92 lines
2.5 KiB
Plaintext
92 lines
2.5 KiB
Plaintext
# NGINX CONFIGURATION FOR COMMON LOCATION - WO v3.9.7
|
|
# DO NOT MODIFY, ALL CHANGES WILL BE LOST AFTER AN WordOps (wo) UPDATE
|
|
# Basic locations files
|
|
location = /favicon.ico {
|
|
access_log off;
|
|
log_not_found off;
|
|
expires max;
|
|
}
|
|
# Cache static files
|
|
location ~* \.(ogg|ogv|svg|svgz|eot|otf|woff|woff2|ttf|m4a|mp4|ttf|rss|atom|jpe?g|gif|cur|heic|png|tiff|ico|webm|mp3|aac|tgz|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf|swf|webp|json)$ {
|
|
add_header "Access-Control-Allow-Origin" "*";
|
|
access_log off;
|
|
log_not_found off;
|
|
expires max;
|
|
gzip on;
|
|
gzip_vary on;
|
|
gzip_proxied any;
|
|
gzip_comp_level 6;
|
|
gzip_buffers 16 8k;
|
|
gzip_http_version 1.1;
|
|
gzip_types
|
|
application/atom+xml
|
|
application/javascript
|
|
application/json
|
|
application/rss+xml
|
|
application/vnd.ms-fontobject
|
|
application/x-font-ttf
|
|
application/x-web-app-manifest+json
|
|
application/xhtml+xml
|
|
application/xml
|
|
font/opentype
|
|
image/svg+xml
|
|
image/x-icon
|
|
text/css
|
|
text/plain
|
|
text/x-component
|
|
text/xml
|
|
text/javascript;
|
|
}
|
|
# Cache css & js files
|
|
location ~* \.(?:css(\.map)?|js(\.map)?)$ {
|
|
add_header "Access-Control-Allow-Origin" "*";
|
|
access_log off;
|
|
log_not_found off;
|
|
expires 30d;
|
|
gzip on;
|
|
gzip_vary on;
|
|
gzip_proxied any;
|
|
gzip_comp_level 6;
|
|
gzip_buffers 16 8k;
|
|
gzip_http_version 1.1;
|
|
gzip_types
|
|
application/atom+xml
|
|
application/javascript
|
|
application/json
|
|
application/rss+xml
|
|
application/vnd.ms-fontobject
|
|
application/x-font-ttf
|
|
application/x-web-app-manifest+json
|
|
application/xhtml+xml
|
|
application/xml
|
|
font/opentype
|
|
image/svg+xml
|
|
image/x-icon
|
|
text/css
|
|
text/plain
|
|
text/x-component
|
|
text/xml
|
|
text/javascript;
|
|
}
|
|
# Security settings for better privacy
|
|
# Deny hidden files
|
|
location ~ /\.(?!well-known\/) {
|
|
deny all;
|
|
}
|
|
# letsencrypt validation
|
|
location /.well-known/acme-challenge/ {
|
|
alias /var/www/html/.well-known/acme-challenge/;
|
|
allow all;
|
|
}
|
|
# Return 403 forbidden for readme.(txt|html) or license.(txt|html) or example.(txt|html) or other common git repository files
|
|
location ~* "/(^$|readme|license|example|README|LEGALNOTICE|INSTALLATION|CHANGELOG)\.(txt|html|md)" {
|
|
deny all;
|
|
}
|
|
# Deny backup extensions & log files and return 403 forbidden
|
|
location ~* "\.(old|orig|original|php#|php~|php_bak|save|swo|aspx?|tpl|sh|bash|bak?|cfg|cgi|dll|exe|git|hg|ini|jsp|log|mdb|out|sql|svn|swp|tar|rdf)$" {
|
|
deny all;
|
|
}
|
|
location ~* "/(=|\$&|_mm|(wp-)?config\.|cgi-|etc/passwd|muieblack)" {
|
|
deny all;
|
|
}
|