templates and conf updated
Nginx Conf updated. More protection to prevent DOS attacks. Skip cache for more cart and sitemap plugins.
This commit is contained in:
parent
4e28539fa4
commit
e0f7aeaf03
|
@ -1,5 +1,6 @@
|
||||||
# Webinoly admin NGINX CONFIGURATION
|
# Webinoly Admin-Tools NGINX CONFIGURATION
|
||||||
|
|
||||||
|
# WebinolyNginxServerStart
|
||||||
server {
|
server {
|
||||||
|
|
||||||
listen 22222 default_server deferred;
|
listen 22222 default_server deferred;
|
||||||
|
@ -8,16 +9,6 @@ server {
|
||||||
access_log /var/log/nginx/22222.access.log we_log;
|
access_log /var/log/nginx/22222.access.log we_log;
|
||||||
error_log /var/log/nginx/22222.error.log;
|
error_log /var/log/nginx/22222.error.log;
|
||||||
|
|
||||||
#ssl on;
|
|
||||||
#ssl_certificate /var/www/22222/cert/22222.crt;
|
|
||||||
#ssl_certificate_key /var/www/22222/cert/22222.key;
|
|
||||||
#ssl_stapling on;
|
|
||||||
#ssl_stapling_verify on;
|
|
||||||
#ssl_trusted_certificate /var/www/22222/cert/chain.pem;
|
|
||||||
|
|
||||||
# Force HTTP to HTTPS
|
|
||||||
#error_page 497 =200 https://$host:22222$request_uri;
|
|
||||||
|
|
||||||
root /var/www/22222/htdocs;
|
root /var/www/22222/htdocs;
|
||||||
index index.php index.htm index.html;
|
index index.php index.htm index.html;
|
||||||
|
|
||||||
|
@ -27,20 +18,18 @@ server {
|
||||||
# HTTP Authentication on port 22222
|
# HTTP Authentication on port 22222
|
||||||
include common/acl.conf;
|
include common/acl.conf;
|
||||||
|
|
||||||
location / {
|
# PHP Support
|
||||||
try_files $uri $uri/ /index.php?$args;
|
include common/php.conf;
|
||||||
}
|
include common/locations.conf;
|
||||||
|
|
||||||
# Status pages
|
# Status pages
|
||||||
location /nginx_status {
|
location = /nginx_status {
|
||||||
stub_status on;
|
stub_status on;
|
||||||
access_log off;
|
access_log off;
|
||||||
# include common/acl.conf;
|
|
||||||
}
|
}
|
||||||
location ~ ^/(status|ping) {
|
location ~ ^/(status|ping)$ {
|
||||||
include fastcgi_params;
|
include fastcgi_params;
|
||||||
fastcgi_pass php;
|
fastcgi_pass php;
|
||||||
# include common/acl.conf;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
# Display menu at location /fpm/status/
|
# Display menu at location /fpm/status/
|
||||||
|
@ -53,14 +42,5 @@ server {
|
||||||
fastcgi_pass $1;
|
fastcgi_pass $1;
|
||||||
}
|
}
|
||||||
|
|
||||||
location ~ \.php$ {
|
|
||||||
try_files $uri =404;
|
|
||||||
include fastcgi_params;
|
|
||||||
fastcgi_pass php;
|
|
||||||
}
|
|
||||||
|
|
||||||
location ~* \.(js|css|jpg|gif|png)$ {
|
|
||||||
root /var/www/22222/htdocs/;
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
# WebinolyNginxServerEnd
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
# NGINX CONFIGURATION FOR COMMON LOCATION
|
# NGINX CONFIGURATION FOR COMMON LOCATION
|
||||||
# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE Webinoly
|
# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE Webinoly
|
||||||
|
|
||||||
# Basic locations files
|
# Basic locations files
|
||||||
location = /favicon.ico {
|
location = /favicon.ico {
|
||||||
access_log off;
|
access_log off;
|
||||||
|
@ -11,6 +12,7 @@ location = /robots.txt {
|
||||||
access_log off;
|
access_log off;
|
||||||
log_not_found off;
|
log_not_found off;
|
||||||
}
|
}
|
||||||
|
|
||||||
# Cache static files
|
# Cache static files
|
||||||
location ~* \.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf|swf)$ {
|
location ~* \.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf|swf)$ {
|
||||||
include common/headers-http.conf;
|
include common/headers-http.conf;
|
||||||
|
@ -20,6 +22,7 @@ location ~* \.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gi
|
||||||
log_not_found off;
|
log_not_found off;
|
||||||
expires max;
|
expires max;
|
||||||
}
|
}
|
||||||
|
|
||||||
# Security settings for better privacy
|
# Security settings for better privacy
|
||||||
# Deny hidden files
|
# Deny hidden files
|
||||||
location ~ /\.well-known {
|
location ~ /\.well-known {
|
||||||
|
@ -30,12 +33,14 @@ location ~ /\. {
|
||||||
access_log off;
|
access_log off;
|
||||||
log_not_found off;
|
log_not_found off;
|
||||||
}
|
}
|
||||||
|
|
||||||
# Deny backup extensions & log files
|
# Deny backup extensions & log files
|
||||||
location ~* ^.+\.(bak|log|old|orig|original|php#|php~|php_bak|save|swo|swp|sql)$ {
|
location ~* ^.+\.(bak|log|old|orig|original|php#|php~|php_bak|save|swo|swp|sql)$ {
|
||||||
deny all;
|
deny all;
|
||||||
access_log off;
|
access_log off;
|
||||||
log_not_found off;
|
log_not_found off;
|
||||||
}
|
}
|
||||||
|
|
||||||
# Return 403 forbidden for readme.(txt|html) or license.(txt|html) or example.(txt|html)
|
# Return 403 forbidden for readme.(txt|html) or license.(txt|html) or example.(txt|html)
|
||||||
if ($uri ~* "^.+(readme|license|example)\.(txt|html)$") {
|
if ($uri ~* "^.+(readme|license|example)\.(txt|html)$") {
|
||||||
return 403;
|
return 403;
|
||||||
|
|
|
@ -1,27 +1,44 @@
|
||||||
# WordPress COMMON SETTINGS
|
# WordPress COMMON SETTINGS
|
||||||
# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE Webinoly
|
# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE Webinoly
|
||||||
|
|
||||||
# Limit access to avoid brute force attack
|
# Limit access to avoid brute force attack
|
||||||
|
# https://baraktawily.blogspot.com/2018/02/how-to-dos-29-of-world-wide-websites.html
|
||||||
|
location = /wp-admin/load-styles.php {
|
||||||
|
limit_req zone=one burst=1 nodelay;
|
||||||
|
include common/acl.conf;
|
||||||
|
include fastcgi_params;
|
||||||
|
fastcgi_pass php;
|
||||||
|
}
|
||||||
|
location = /wp-admin/load-scripts.php {
|
||||||
|
limit_req zone=one burst=1 nodelay;
|
||||||
|
include common/acl.conf;
|
||||||
|
include fastcgi_params;
|
||||||
|
fastcgi_pass php;
|
||||||
|
}
|
||||||
location = /wp-login.php {
|
location = /wp-login.php {
|
||||||
limit_req zone=one burst=1 nodelay;
|
limit_req zone=one burst=1 nodelay;
|
||||||
include common/acl.conf;
|
include common/acl.conf;
|
||||||
include fastcgi_params;
|
include fastcgi_params;
|
||||||
fastcgi_pass php;
|
fastcgi_pass php;
|
||||||
}
|
}
|
||||||
|
|
||||||
# Disable wp-config.txt
|
# Disable wp-config.txt
|
||||||
location = /wp-config.txt {
|
location = /wp-config.txt {
|
||||||
deny all;
|
deny all;
|
||||||
access_log off;
|
access_log off;
|
||||||
log_not_found off;
|
log_not_found off;
|
||||||
}
|
}
|
||||||
|
|
||||||
# Disallow php in upload folder
|
# Disallow php in upload folder
|
||||||
location /wp-content/uploads/ {
|
location /wp-content/uploads/ {
|
||||||
location ~ \.php$ {
|
location ~ \.php$ {
|
||||||
#Prevent Direct Access Of PHP Files From Web Browsers
|
#Prevent Direct Access Of PHP Files From Web Browsers
|
||||||
deny all;
|
deny all;
|
||||||
}
|
|
||||||
}
|
}
|
||||||
# Yoast sitemap
|
}
|
||||||
location ~ ([^/]*)sitemap(.*)\.x(m|s)l$ {
|
|
||||||
|
# YoastSitemapStart - Yoast SEO Plugin
|
||||||
|
location ~ ([^/]*)sitemap(.*)\.x(m|s)l$ {
|
||||||
rewrite ^(.*)/sitemap\.xml$ $1/sitemap_index.xml permanent;
|
rewrite ^(.*)/sitemap\.xml$ $1/sitemap_index.xml permanent;
|
||||||
rewrite ^.*/([a-z]+)?-?sitemap\.xsl$ /index.php?xsl=$1 last;
|
rewrite ^.*/([a-z]+)?-?sitemap\.xsl$ /index.php?xsl=$1 last;
|
||||||
# Rules for yoast sitemap with wp|wpsubdir|wpsubdomain
|
# Rules for yoast sitemap with wp|wpsubdir|wpsubdomain
|
||||||
|
@ -34,3 +51,4 @@ location ~ ([^/]*)sitemap(.*)\.x(m|s)l$ {
|
||||||
rewrite ^.*/video-sitemap\.xsl$ /index.php?xsl=video last;
|
rewrite ^.*/video-sitemap\.xsl$ /index.php?xsl=video last;
|
||||||
access_log off;
|
access_log off;
|
||||||
}
|
}
|
||||||
|
# YoastSitemapEnd
|
|
@ -1,5 +1,6 @@
|
||||||
# WPFC NGINX CONFIGURATION
|
# WPFC NGINX CONFIGURATION
|
||||||
# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE Webinoly
|
# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE Webinoly
|
||||||
|
|
||||||
set $skip_cache 0;
|
set $skip_cache 0;
|
||||||
# POST requests and URL with a query string should always go to php
|
# POST requests and URL with a query string should always go to php
|
||||||
if ($request_method = POST) {
|
if ($request_method = POST) {
|
||||||
|
@ -8,14 +9,17 @@ if ($request_method = POST) {
|
||||||
if ($query_string != "") {
|
if ($query_string != "") {
|
||||||
set $skip_cache 1;
|
set $skip_cache 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
# Don't cache URL containing the following segments
|
# Don't cache URL containing the following segments
|
||||||
if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|wp-.*.php|index.php|/feed/|sitemap(_index)?.xml|[a-z0-9_-]+-sitemap([0-9]+)?.xml)") {
|
if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|wp-.*.php|index.php|/feed/|.*sitemap.*\.xml)") {
|
||||||
set $skip_cache 1;
|
set $skip_cache 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
# Don't use the cache for logged in users or recent commenter or customer with items in cart
|
# Don't use the cache for logged in users or recent commenter or customer with items in cart
|
||||||
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|woocommerce_items_in_cart") {
|
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|[a-z0-9]+_items_in_cart") {
|
||||||
set $skip_cache 1;
|
set $skip_cache 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
# Use cached or actual file if they exists, Otherwise pass request to WordPress
|
# Use cached or actual file if they exists, Otherwise pass request to WordPress
|
||||||
location / {
|
location / {
|
||||||
try_files $uri $uri/ /index.php?$args;
|
try_files $uri $uri/ /index.php?$args;
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
# WPSUBDIRECTORY NGINX CONFIGURATION
|
# WPSUBDIRECTORY NGINX CONFIGURATION
|
||||||
# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE Webinoly
|
# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE Webinoly
|
||||||
|
|
||||||
if (!-e $request_filename) {
|
if (!-e $request_filename) {
|
||||||
# Redirect wp-admin to wp-admin/
|
# Redirect wp-admin to wp-admin/
|
||||||
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
|
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
|
||||||
|
|
|
@ -1,2 +1 @@
|
||||||
# Block IP Address
|
# Block IP Address - (deny 1.1.1.1;)
|
||||||
# deny 1.1.1.1;
|
|
||||||
|
|
|
@ -9,3 +9,5 @@ fastcgi_buffer_size 32k;
|
||||||
fastcgi_param SERVER_NAME $http_host;
|
fastcgi_param SERVER_NAME $http_host;
|
||||||
fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
|
fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
|
||||||
fastcgi_keep_conn on;
|
fastcgi_keep_conn on;
|
||||||
|
fastcgi_cache_background_update on;
|
||||||
|
fastcgi_read_timeout 30s;
|
|
@ -4,6 +4,5 @@ upstream php {
|
||||||
server 127.0.0.1:9000;
|
server 127.0.0.1:9000;
|
||||||
}
|
}
|
||||||
upstream debug {
|
upstream debug {
|
||||||
# Debug Pool
|
|
||||||
server 127.0.0.1:9001;
|
server 127.0.0.1:9001;
|
||||||
}
|
}
|
||||||
|
|
|
@ -17,22 +17,27 @@ http {
|
||||||
sendfile on;
|
sendfile on;
|
||||||
tcp_nopush on;
|
tcp_nopush on;
|
||||||
tcp_nodelay on;
|
tcp_nodelay on;
|
||||||
|
|
||||||
keepalive_timeout 20;
|
|
||||||
send_timeout 20;
|
|
||||||
types_hash_max_size 2048;
|
|
||||||
server_tokens off;
|
server_tokens off;
|
||||||
reset_timedout_connection on;
|
reset_timedout_connection on;
|
||||||
limit_req_status 403;
|
|
||||||
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
|
send_timeout 15;
|
||||||
fastcgi_read_timeout 300;
|
keepalive_timeout 15;
|
||||||
|
|
||||||
client_body_buffer_size 128k;
|
client_body_buffer_size 128k;
|
||||||
client_max_body_size 100m;
|
client_max_body_size 100m;
|
||||||
open_file_cache max=30000 inactive=1m;
|
client_body_timeout 15;
|
||||||
|
client_header_timeout 15;
|
||||||
|
|
||||||
open_file_cache_valid 3m;
|
open_file_cache_valid 3m;
|
||||||
|
open_file_cache max=30000 inactive=1m;
|
||||||
|
|
||||||
|
types_hash_max_size 2048;
|
||||||
# server_names_hash_bucket_size 64;
|
# server_names_hash_bucket_size 64;
|
||||||
# server_name_in_redirect off;
|
# server_name_in_redirect off;
|
||||||
|
|
||||||
|
limit_req_status 403;
|
||||||
|
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
|
||||||
|
|
||||||
include /etc/nginx/mime.types;
|
include /etc/nginx/mime.types;
|
||||||
include common/headers-http.conf;
|
include common/headers-http.conf;
|
||||||
default_type application/octet-stream;
|
default_type application/octet-stream;
|
||||||
|
@ -41,12 +46,13 @@ http {
|
||||||
# SSL Settings
|
# SSL Settings
|
||||||
##
|
##
|
||||||
|
|
||||||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
|
||||||
ssl_session_timeout 10m;
|
ssl_session_timeout 10m;
|
||||||
ssl_session_cache shared:SSL:20m;
|
ssl_session_cache shared:SSL:20m;
|
||||||
ssl_dhparam /etc/ssl/dhparam.pem;
|
ssl_dhparam /etc/ssl/dhparam.pem;
|
||||||
|
ssl_ecdh_curve prime256v1:secp384r1:secp521r1;
|
||||||
ssl_prefer_server_ciphers on;
|
ssl_prefer_server_ciphers on;
|
||||||
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT;
|
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT';
|
||||||
|
|
||||||
##
|
##
|
||||||
# Logging Settings
|
# Logging Settings
|
||||||
|
@ -55,6 +61,8 @@ http {
|
||||||
access_log /var/log/nginx/access.log;
|
access_log /var/log/nginx/access.log;
|
||||||
error_log /var/log/nginx/error.log;
|
error_log /var/log/nginx/error.log;
|
||||||
|
|
||||||
|
open_log_file_cache max=1000 inactive=30s valid=1m;
|
||||||
|
|
||||||
log_format we_log '$remote_addr $upstream_response_time $upstream_cache_status [$time_local] '
|
log_format we_log '$remote_addr $upstream_response_time $upstream_cache_status [$time_local] '
|
||||||
'$http_host "$request" $status $body_bytes_sent '
|
'$http_host "$request" $status $body_bytes_sent '
|
||||||
'"$http_referer" "$http_user_agent"';
|
'"$http_referer" "$http_user_agent"';
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
|
|
||||||
|
# WebinolyNginxServerStart
|
||||||
server {
|
server {
|
||||||
listen 80;
|
listen 80;
|
||||||
listen [::]:80;
|
listen [::]:80;
|
||||||
|
@ -16,5 +17,6 @@ server {
|
||||||
include common/locations.conf;
|
include common/locations.conf;
|
||||||
include common/headers-http.conf;
|
include common/headers-http.conf;
|
||||||
include common/headers-html.conf;
|
include common/headers-html.conf;
|
||||||
#include /var/www/domain.com/conf/nginx/*.conf;
|
include /var/www/domain.com/*-nginx.conf;
|
||||||
}
|
}
|
||||||
|
# WebinolyNginxServerEnd
|
||||||
|
|
Loading…
Reference in a new issue