Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # configuration file /etc/nginx/nginx.conf:
- # Generated by nginxconfig.io
- # https://nginxconfig.io/?0.domain=mysite.com&0.document_root=%2F&0.non_www=false&0.https=false&0.wordpress&0.access_log_domain&0.error_log_domain&resolver_opendns=false&referrer_policy=origin&server_tokens&limit_req
- user www-data;
- pid /run/nginx.pid;
- worker_processes auto;
- worker_rlimit_nofile 65535;
- events {
- multi_accept on;
- worker_connections 65535;
- }
- http {
- charset utf-8;
- sendfile on;
- tcp_nopush on;
- tcp_nodelay on;
- log_not_found off;
- types_hash_max_size 2048;
- client_max_body_size 16M;
- # MIME
- include mime.types;
- default_type application/octet-stream;
- # logging
- access_log /var/log/nginx/access.log;
- error_log /var/log/nginx/error.log warn;
- # limits
- limit_req_log_level warn;
- limit_req_zone $binary_remote_addr zone=login:10m rate=10r/m;
- # load configs
- include /etc/nginx/conf.d/*.conf;
- include /etc/nginx/sites-enabled/*;
- }
- # configuration file /etc/nginx/mime.types:
- types {
- text/html html htm shtml;
- text/css css;
- text/xml xml;
- image/gif gif;
- image/jpeg jpeg jpg;
- application/javascript js;
- application/atom+xml atom;
- application/rss+xml rss;
- text/mathml mml;
- text/plain txt;
- text/vnd.sun.j2me.app-descriptor jad;
- text/vnd.wap.wml wml;
- text/x-component htc;
- image/png png;
- image/svg+xml svg svgz;
- image/tiff tif tiff;
- image/vnd.wap.wbmp wbmp;
- image/webp webp;
- image/x-icon ico;
- image/x-jng jng;
- image/x-ms-bmp bmp;
- font/woff woff;
- font/woff2 woff2;
- application/java-archive jar war ear;
- application/json json;
- application/mac-binhex40 hqx;
- application/msword doc;
- application/pdf pdf;
- application/postscript ps eps ai;
- application/rtf rtf;
- application/vnd.apple.mpegurl m3u8;
- application/vnd.google-earth.kml+xml kml;
- application/vnd.google-earth.kmz kmz;
- application/vnd.ms-excel xls;
- application/vnd.ms-fontobject eot;
- application/vnd.ms-powerpoint ppt;
- application/vnd.oasis.opendocument.graphics odg;
- application/vnd.oasis.opendocument.presentation odp;
- application/vnd.oasis.opendocument.spreadsheet ods;
- application/vnd.oasis.opendocument.text odt;
- application/vnd.openxmlformats-officedocument.presentationml.presentation
- pptx;
- application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
- xlsx;
- application/vnd.openxmlformats-officedocument.wordprocessingml.document
- docx;
- application/vnd.wap.wmlc wmlc;
- application/x-7z-compressed 7z;
- application/x-cocoa cco;
- application/x-java-archive-diff jardiff;
- application/x-java-jnlp-file jnlp;
- application/x-makeself run;
- application/x-perl pl pm;
- application/x-pilot prc pdb;
- application/x-rar-compressed rar;
- application/x-redhat-package-manager rpm;
- application/x-sea sea;
- application/x-shockwave-flash swf;
- application/x-stuffit sit;
- application/x-tcl tcl tk;
- application/x-x509-ca-cert der pem crt;
- application/x-xpinstall xpi;
- application/xhtml+xml xhtml;
- application/xspf+xml xspf;
- application/zip zip;
- application/octet-stream bin exe dll;
- application/octet-stream deb;
- application/octet-stream dmg;
- application/octet-stream iso img;
- application/octet-stream msi msp msm;
- audio/midi mid midi kar;
- audio/mpeg mp3;
- audio/ogg ogg;
- audio/x-m4a m4a;
- audio/x-realaudio ra;
- video/3gpp 3gpp 3gp;
- video/mp2t ts;
- video/mp4 mp4;
- video/mpeg mpeg mpg;
- video/quicktime mov;
- video/webm webm;
- video/x-flv flv;
- video/x-m4v m4v;
- video/x-mng mng;
- video/x-ms-asf asx asf;
- video/x-ms-wmv wmv;
- video/x-msvideo avi;
- }
- # configuration file /etc/nginx/conf.d/default.conf:
- server {
- listen 80;
- server_name localhost;
- #charset koi8-r;
- #access_log /var/log/nginx/host.access.log main;
- location / {
- root /usr/share/nginx/html;
- index index.php index.html index.htm;
- }
- #error_page 404 /404.html;
- # redirect server error pages to the static page /50x.html
- #
- error_page 500 502 503 504 /50x.html;
- location = /50x.html {
- root /usr/share/nginx/html;
- }
- # proxy the PHP scripts to Apache listening on 127.0.0.1:80
- #
- #location ~ \.php$ {
- # proxy_pass http://127.0.0.1;
- #}
- # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
- #
- #location ~ \.php$ {
- # root html;
- # fastcgi_pass 127.0.0.1:9000;
- # fastcgi_index index.php;
- # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
- # include fastcgi_params;
- #}
- # deny access to .htaccess files, if Apache's document root
- # concurs with nginx's one
- #
- #location ~ /\.ht {
- # deny all;
- #}
- }
- # configuration file /etc/nginx/sites-enabled/mysite.com.conf:
- server {
- listen 80;
- listen [::]:80;
- server_name www.mysite.com;
- set $base /var/www/mysite.com;
- root $base/;
- # security
- include nginxconfig.io/security.conf;
- # logging
- access_log /var/log/nginx/mysite.com.access.log;
- error_log /var/log/nginx/mysite.com.error.log info;
- # index.php
- index index.php;
- # index.php fallback
- location / {
- try_files $uri $uri/ /index.php?$query_string;
- }
- # handle .php
- location ~ \.php$ {
- include nginxconfig.io/php_fastcgi.conf;
- }
- # additional config
- include nginxconfig.io/general.conf;
- include nginxconfig.io/wordpress.conf;
- include snippets/phpmyadmin.conf;
- }
- server {
- listen 80;
- listen [::]:80;
- server_name phpmyadmin.mysite.com;
- root /usr/share/phpmyadmin;
- }
- # non-www, subdomains redirect
- server {
- listen 80;
- listen [::]:80;
- server_name .mysite.com;
- return 301 http://www.mysite.com$request_uri;
- }
- # configuration file /etc/nginx/nginxconfig.io/security.conf:
- # security headers
- add_header X-Frame-Options "SAMEORIGIN" always;
- add_header X-XSS-Protection "1; mode=block" always;
- add_header X-Content-Type-Options "nosniff" always;
- add_header Referrer-Policy "origin" always;
- add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always;
- # . files
- location ~ /\.(?!well-known) {
- deny all;
- }
- # configuration file /etc/nginx/nginxconfig.io/php_fastcgi.conf:
- # 404
- try_files $fastcgi_script_name =404;
- # default fastcgi_params
- include fastcgi_params;
- # fastcgi settings
- fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
- fastcgi_index index.php;
- fastcgi_buffers 8 16k;
- fastcgi_buffer_size 32k;
- # fastcgi params
- fastcgi_param DOCUMENT_ROOT $realpath_root;
- fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
- #fastcgi_param PHP_ADMIN_VALUE "open_basedir=$base/:/usr/lib/php/:/tmp/";
- # configuration file /etc/nginx/fastcgi_params:
- fastcgi_param QUERY_STRING $query_string;
- fastcgi_param REQUEST_METHOD $request_method;
- fastcgi_param CONTENT_TYPE $content_type;
- fastcgi_param CONTENT_LENGTH $content_length;
- fastcgi_param SCRIPT_NAME $fastcgi_script_name;
- fastcgi_param REQUEST_URI $request_uri;
- fastcgi_param DOCUMENT_URI $document_uri;
- fastcgi_param DOCUMENT_ROOT $document_root;
- fastcgi_param SERVER_PROTOCOL $server_protocol;
- fastcgi_param REQUEST_SCHEME $scheme;
- fastcgi_param HTTPS $https if_not_empty;
- fastcgi_param GATEWAY_INTERFACE CGI/1.1;
- fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
- fastcgi_param REMOTE_ADDR $remote_addr;
- fastcgi_param REMOTE_PORT $remote_port;
- fastcgi_param SERVER_ADDR $server_addr;
- fastcgi_param SERVER_PORT $server_port;
- fastcgi_param SERVER_NAME $server_name;
- # PHP only, required if PHP was built with --enable-force-cgi-redirect
- fastcgi_param REDIRECT_STATUS 200;
- # configuration file /etc/nginx/nginxconfig.io/general.conf:
- # favicon.ico
- location = /favicon.ico {
- log_not_found off;
- access_log off;
- }
- # robots.txt
- location = /robots.txt {
- log_not_found off;
- access_log off;
- }
- # assets, media
- location ~* \.(?:css(\.map)?|js(\.map)?|jpe?g|png|gif|ico|cur|heic|webp|tiff?|mp3|m4a|aac|ogg|midi?|wav|mp4|mov|webm|mpe?g|avi|ogv|flv|wmv)$ {
- expires 7d;
- access_log off;
- }
- # svg, fonts
- location ~* \.(?:svgz?|ttf|ttc|otf|eot|woff2?)$ {
- add_header Access-Control-Allow-Origin "*";
- expires 7d;
- access_log off;
- }
- # gzip
- gzip on;
- gzip_vary on;
- gzip_proxied any;
- gzip_comp_level 6;
- gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;
- # configuration file /etc/nginx/nginxconfig.io/wordpress.conf:
- # WordPress: allow TinyMCE
- location = /wp-includes/js/tinymce/wp-tinymce.php {
- include nginxconfig.io/php_fastcgi.conf;
- }
- # WordPress: deny wp-content, wp-includes php files
- location ~* ^/(?:wp-content|wp-includes)/.*\.php$ {
- deny all;
- }
- # WordPress: deny wp-content/uploads nasty stuff
- location ~* ^/wp-content/uploads/.*\.(?:s?html?|php|js|swf)$ {
- deny all;
- }
- # WordPress: deny wp-content/plugins (except earlier rules)
- location ~ ^/wp-content/plugins {
- deny all;
- }
- # WordPress: deny scripts and styles concat
- location ~* \/wp-admin\/load-(?:scripts|styles)\.php {
- deny all;
- }
- # WordPress: deny general stuff
- location ~* ^/(?:xmlrpc\.php|wp-links-opml\.php|wp-config\.php|wp-config-sample\.php|wp-comments-post\.php|readme\.html|license\.txt)$ {
- deny all;
- }
- # WordPress: throttle wp-login.php
- location = /wp-login.php {
- limit_req zone=login burst=2 nodelay;
- include nginxconfig.io/php_fastcgi.conf;
- }
- # configuration file /etc/nginx/snippets/phpmyadmin.conf:
- location /phpmyadmin {
- root /usr/share/;
- index index.php index.html index.htm;
- location ~ ^/phpmyadmin/(.+\.php)$ {
- try_files $uri =404;
- root /usr/share/;
- fastcgi_pass unix:/run/php/php7.2-fpm.sock;
- fastcgi_index index.php;
- fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
- include /etc/nginx/fastcgi_params;
- }
- location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
- root /usr/share/;
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
