usr/lib/php/:/tmp/; | |
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | |
fastcgi_param QUERY_STRING $query_string; | |
fastcgi_param REQUEST_METHOD $request_method; | |
fastcgi_param CONTENT_TYPE $content_type; | |
fastcgi_param CONTENT_LENGTH $content_length; | |
fastcgi_param SCRIPT_NAME $fastcgi_script_name; | |
fastcgi_param REQUEST_URI $request_uri; | |
fastcgi_param DOCUMENT_URI $document_uri; | |
fastcgi_param DOCUMENT_ROOT $document_root; | |
fastcgi_param SERVER_PROTOCOL $server_protocol; | |
fastcgi_param REQUEST_SCHEME $scheme; | |
fastcgi_param HTTPS $https if_not_empty; | |
fastcgi_param GATEWAY_INTERFACE CGI/1.1; | |
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; | |
fastcgi_param REMOTE_ADDR $remote_addr; | |
fastcgi_param REMOTE_PORT $remote_port; | |
fastcgi_param SERVER_ADDR $server_addr; | |
fastcgi_param SERVER_PORT $server_port; | |
fastcgi_param SERVER_NAME $server_name; | |
fastcgi_param REDIRECT_STATUS 200; | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
server { | |
listen 80; | |
listen [::]:80; | |
server_name _; | |
set $vuser user; | |
set $vroot /home/$vuser; | |
root $vroot/public; | |
include vhost.d/gzip.conf; | |
include vhost.d/general.conf; | |
include vhost.d/static.conf; | |
include vhost.d/php.conf; | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# assets, media | |
location ~* \.(?:css(\.map)?|js(\.map)?|jpe?g|png|gif|ico|cur|heic|webp|tiff?|mp3|m4a|aac|ogg|midi?|wav|mp4|mov|webm|mpe?g|avi|ogv|flv|wmv)$ { | |
expires 7d; | |
access_log off; | |
} | |
# svg, fonts | |
location ~* \.(?:svgz?|ttf|ttc|otf|eot|woff2?)$ { | |
add_header Access-Control-Allow-Origin "*"; | |
expires 7d; | |
access_log off; | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# WordPress: allow TinyMCE | |
location = /wp-includes/js/tinymce/wp-tinymce.php { | |
include nginxconfig.io/php_fastcgi.conf; | |
} | |
# WordPress: deny wp-content, wp-includes php files | |
location ~* ^/(?:wp-content|wp-includes)/.*\.php$ { | |
deny all; | |
} | |
# WordPress: deny wp-content/uploads nasty stuff | |
location ~* ^/wp-content/uploads/.*\.(?:s?html?|php|js|swf)$ { | |
deny all; | |
} | |
# WordPress: deny wp-content/plugins (except earlier rules) | |
location ~ ^/wp-content/plugins { | |
deny all; | |
} | |
# WordPress: deny scripts and styles concat | |
location ~* \/wp-admin\/load-(?:scripts|styles)\.php { | |
deny all; | |
} | |
# WordPress: deny general stuff | |
location ~* ^/(?:xmlrpc\.php|wp-links-opml\.php|wp-config\.php|wp-config-sample\.php|wp-comments-post\.php|readme\.html|license\.txt)$ { | |
deny all; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment