templates and conf updated
Nginx Conf updated. More protection to prevent DOS attacks. Skip cache for more cart and sitemap plugins.
This commit is contained in:
parent
4e28539fa4
commit
e0f7aeaf03
|
@ -1,66 +1,46 @@
|
|||
# Webinoly admin NGINX CONFIGURATION
|
||||
# Webinoly Admin-Tools NGINX CONFIGURATION
|
||||
|
||||
# WebinolyNginxServerStart
|
||||
server {
|
||||
|
||||
listen 22222 default_server deferred;
|
||||
listen [::]:22222 default_server;
|
||||
|
||||
access_log /var/log/nginx/22222.access.log we_log;
|
||||
error_log /var/log/nginx/22222.error.log;
|
||||
listen 22222 default_server deferred;
|
||||
listen [::]:22222 default_server;
|
||||
|
||||
#ssl on;
|
||||
#ssl_certificate /var/www/22222/cert/22222.crt;
|
||||
#ssl_certificate_key /var/www/22222/cert/22222.key;
|
||||
#ssl_stapling on;
|
||||
#ssl_stapling_verify on;
|
||||
#ssl_trusted_certificate /var/www/22222/cert/chain.pem;
|
||||
|
||||
# Force HTTP to HTTPS
|
||||
#error_page 497 =200 https://$host:22222$request_uri;
|
||||
access_log /var/log/nginx/22222.access.log we_log;
|
||||
error_log /var/log/nginx/22222.error.log;
|
||||
|
||||
root /var/www/22222/htdocs;
|
||||
index index.php index.htm index.html;
|
||||
root /var/www/22222/htdocs;
|
||||
index index.php index.htm index.html;
|
||||
|
||||
# Turn on directory listing
|
||||
autoindex on;
|
||||
# Turn on directory listing
|
||||
autoindex on;
|
||||
|
||||
# HTTP Authentication on port 22222
|
||||
include common/acl.conf;
|
||||
# HTTP Authentication on port 22222
|
||||
include common/acl.conf;
|
||||
|
||||
location / {
|
||||
try_files $uri $uri/ /index.php?$args;
|
||||
}
|
||||
# PHP Support
|
||||
include common/php.conf;
|
||||
include common/locations.conf;
|
||||
|
||||
# Status pages
|
||||
location /nginx_status {
|
||||
stub_status on;
|
||||
access_log off;
|
||||
# include common/acl.conf;
|
||||
}
|
||||
location ~ ^/(status|ping) {
|
||||
include fastcgi_params;
|
||||
fastcgi_pass php;
|
||||
# include common/acl.conf;
|
||||
}
|
||||
# Status pages
|
||||
location = /nginx_status {
|
||||
stub_status on;
|
||||
access_log off;
|
||||
}
|
||||
location ~ ^/(status|ping)$ {
|
||||
include fastcgi_params;
|
||||
fastcgi_pass php;
|
||||
}
|
||||
|
||||
# Display menu at location /fpm/status/
|
||||
location = /fpm/status/ {}
|
||||
# Display menu at location /fpm/status/
|
||||
location = /fpm/status/ {}
|
||||
|
||||
location ~ /fpm/status/(.*) {
|
||||
try_files $uri =404;
|
||||
include fastcgi_params;
|
||||
fastcgi_param SCRIPT_NAME /status;
|
||||
fastcgi_pass $1;
|
||||
}
|
||||
|
||||
location ~ \.php$ {
|
||||
try_files $uri =404;
|
||||
include fastcgi_params;
|
||||
fastcgi_pass php;
|
||||
}
|
||||
|
||||
location ~* \.(js|css|jpg|gif|png)$ {
|
||||
root /var/www/22222/htdocs/;
|
||||
}
|
||||
location ~ /fpm/status/(.*) {
|
||||
try_files $uri =404;
|
||||
include fastcgi_params;
|
||||
fastcgi_param SCRIPT_NAME /status;
|
||||
fastcgi_pass $1;
|
||||
}
|
||||
|
||||
}
|
||||
# WebinolyNginxServerEnd
|
||||
|
|
|
@ -1,42 +1,47 @@
|
|||
# NGINX CONFIGURATION FOR COMMON LOCATION
|
||||
# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE Webinoly
|
||||
|
||||
# Basic locations files
|
||||
location = /favicon.ico {
|
||||
access_log off;
|
||||
log_not_found off;
|
||||
expires max;
|
||||
access_log off;
|
||||
log_not_found off;
|
||||
expires max;
|
||||
}
|
||||
location = /robots.txt {
|
||||
try_files $uri $uri/ /index.php?$args;
|
||||
access_log off;
|
||||
log_not_found off;
|
||||
try_files $uri $uri/ /index.php?$args;
|
||||
access_log off;
|
||||
log_not_found off;
|
||||
}
|
||||
|
||||
# Cache static files
|
||||
location ~* \.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf|swf)$ {
|
||||
include common/headers-http.conf;
|
||||
include common/headers-https.conf;
|
||||
add_header "Access-Control-Allow-Origin" "*";
|
||||
access_log off;
|
||||
log_not_found off;
|
||||
expires max;
|
||||
include common/headers-http.conf;
|
||||
include common/headers-https.conf;
|
||||
add_header "Access-Control-Allow-Origin" "*";
|
||||
access_log off;
|
||||
log_not_found off;
|
||||
expires max;
|
||||
}
|
||||
|
||||
# Security settings for better privacy
|
||||
# Deny hidden files
|
||||
location ~ /\.well-known {
|
||||
allow all;
|
||||
allow all;
|
||||
}
|
||||
location ~ /\. {
|
||||
deny all;
|
||||
access_log off;
|
||||
log_not_found off;
|
||||
deny all;
|
||||
access_log off;
|
||||
log_not_found off;
|
||||
}
|
||||
|
||||
# Deny backup extensions & log files
|
||||
location ~* ^.+\.(bak|log|old|orig|original|php#|php~|php_bak|save|swo|swp|sql)$ {
|
||||
deny all;
|
||||
access_log off;
|
||||
log_not_found off;
|
||||
deny all;
|
||||
access_log off;
|
||||
log_not_found off;
|
||||
}
|
||||
|
||||
# Return 403 forbidden for readme.(txt|html) or license.(txt|html) or example.(txt|html)
|
||||
if ($uri ~* "^.+(readme|license|example)\.(txt|html)$") {
|
||||
return 403;
|
||||
return 403;
|
||||
}
|
||||
|
|
|
@ -1,36 +1,54 @@
|
|||
# WordPress COMMON SETTINGS
|
||||
# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE Webinoly
|
||||
|
||||
# Limit access to avoid brute force attack
|
||||
location = /wp-login.php {
|
||||
limit_req zone=one burst=1 nodelay;
|
||||
include common/acl.conf;
|
||||
include fastcgi_params;
|
||||
fastcgi_pass php;
|
||||
# https://baraktawily.blogspot.com/2018/02/how-to-dos-29-of-world-wide-websites.html
|
||||
location = /wp-admin/load-styles.php {
|
||||
limit_req zone=one burst=1 nodelay;
|
||||
include common/acl.conf;
|
||||
include fastcgi_params;
|
||||
fastcgi_pass php;
|
||||
}
|
||||
location = /wp-admin/load-scripts.php {
|
||||
limit_req zone=one burst=1 nodelay;
|
||||
include common/acl.conf;
|
||||
include fastcgi_params;
|
||||
fastcgi_pass php;
|
||||
}
|
||||
location = /wp-login.php {
|
||||
limit_req zone=one burst=1 nodelay;
|
||||
include common/acl.conf;
|
||||
include fastcgi_params;
|
||||
fastcgi_pass php;
|
||||
}
|
||||
|
||||
# Disable wp-config.txt
|
||||
location = /wp-config.txt {
|
||||
deny all;
|
||||
access_log off;
|
||||
log_not_found off;
|
||||
deny all;
|
||||
access_log off;
|
||||
log_not_found off;
|
||||
}
|
||||
|
||||
# Disallow php in upload folder
|
||||
location /wp-content/uploads/ {
|
||||
location ~ \.php$ {
|
||||
#Prevent Direct Access Of PHP Files From Web Browsers
|
||||
deny all;
|
||||
}
|
||||
location ~ \.php$ {
|
||||
#Prevent Direct Access Of PHP Files From Web Browsers
|
||||
deny all;
|
||||
}
|
||||
# Yoast sitemap
|
||||
location ~ ([^/]*)sitemap(.*)\.x(m|s)l$ {
|
||||
rewrite ^(.*)/sitemap\.xml$ $1/sitemap_index.xml permanent;
|
||||
rewrite ^.*/([a-z]+)?-?sitemap\.xsl$ /index.php?xsl=$1 last;
|
||||
# Rules for yoast sitemap with wp|wpsubdir|wpsubdomain
|
||||
rewrite ^.*/sitemap_index\.xml$ /index.php?sitemap=1 last;
|
||||
rewrite ^.*/([^/]+?)-sitemap([0-9]+)?\.xml$ /index.php?sitemap=$1&sitemap_n=$2 last;
|
||||
# Following lines are optional. Needed for Yoast Premium.
|
||||
rewrite ^.*/news_sitemap\.xml$ /index.php?sitemap=wpseo_news last;
|
||||
rewrite ^.*/locations\.kml$ /index.php?sitemap=wpseo_local_kml last;
|
||||
rewrite ^.*/geo_sitemap\.xml$ /index.php?sitemap=wpseo_local last;
|
||||
rewrite ^.*/video-sitemap\.xsl$ /index.php?xsl=video last;
|
||||
access_log off;
|
||||
}
|
||||
|
||||
# YoastSitemapStart - Yoast SEO Plugin
|
||||
location ~ ([^/]*)sitemap(.*)\.x(m|s)l$ {
|
||||
rewrite ^(.*)/sitemap\.xml$ $1/sitemap_index.xml permanent;
|
||||
rewrite ^.*/([a-z]+)?-?sitemap\.xsl$ /index.php?xsl=$1 last;
|
||||
# Rules for yoast sitemap with wp|wpsubdir|wpsubdomain
|
||||
rewrite ^.*/sitemap_index\.xml$ /index.php?sitemap=1 last;
|
||||
rewrite ^.*/([^/]+?)-sitemap([0-9]+)?\.xml$ /index.php?sitemap=$1&sitemap_n=$2 last;
|
||||
# Following lines are optional. Needed for Yoast Premium.
|
||||
rewrite ^.*/news_sitemap\.xml$ /index.php?sitemap=wpseo_news last;
|
||||
rewrite ^.*/locations\.kml$ /index.php?sitemap=wpseo_local_kml last;
|
||||
rewrite ^.*/geo_sitemap\.xml$ /index.php?sitemap=wpseo_local last;
|
||||
rewrite ^.*/video-sitemap\.xsl$ /index.php?xsl=video last;
|
||||
access_log off;
|
||||
}
|
||||
# YoastSitemapEnd
|
|
@ -1,30 +1,34 @@
|
|||
# WPFC NGINX CONFIGURATION
|
||||
# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE Webinoly
|
||||
|
||||
set $skip_cache 0;
|
||||
# POST requests and URL with a query string should always go to php
|
||||
if ($request_method = POST) {
|
||||
set $skip_cache 1;
|
||||
set $skip_cache 1;
|
||||
}
|
||||
if ($query_string != "") {
|
||||
set $skip_cache 1;
|
||||
set $skip_cache 1;
|
||||
}
|
||||
|
||||
# Don't cache URL containing the following segments
|
||||
if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|wp-.*.php|index.php|/feed/|sitemap(_index)?.xml|[a-z0-9_-]+-sitemap([0-9]+)?.xml)") {
|
||||
set $skip_cache 1;
|
||||
if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|wp-.*.php|index.php|/feed/|.*sitemap.*\.xml)") {
|
||||
set $skip_cache 1;
|
||||
}
|
||||
|
||||
# Don't use the cache for logged in users or recent commenter or customer with items in cart
|
||||
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|woocommerce_items_in_cart") {
|
||||
set $skip_cache 1;
|
||||
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|[a-z0-9]+_items_in_cart") {
|
||||
set $skip_cache 1;
|
||||
}
|
||||
|
||||
# Use cached or actual file if they exists, Otherwise pass request to WordPress
|
||||
location / {
|
||||
try_files $uri $uri/ /index.php?$args;
|
||||
try_files $uri $uri/ /index.php?$args;
|
||||
}
|
||||
location ~ \.php$ {
|
||||
try_files $uri =404;
|
||||
include fastcgi_params;
|
||||
fastcgi_pass php;
|
||||
fastcgi_cache_bypass $skip_cache;
|
||||
fastcgi_no_cache $skip_cache;
|
||||
fastcgi_cache WORDPRESS;
|
||||
try_files $uri =404;
|
||||
include fastcgi_params;
|
||||
fastcgi_pass php;
|
||||
fastcgi_cache_bypass $skip_cache;
|
||||
fastcgi_no_cache $skip_cache;
|
||||
fastcgi_cache WORDPRESS;
|
||||
}
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
# WPSUBDIRECTORY NGINX CONFIGURATION
|
||||
# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE Webinoly
|
||||
|
||||
if (!-e $request_filename) {
|
||||
# Redirect wp-admin to wp-admin/
|
||||
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
|
||||
|
|
|
@ -1,2 +1 @@
|
|||
# Block IP Address
|
||||
# deny 1.1.1.1;
|
||||
# Block IP Address - (deny 1.1.1.1;)
|
||||
|
|
|
@ -9,3 +9,5 @@ fastcgi_buffer_size 32k;
|
|||
fastcgi_param SERVER_NAME $http_host;
|
||||
fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
|
||||
fastcgi_keep_conn on;
|
||||
fastcgi_cache_background_update on;
|
||||
fastcgi_read_timeout 30s;
|
|
@ -4,6 +4,5 @@ upstream php {
|
|||
server 127.0.0.1:9000;
|
||||
}
|
||||
upstream debug {
|
||||
# Debug Pool
|
||||
server 127.0.0.1:9001;
|
||||
}
|
||||
|
|
|
@ -17,22 +17,27 @@ http {
|
|||
sendfile on;
|
||||
tcp_nopush on;
|
||||
tcp_nodelay on;
|
||||
|
||||
keepalive_timeout 20;
|
||||
send_timeout 20;
|
||||
types_hash_max_size 2048;
|
||||
server_tokens off;
|
||||
reset_timedout_connection on;
|
||||
limit_req_status 403;
|
||||
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
|
||||
fastcgi_read_timeout 300;
|
||||
|
||||
send_timeout 15;
|
||||
keepalive_timeout 15;
|
||||
|
||||
client_body_buffer_size 128k;
|
||||
client_max_body_size 100m;
|
||||
open_file_cache max=30000 inactive=1m;
|
||||
client_body_timeout 15;
|
||||
client_header_timeout 15;
|
||||
|
||||
open_file_cache_valid 3m;
|
||||
open_file_cache max=30000 inactive=1m;
|
||||
|
||||
types_hash_max_size 2048;
|
||||
# server_names_hash_bucket_size 64;
|
||||
# server_name_in_redirect off;
|
||||
|
||||
limit_req_status 403;
|
||||
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
|
||||
|
||||
include /etc/nginx/mime.types;
|
||||
include common/headers-http.conf;
|
||||
default_type application/octet-stream;
|
||||
|
@ -41,12 +46,13 @@ http {
|
|||
# SSL Settings
|
||||
##
|
||||
|
||||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
||||
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
|
||||
ssl_session_timeout 10m;
|
||||
ssl_session_cache shared:SSL:20m;
|
||||
ssl_dhparam /etc/ssl/dhparam.pem;
|
||||
ssl_ecdh_curve prime256v1:secp384r1:secp521r1;
|
||||
ssl_prefer_server_ciphers on;
|
||||
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT;
|
||||
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT';
|
||||
|
||||
##
|
||||
# Logging Settings
|
||||
|
@ -54,7 +60,9 @@ http {
|
|||
|
||||
access_log /var/log/nginx/access.log;
|
||||
error_log /var/log/nginx/error.log;
|
||||
|
||||
|
||||
open_log_file_cache max=1000 inactive=30s valid=1m;
|
||||
|
||||
log_format we_log '$remote_addr $upstream_response_time $upstream_cache_status [$time_local] '
|
||||
'$http_host "$request" $status $body_bytes_sent '
|
||||
'"$http_referer" "$http_user_agent"';
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
|
||||
# WebinolyNginxServerStart
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
@ -16,5 +17,6 @@ server {
|
|||
include common/locations.conf;
|
||||
include common/headers-http.conf;
|
||||
include common/headers-html.conf;
|
||||
#include /var/www/domain.com/conf/nginx/*.conf;
|
||||
}
|
||||
include /var/www/domain.com/*-nginx.conf;
|
||||
}
|
||||
# WebinolyNginxServerEnd
|
||||
|
|
Loading…
Reference in a new issue