Compare commits

...

1 Commits

Author SHA1 Message Date
Adrian 2d35e73281 Update Nginx config
* Make only Let's Encrypt path available on port 80
* Protect WordPress admin URLs
* Seperate logs for hosts
* Update example PHP config
* Update README
2016-03-17 01:36:54 +01:00
14 changed files with 52 additions and 23 deletions

View File

@ -1,15 +1,14 @@
Nginx Config Files
==================
# Nginx Config Files
These are carefully crafted Nginx config files.
Do not forget the following:
## Installation
sudo chown -R wwwrun.www /var/lib/nginx # if on openSUSE
cd /etc/nginx/sites-conf
sudo ln -s example.ssl default.ssl
sed -i 's/example.com/your-host.org/' sites-available/*
sudo cp -r * /etc/nginx
sudo ln -s example.ssl /etc/nginx/sites-conf/default.ssl
sudo mkdir -p /data/log/nginx
You can configure your host simply by doing:
If on openSUSE:
cd /etc/nginx/sites-available
sudo sed -i 's/example.com/your-host.org/' *
sudo chown -R wwwrun.www /var/lib/nginx

View File

@ -0,0 +1,4 @@
allow 10.0.0.0/8;
allow 172.16.0.0/12;
allow 192.168.0.0/16;
deny all;

View File

@ -1,6 +1,4 @@
fastcgi_pass unix:/run/php5-fpm.sock;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /etc/nginx/cgi-bin.php;
fastcgi_param SCRIPT_NAME "";
fastcgi_param X_SCRIPT_FILENAME $request_filename;
fastcgi_param X_SCRIPT_NAME "";

View File

@ -1,5 +1,3 @@
listen 80;
location /.well-known/acme-challenge {
alias /data/letsencrypt;
alias /data/letsencrypt/challenge;
}

View File

@ -1,2 +1,3 @@
listen 80;
return 301 https://$host$request_uri;
location / {
return 301 https://$host$request_uri;
}

View File

@ -0,0 +1,9 @@
location /wp-admin {
include inc/allow-local;
error_page 403 $scheme://$host/404;
}
location ~ /wp-login.php {
include inc/allow-local;
error_page 403 $scheme://$host/404;
}

View File

@ -1,14 +1,17 @@
server {
server_name localhost *.local;
server_name test.example.com;
listen 80;
listen 443 ssl;
root /usr/share/nginx/html;
index index.php index.html index.htm;
# redirect server error pages to the static page /50x.html
access_log /data/log/nginx/test-access.log;
error_log /data/log/nginx/test-error.log;
error_page 500 502 503 504 /50x.html;
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
# PHP processing
@ -18,13 +21,15 @@ server {
fastcgi_intercept_errors on;
}
include inc/restrict-wp-access;
# AWstats
location /awstats {
# You may want to secure this location by appending a random string
alias /usr/local/awstats/wwwroot/cgi-bin;
access_log off;
include inc/cgi-bin;
include inc/allow-local;
}
location /awstatsicons {

View File

@ -3,6 +3,9 @@ server {
listen 443 ssl;
access_log /data/log/nginx/git-access.log;
error_log /data/log/nginx/git-error.log;
location / {
proxy_pass http://localhost:3000;
include proxy_params;

View File

@ -1,6 +1,9 @@
server {
server_name www.example.com;
access_log /data/log/nginx/www-access.log;
error_log /data/log/nginx/www-error.log;
location / {
proxy_pass http://localhost:4567/;
include proxy_params;

View File

@ -1,4 +1,8 @@
server {
include inc/redirect-ssl;
server_name *.example.com;
listen 80;
include inc/redirect-ssl;
include inc/letsencrypt;
}

View File

@ -3,6 +3,9 @@ server {
listen 443 ssl;
access_log /data/log/nginx/seafile-access.log;
error_log /data/log/nginx/seafile-error.log;
location / {
proxy_pass http://localhost:8000;
include proxy_params;

View File

@ -1,6 +1,9 @@
server {
server_name trac.example.com;
access_log /data/log/nginx/trac-access.log;
error_log /data/log/nginx/trac-error.log;
client_max_body_size 20M;
location / {

View File

View File

@ -1 +0,0 @@
../sites-available/example