Malin/WPIQ
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
01ee8c0a13b19dede9c6931fe15cc72596dc4275
WPIQ/wo/cli/templates/locations.mustache

102 lines
2.8 KiB
Plaintext
Raw Normal View History

v3.11.0 (#211) - PHP 7.4 support - Improved Webp images support with Cloudflare (Issue [#95](https://github.com/WordOps/WordOps/issues/95)). Nginx will not serve webp images alternative with Cloudflare IP ranges. - Stack upgrade for adminer - Check acme.sh installation and setup acme.sh if needed before issuing certificate - Add `--ufw` to `wo stack status` - Add Nginx directive `gzip_static on;` to serve precompressed assets with Cache-Enabler or WP-Rocket. (Issue [#207](https://github.com/WordOps/WordOps/issues/207)) - Previous `--php73` & `--php73=off` flags are replaced by `--php72`, `--php73`, `--php74` to switch site's php version - phpMyAdmin updated to v4.9.2 - Adminer updated to v4.7.5 - Replace dot and dashes by underscores in database names (Issue [#206](https://github.com/WordOps/WordOps/issues/206)) - Increased database name length to 32 characters from domain name + 8 random characters - typo error in motd-news script (Issue [#204](https://github.com/WordOps/WordOps/issues/204)) - Install Nginx before ngxblocker - WordOps install/update script text color - Issue with MySQL stack on Raspbian 9/10 - Typo error (PR [#205](https://github.com/WordOps/WordOps/pull/205)) - php version in `wo debug` (PR [#209](https://github.com/WordOps/WordOps/pull/209)) - SSL certificates expiration display with shared wildcard certificates
2019-12-03 19:48:18 +01:00
# NGINX CONFIGURATION FOR COMMON LOCATION - WordOps {{release}}
Refactored
2018-11-13 21:55:59 +01:00
# DO NOT MODIFY, ALL CHANGES WILL BE LOST AFTER AN WordOps (wo) UPDATE
# Basic locations files
location = /favicon.ico {
Rollback
2019-09-02 18:56:34 +02:00
try_files /wp-content/uploads/fbrfg/favicon.ico $uri $uri/ /index.php?$args @empty_gif;
access_log off;
log_not_found off;
expires max;
}
location @empty_gif {
empty_gif;
Refactored
2018-11-13 21:55:59 +01:00
}
# Cache static files
small change in locations-wo
2019-10-26 23:29:32 +02:00
location ~* \.(ogg|ogv|svg|svgz|eot|otf|woff|woff2|ttf|m4a|mp4|ttf|rss|atom|jpe?g|gif|cur|heic|png|tiff|ico|webm|mp3|aac|tgz|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf|swf|webp|json|webmanifest|cast)$ {
Fix CORS header * additional security directives
2019-09-25 00:27:31 +02:00
more_set_headers 'Access-Control-Allow-Origin : *';
Rollback
2019-09-02 18:56:34 +02:00
more_set_headers "Cache-Control : public, no-transform";
new nginx configurations * letsencrypt validation in /var/www/html * new static files rules * robots.txt fallback for WP * harden nginx configurations
2018-12-11 01:37:36 +01:00
access_log off;
log_not_found off;
expires max;
}
# Cache css & js files
location ~* \.(?:css(\.map)?|js(\.map)?)$ {
Fix CORS header * additional security directives
2019-09-25 00:27:31 +02:00
more_set_headers 'Access-Control-Allow-Origin : *';
Rollback
2019-09-02 18:56:34 +02:00
more_set_headers "Cache-Control : public, no-transform";
new nginx configurations * letsencrypt validation in /var/www/html * new static files rules * robots.txt fallback for WP * harden nginx configurations
2018-12-11 01:37:36 +01:00
access_log off;
log_not_found off;
expires 30d;
Refactored
2018-11-13 21:55:59 +01:00
}
# Security settings for better privacy
# Deny hidden files
new nginx configurations * letsencrypt validation in /var/www/html * new static files rules * robots.txt fallback for WP * harden nginx configurations
2018-12-11 01:37:36 +01:00
location ~ /\.(?!well-known\/) {
deny all;
Refactored
2018-11-13 21:55:59 +01:00
}
new nginx configurations * letsencrypt validation in /var/www/html * new static files rules * robots.txt fallback for WP * harden nginx configurations
2018-12-11 01:37:36 +01:00
# letsencrypt validation
location /.well-known/acme-challenge/ {
alias /var/www/html/.well-known/acme-challenge/;
remove hhvm
2019-03-13 05:02:53 +01:00
allow all;
Refactored
2018-11-13 21:55:59 +01:00
}
new nginx configurations * letsencrypt validation in /var/www/html * new static files rules * robots.txt fallback for WP * harden nginx configurations
2018-12-11 01:37:36 +01:00
# Return 403 forbidden for readme.(txt|html) or license.(txt|html) or example.(txt|html) or other common git repository files
location ~* "/(^$|readme|license|example|README|LEGALNOTICE|INSTALLATION|CHANGELOG)\.(txt|html|md)" {
deny all;
}
# Deny backup extensions & log files and return 403 forbidden
v3.11.0 (#211) - PHP 7.4 support - Improved Webp images support with Cloudflare (Issue [#95](https://github.com/WordOps/WordOps/issues/95)). Nginx will not serve webp images alternative with Cloudflare IP ranges. - Stack upgrade for adminer - Check acme.sh installation and setup acme.sh if needed before issuing certificate - Add `--ufw` to `wo stack status` - Add Nginx directive `gzip_static on;` to serve precompressed assets with Cache-Enabler or WP-Rocket. (Issue [#207](https://github.com/WordOps/WordOps/issues/207)) - Previous `--php73` & `--php73=off` flags are replaced by `--php72`, `--php73`, `--php74` to switch site's php version - phpMyAdmin updated to v4.9.2 - Adminer updated to v4.7.5 - Replace dot and dashes by underscores in database names (Issue [#206](https://github.com/WordOps/WordOps/issues/206)) - Increased database name length to 32 characters from domain name + 8 random characters - typo error in motd-news script (Issue [#204](https://github.com/WordOps/WordOps/issues/204)) - Install Nginx before ngxblocker - WordOps install/update script text color - Issue with MySQL stack on Raspbian 9/10 - Typo error (PR [#205](https://github.com/WordOps/WordOps/pull/205)) - php version in `wo debug` (PR [#209](https://github.com/WordOps/WordOps/pull/209)) - SSL certificates expiration display with shared wildcard certificates
2019-12-03 19:48:18 +01:00
location ~* "\.(old|orig|original|php#|php~|php_bak|save|swo|aspx?|tpl|sh|bash|bak?|cfg|cgi|dll|exe|git|hg|ini|jsp|log|mdb|out|sql|svn|swp|tar|rdf|gz|zip|bz2|7z|pem|asc|conf|dump)$" {
new nginx configurations * letsencrypt validation in /var/www/html * new static files rules * robots.txt fallback for WP * harden nginx configurations
2018-12-11 01:37:36 +01:00
deny all;
Refactored
2018-11-13 21:55:59 +01:00
}
new nginx configurations * letsencrypt validation in /var/www/html * new static files rules * robots.txt fallback for WP * harden nginx configurations
2018-12-11 01:37:36 +01:00
location ~* "/(=|\$&|_mm|(wp-)?config\.|cgi-|etc/passwd|muieblack)" {
deny all;
Refactored
2018-11-13 21:55:59 +01:00
}
Fix `wo upgrade`
2019-08-20 13:53:41 +02:00
# block base64_encoded content
location ~* "(base64_encode)(.*)(\()" {
deny all;
}
# block javascript eval()
location ~* "(eval\()" {
deny all;
}
# Additional security settings
location ~* "(127\.0\.0\.1)" {
deny all;
}
location ~* "([a-z0-9]{2000})" {
deny all;
}
location ~* "(javascript\:)(.*)(\;)" {
deny all;
}
location ~* "(GLOBALS|REQUEST)(=|\[|%)" {
deny all;
}
location ~* "(<|%3C).*script.*(>|%3)" {
deny all;
}
location ~ "(\\|\.\.\.|\.\./|~|`|<|>|\|)" {
deny all;
}
location ~* "(boot\.ini|etc/passwd|self/environ)" {
deny all;
}
location ~* "(thumbs?(_editor|open)?|tim(thumb)?)\.php" {
deny all;
}
location ~* "(\'|\")(.*)(drop|insert|md5|select|union)" {
deny all;
}
location ~* "(https?|ftp|php):/" {
deny all;
}
location ~* "(=\\\'|=\\%27|/\\\'/?)\." {
deny all;
}
location ~ "(\{0\}|\(/\(|\.\.\.|\+\+\+|\\\"\\\")" {
deny all;
}
location ~ "(~|`|<|>|:|;|%|\\|\s|\{|\}|\[|\]|\|)" {
deny all;
}
Reference in New Issue Copy Permalink