Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- nginx.conf:
- `user www-data;
- worker_processes auto;
- worker_rlimit_nofile 100000;
- pid /run/nginx.pid;
- events {
- worker_connections 4096;
- multi_accept on;
- }
- http {
- ##
- # EasyEngine Settings
- ##
- sendfile on;
- tcp_nopush on;
- tcp_nodelay on;
- keepalive_timeout 30;
- types_hash_max_size 2048;
- server_tokens off;
- reset_timedout_connection on;
- add_header X-Powered-By "EasyEngine 3.7.5";
- add_header rt-Fastcgi-Cache $upstream_cache_status;
- # Limit Request
- limit_req_status 403;
- limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
- # Proxy Settings
- # set_real_ip_from proxy-server-ip;
- # real_ip_header X-Forwarded-For;
- fastcgi_read_timeout 300;
- client_max_body_size 100m;
- ##
- # SSL Settings
- ##
- ssl_session_cache shared:SSL:20m;
- ssl_session_timeout 10m;
- ssl_prefer_server_ciphers on;
- ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
- ##
- # Basic Settings
- ##
- # server_names_hash_bucket_size 64;
- # server_name_in_redirect off;
- include /etc/nginx/mime.types;
- default_type application/octet-stream;
- ##
- # Logging Settings
- ##
- access_log /var/log/nginx/access.log;
- error_log /var/log/nginx/error.log;
- # Log format Settings
- log_format rt_cache '$remote_addr $upstream_response_time $upstream_cache_status [$time_local] '
- '$http_host "$request" $status $body_bytes_sent '
- '"$http_referer" "$http_user_agent"';
- ##
- # Gzip Settings
- ##
- gzip on;
- gzip_disable "msie6";
- gzip_vary on;
- gzip_proxied any;
- gzip_comp_level 6;
- gzip_buffers 16 8k;
- gzip_http_version 1.1;
- gzip_types
- application/atom+xml
- application/javascript
- application/json
- application/rss+xml
- application/vnd.ms-fontobject
- application/x-font-ttf
- application/x-web-app-manifest+json
- application/xhtml+xml
- application/xml
- font/opentype
- image/svg+xml
- image/x-icon
- text/css
- text/plain
- text/x-component
- text/xml
- text/javascript;
- ##
- # Virtual Host Configs
- ##
- include /etc/nginx/conf.d/*.conf;
- include /etc/nginx/sites-enabled/*;
- }
- #mail {
- # # See sample authentication script at:
- # # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
- #
- # # auth_http localhost/auth.php;
- # # pop3_capabilities "TOP" "USER";
- # # imap_capabilities "IMAP4rev1" "UIDPLUS";
- #
- # server {
- # listen localhost:110;
- # protocol pop3;
- # proxy on;
- # }
- #
- # server {
- # listen localhost:143;
- # protocol imap;
- # proxy on;
- # }
- #}`
- sites-enabled/example.com:
- `server {
- server_name example.com www.example.com;
- access_log /var/log/nginx/example.com.access.log rt_cache;
- error_log /var/log/nginx/example.com.error.log;
- root /var/www/example.com/htdocs;
- index index.php index.html index.htm;
- add_header X-Content-Security-Policy "default-src 'self'; script-src 'self' https://ssl.google-analytics.com; img-src 'self' https://ssl.google-analytics.com";
- include common/php7.conf;
- include common/wpcommon-php7.conf;
- include common/locations-php7.conf;
- include /var/www/example.com/conf/nginx/*.conf;
- }`
- common/php7.conf:
- `# PHP NGINX CONFIGURATION
- # DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee)
- location / {
- try_files $uri $uri/ /index.php?$args;
- }
- location ~ \.php$ {
- try_files $uri =404;
- include fastcgi_params;
- fastcgi_pass php7;
- }`
- common/wpcommon-php7.conf:
- `# PHP NGINX CONFIGURATION
- # DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee)
- location / {
- try_files $uri $uri/ /index.php?$args;
- }
- location ~ \.php$ {
- try_files $uri =404;
- include fastcgi_params;
- fastcgi_pass php7;
- }
- root@900ugpqf:/etc/nginx# cat common/wpcommon-php7.conf
- # WordPress COMMON SETTINGS
- # DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee)
- # Limit access to avoid brute force attack
- location = /wp-login.php {
- limit_req zone=one burst=1 nodelay;
- include fastcgi_params;
- fastcgi_pass php7;
- }
- # Disable wp-config.txt
- location = /wp-config.txt {
- deny all;
- access_log off;
- log_not_found off;
- }
- # Disallow php in upload folder
- location /wp-content/uploads/ {
- location ~ \.php$ {
- #Prevent Direct Access Of PHP Files From Web Browsers
- deny all;
- }
- }
- # Yoast sitemap
- location ~ ([^/]*)sitemap(.*)\.x(m|s)l$ {
- rewrite ^/sitemap\.xml$ /sitemap_index.xml permanent;
- rewrite ^/([a-z]+)?-?sitemap\.xsl$ /index.php?xsl=$1 last;
- # Rules for yoast sitemap with wp|wpsubdir|wpsubdomain
- rewrite ^.*/sitemap_index\.xml$ /index.php?sitemap=1 last;
- rewrite ^.*/([^/]+?)-sitemap([0-9]+)?\.xml$ /index.php?sitemap=$1&sitemap_n=$2 last;
- # Following lines are options. Needed for WordPress seo addons
- rewrite ^/news_sitemap\.xml$ /index.php?sitemap=wpseo_news last;
- rewrite ^/locations\.kml$ /index.php?sitemap=wpseo_local_kml last;
- rewrite ^/geo_sitemap\.xml$ /index.php?sitemap=wpseo_local last;
- rewrite ^/video-sitemap\.xsl$ /index.php?xsl=video last;
- access_log off;
- }`
- common/locations-php7.conf:
- `# NGINX CONFIGURATION FOR COMMON LOCATION
- # DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee)
- # Basic locations files
- location = /favicon.ico {
- access_log off;
- log_not_found off;
- expires max;
- }
- location = /robots.txt {
- # Some WordPress plugin gererate robots.txt file
- # Refer #340 issue
- try_files $uri $uri/ /index.php?$args;
- access_log off;
- log_not_found off;
- }
- # Cache static files
- location ~* \.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf|swf)$ {
- add_header "Access-Control-Allow-Origin" "*";
- access_log off;
- log_not_found off;
- expires max;
- }
- # Security settings for better privacy
- # Deny hidden files
- location ~ /\.well-known {
- allow all;
- }
- location ~ /\. {
- deny all;
- access_log off;
- log_not_found off;
- }
- # Deny backup extensions & log files
- location ~* ^.+\.(bak|log|old|orig|original|php#|php~|php_bak|save|swo|swp|sql)$ {
- deny all;
- access_log off;
- log_not_found off;
- }
- # Return 403 forbidden for readme.(txt|html) or license.(txt|html) or example.(txt|html)
- if ($uri ~* "^.+(readme|license|example)\.(txt|html)$") {
- return 403;
- }
- # Status pages
- location /nginx_status {
- stub_status on;
- access_log off;
- include common/acl.conf;
- }
- location ~ ^/(status|ping) {
- include fastcgi_params;
- fastcgi_pass php7;
- include common/acl.conf;
- }
- # EasyEngine (ee) utilities
- # phpMyAdmin settings
- location /pma {
- return 301 https://$host:22222/db/pma;
- }
- location /phpMyAdmin {
- return 301 https://$host:22222/db/pma;
- }
- location /phpmyadmin {
- return 301 https://$host:22222/db/pma;
- }
- # Adminer settings
- location /adminer {
- return 301 https://$host:22222/db/adminer;
- }`
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement