Compare commits

...

1 Commits

Author SHA1 Message Date
Adrian 5e482a7f08 Update Nginx config
* Make only Let's Encrypt path available on port 80
* Protect WordPress admin URLs
* Seperate logs for hosts
* Update example PHP config
* Update README
2016-03-17 00:53:40 +01:00
15 changed files with 49 additions and 23 deletions

View File

@ -1,15 +1,14 @@
Nginx Config Files # Nginx Config Files
==================
These are carefully crafted Nginx config files. These are carefully crafted Nginx config files.
Do not forget the following: ## Installation
sudo chown -R wwwrun.www /var/lib/nginx # if on openSUSE sed -i 's/example.com/your-host.org/' sites-available/*
cd /etc/nginx/sites-conf sudo cp -r * /etc/nginx
sudo ln -s example.ssl default.ssl sudo ln -s example.ssl /etc/nginx/sites-conf/default.ssl
sudo mkdir -p /data/log/nginx
You can configure your host simply by doing: If on openSUSE:
cd /etc/nginx/sites-available sudo chown -R wwwrun.www /var/lib/nginx
sudo sed -i 's/example.com/your-host.org/' *

View File

@ -0,0 +1,4 @@
allow 10.0.0.0/8;
allow 172.16.0.0/12;
allow 192.168.0.0/16;
deny all;

View File

@ -1,6 +1,4 @@
fastcgi_pass unix:/run/php5-fpm.sock; fastcgi_pass unix:/run/php5-fpm.sock;
include fastcgi_params; include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /etc/nginx/cgi-bin.php; fastcgi_param SCRIPT_FILENAME /etc/nginx/cgi-bin.php;
fastcgi_param SCRIPT_NAME "";
fastcgi_param X_SCRIPT_FILENAME $request_filename; fastcgi_param X_SCRIPT_FILENAME $request_filename;
fastcgi_param X_SCRIPT_NAME "";

View File

@ -1,5 +1,3 @@
listen 80;
location /.well-known/acme-challenge { location /.well-known/acme-challenge {
alias /data/letsencrypt; alias /data/letsencrypt/challenge;
} }

View File

@ -1,2 +1,3 @@
listen 80; location / {
return 301 https://$host$request_uri; return 301 https://$host$request_uri;
}

View File

@ -0,0 +1,9 @@
location /wp-admin {
include inc/allow-local;
error_page 403 $scheme://$host/404;
}
location ~ /wp-login.php {
include inc/allow-local;
error_page 403 $scheme://$host/404;
}

View File

@ -0,0 +1,2 @@
access_log /data/log/nginx/$server_name-access.log;
error_log /data/log/nginx/$server_name-error.log;

View File

@ -1,14 +1,16 @@
server { server {
server_name localhost *.local; server_name test.example.com;
listen 80;
listen 443 ssl; listen 443 ssl;
root /usr/share/nginx/html; root /usr/share/nginx/html;
index index.php index.html index.htm;
# redirect server error pages to the static page /50x.html include inc/server-log;
error_page 500 502 503 504 /50x.html; location / {
try_files $uri $uri/ /index.php$is_args$args;
}
# PHP processing # PHP processing
@ -18,13 +20,15 @@ server {
fastcgi_intercept_errors on; fastcgi_intercept_errors on;
} }
include inc/restrict-wp-access;
# AWstats # AWstats
location /awstats { location /awstats {
# You may want to secure this location by appending a random string
alias /usr/local/awstats/wwwroot/cgi-bin; alias /usr/local/awstats/wwwroot/cgi-bin;
access_log off; access_log off;
include inc/cgi-bin; include inc/cgi-bin;
include inc/allow-local;
} }
location /awstatsicons { location /awstatsicons {

View File

@ -3,6 +3,8 @@ server {
listen 443 ssl; listen 443 ssl;
include inc/server-log;
location / { location / {
proxy_pass http://localhost:3000; proxy_pass http://localhost:3000;
include proxy_params; include proxy_params;

View File

@ -1,6 +1,8 @@
server { server {
server_name www.example.com; server_name www.example.com;
include inc/server-log;
location / { location / {
proxy_pass http://localhost:4567/; proxy_pass http://localhost:4567/;
include proxy_params; include proxy_params;

View File

@ -1,4 +1,8 @@
server { server {
include inc/redirect-ssl;
server_name *.example.com; server_name *.example.com;
listen 80;
include inc/redirect-ssl;
include inc/letsencrypt;
} }

View File

@ -3,6 +3,8 @@ server {
listen 443 ssl; listen 443 ssl;
include inc/server-log;
location / { location / {
proxy_pass http://localhost:8000; proxy_pass http://localhost:8000;
include proxy_params; include proxy_params;

View File

@ -1,6 +1,8 @@
server { server {
server_name trac.example.com; server_name trac.example.com;
include inc/server-log;
client_max_body_size 20M; client_max_body_size 20M;
location / { location / {

View File

View File

@ -1 +0,0 @@
../sites-available/example