webserver/nginx-snippets
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

initial commit

Browse Source
This commit is contained in:
allan
2025-11-02 11:49:39 +01:00
commit ec9dcadf58
47 changed files with 1997 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
LICENSE Normal file
View File

@@ -0,0 +1,21 @@
MIT License
Copyright (c) 2025 Allan Christensen
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

40
README.md Normal file
View File

@@ -0,0 +1,40 @@
# Nginx Snippets for Ubuntu 24.04 Server
[![OS](https://img.shields.io/badge/ubuntu-24.04-E95420)](#)
[![Shell](https://img.shields.io/badge/shell-bash-121011)](#)
[![WebServer](https://img.shields.io/badge/server-nginx-009639)](#)
[![PHP](https://img.shields.io/badge/php-fpm-777BB4)](#)
[![License](https://img.shields.io/badge/License-MIT-green)](./LICENSE)
Reusable and modular configuration snippets for use with Nginx on Ubuntu 24.04 Server.
### Prerequisites
Nginx must be installed and running before using these snippets.
### Download the Snippets
Clone the repository directly into your Nginx configuration directory:
```
git clone https://git.x-files.dk/webserver/nginx-snippets.git /etc/nginx/nginx-snippets
```
### Usage
An example configuration file can be found [here](https://git.x-files.dk/webserver/nginx-snippets/src/branch/main/hostfiles/example.80.conf).
> **NOTE**
> If you already installed Nginx using the method described [here](https://git.x-files.dk/webserver/nginx-ubuntu), these code snippets are already included by default.
### Post-install
Nothing to do.
---
### More Information
More guides and documentation can be found on [wiki.x-files.dk](https://wiki.x-files.dk)
---
### License
Licensed under the [MIT License](./LICENSE).
---

15
block-bots.conf Normal file
View File

@@ -0,0 +1,15 @@
map $http_user_agent $bad_user_agent {
default 0;
"~*backdoor" 1;
"~LieBaoFast" 1;
"~AhrefsBot" 1;
"~DotBot" 1;
"~MauiBot" 1;
"~MJ12Bot" 1;
"~PetalBot" 1;
"~PetalBot" 1;
"~SEMrushBot" 1;
"~UCBrowser" 1;
}

1
block-engines.conf Normal file
View File

@@ -0,0 +1 @@
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";

8
block-file-access.conf Normal file
View File

@@ -0,0 +1,8 @@
location ~ /\.git {
deny all;
return 404;
}
location ~ (\.aws$|\.cgi$|\.env$|\.perl$|\.pl$|\.py$|\.sh$) {
return 444;
}

4
block-htaccess.conf Normal file
View File

@@ -0,0 +1,4 @@
location ~ /\.ht {
deny all;
return 404;
}

32
block-referer.conf Normal file
View File

@@ -0,0 +1,32 @@
map $http_referer $bad_referer {
hostnames;
default 0;
"~binance.com" 1;
"~social-buttons.com" 1;
"~semalt.com" 1;
"~kambasoft.com" 1;
"~savetubevideo.com" 1;
"~descargar-musica-gratis.net" 1;
"~7makemoneyonline.com" 1;
"~baixar-musicas-gratis.com" 1;
"~iloveitaly.com" 1;
"~ilovevitaly.ru" 1;
"~fbdownloader.com" 1;
"~econom.co" 1;
"~buttons-for-website.com" 1;
"~buttons-for-your-website.com" 1;
"~srecorder.co" 1;
"~darodar.com" 1;
"~priceg.com" 1;
"~blackhatworth.com" 1;
"~adviceforum.info" 1;
"~hulfingtonpost.com" 1;
"~best-seo-solution.com" 1;
"~googlsucks.com" 1;
"~theguardlan.com" 1;
"~i-x.wiki" 1;
"~buy-cheap-online.info" 1;
"~Get-Free-Traffic-Now.com" 1;
}

4
cache-js-css.conf Normal file
View File

@@ -0,0 +1,4 @@
location ~* ^.+\.(css|js)$ {
expires 1y;
add_header Cache-Control "max-age=31600000, public";
}

4
cache-open-files.conf Normal file
View File

@@ -0,0 +1,4 @@
open_file_cache max=10000 inactive=20s;
open_file_cache_valid 30s;
open_file_cache_min_uses 2;
open_file_cache_errors on;

6
cache-statics.conf Normal file
View File

@@ -0,0 +1,6 @@
location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|woff2|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
expires max;
add_header Cache-Control "public";
access_log off;
log_not_found off;
}

27
cloudflare.conf Normal file
View File

@@ -0,0 +1,27 @@
# - IPv4
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 103.21.244.0/22;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 103.31.4.0/22;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 108.162.192.0/18;
set_real_ip_from 190.93.240.0/20;
set_real_ip_from 188.114.96.0/20;
set_real_ip_from 197.234.240.0/22;
set_real_ip_from 198.41.128.0/17;
set_real_ip_from 162.158.0.0/15;
set_real_ip_from 104.16.0.0/13;
set_real_ip_from 104.24.0.0/14;
set_real_ip_from 172.64.0.0/13;
set_real_ip_from 131.0.72.0/22;
# - IPv6
set_real_ip_from 2400:cb00::/32;
set_real_ip_from 2606:4700::/32;
set_real_ip_from 2803:f800::/32;
set_real_ip_from 2405:b500::/32;
set_real_ip_from 2405:8100::/32;
set_real_ip_from 2a06:98c0::/29;
set_real_ip_from 2c0f:f248::/32;
real_ip_header CF-Connecting-IP;

20
custom-errors.conf Normal file
View File

@@ -0,0 +1,20 @@
error_page 400 /errorpages/custom_400.html;
error_page 401 /errorpages/custom_401.html;
error_page 403 /errorpages/custom_403.html;
error_page 404 /errorpages/custom_404.html;
error_page 500 /errorpages/custom_500.html;
error_page 502 /errorpages/custom_502.html;
error_page 503 /errorpages/custom_503.html;
error_page 504 /errorpages/custom_504.html;
# Serve all HTML, CSS, and image assets from one directory
location ^~ /errorpages/ {
alias /etc/nginx/nginx-snippets/errorpages/;
# Restrict to safe static types
types {
text/html html;
text/css css;
image/png png;
}
default_type text/html;
}

44
errorpages/custom_400.html Normal file
View File

@@ -0,0 +1,44 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="robots" content="noindex">
<title>400 BAD REQUEST</title>
<link rel="stylesheet" href="/errorpages/style.css">
</head>
<body>
<div class="error-container">
<svg width="300" height="300" viewBox="0 0 300 300"
xmlns="http://www.w3.org/2000/svg">
<!-- PNG logo in the middle -->
<image href="/errorpages/logo.png"
width="100" height="100"
x="100" y="100"/>
<!-- Arc paths -->
<defs>
<path id="topArc" d="M 92,150 A 58,58 0 0,1 208,150" fill="none"/>
<path id="bottomArc" d="M 80,150 A 70,70 0 0,0 220,150" fill="none"/>
</defs>
<!-- Top text -->
<text text-anchor="middle" class="error-text">
<textPath href="#topArc" startOffset="50%">
BAD REQUEST
</textPath>
</text>
<!-- Bottom text -->
<text text-anchor="middle" class="error-code">
<textPath href="#bottomArc" startOffset="50%">
400
</textPath>
</text>
</svg>
</div>
</body>
</html>

44
errorpages/custom_401.html Normal file
View File

@@ -0,0 +1,44 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="robots" content="noindex">
<title>401 UNAUTHORIZED</title>
<link rel="stylesheet" href="/errorpages/style.css">
</head>
<body>
<div class="error-container">
<svg width="300" height="300" viewBox="0 0 300 300"
xmlns="http://www.w3.org/2000/svg">
<!-- PNG logo in the middle -->
<image href="/errorpages/logo.png"
width="100" height="100"
x="100" y="100"/>
<!-- Arc paths -->
<defs>
<path id="topArc" d="M 92,150 A 58,58 0 0,1 208,150" fill="none"/>
<path id="bottomArc" d="M 80,150 A 70,70 0 0,0 220,150" fill="none"/>
</defs>
<!-- Top text -->
<text text-anchor="middle" class="error-text">
<textPath href="#topArc" startOffset="50%">
UNAUTHORIZED
</textPath>
</text>
<!-- Bottom text -->
<text text-anchor="middle" class="error-code">
<textPath href="#bottomArc" startOffset="50%">
401
</textPath>
</text>
</svg>
</div>
</body>
</html>

44
errorpages/custom_402.html Normal file
View File

@@ -0,0 +1,44 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="robots" content="noindex">
<title>402 PAYMENT REQUIRED</title>
<link rel="stylesheet" href="/errorpages/style.css">
</head>
<body>
<div class="error-container">
<svg width="300" height="300" viewBox="0 0 300 300"
xmlns="http://www.w3.org/2000/svg">
<!-- PNG logo in the middle -->
<image href="/errorpages/logo.png"
width="100" height="100"
x="100" y="100"/>
<!-- Arc paths -->
<defs>
<path id="topArc" d="M 92,150 A 58,58 0 0,1 208,150" fill="none"/>
<path id="bottomArc" d="M 80,150 A 70,70 0 0,0 220,150" fill="none"/>
</defs>
<!-- Top text -->
<text text-anchor="middle" class="error-text">
<textPath href="#topArc" startOffset="50%">
PAYMENT REQUIRED
</textPath>
</text>
<!-- Bottom text -->
<text text-anchor="middle" class="error-code">
<textPath href="#bottomArc" startOffset="50%">
402
</textPath>
</text>
</svg>
</div>
</body>
</html>

44
errorpages/custom_403.html Normal file
View File

@@ -0,0 +1,44 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="robots" content="noindex">
<title>403 FORBIDDEN</title>
<link rel="stylesheet" href="/errorpages/style.css">
</head>
<body>
<div class="error-container">
<svg width="300" height="300" viewBox="0 0 300 300"
xmlns="http://www.w3.org/2000/svg">
<!-- PNG logo in the middle -->
<image href="/errorpages/logo.png"
width="100" height="100"
x="100" y="100"/>
<!-- Arc paths -->
<defs>
<path id="topArc" d="M 92,150 A 58,58 0 0,1 208,150" fill="none"/>
<path id="bottomArc" d="M 80,150 A 70,70 0 0,0 220,150" fill="none"/>
</defs>
<!-- Top text -->
<text text-anchor="middle" class="error-text">
<textPath href="#topArc" startOffset="50%">
FORBIDDEN
</textPath>
</text>
<!-- Bottom text -->
<text text-anchor="middle" class="error-code">
<textPath href="#bottomArc" startOffset="50%">
403
</textPath>
</text>
</svg>
</div>
</body>
</html>

44
errorpages/custom_404.html Normal file
View File

@@ -0,0 +1,44 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="robots" content="noindex">
<title>404 NOT FOUND</title>
<link rel="stylesheet" href="/errorpages/style.css">
</head>
<body>
<div class="error-container">
<svg width="300" height="300" viewBox="0 0 300 300"
xmlns="http://www.w3.org/2000/svg">
<!-- PNG logo in the middle -->
<image href="/errorpages/logo.png"
width="100" height="100"
x="100" y="100"/>
<!-- Arc paths -->
<defs>
<path id="topArc" d="M 92,150 A 58,58 0 0,1 208,150" fill="none"/>
<path id="bottomArc" d="M 80,150 A 70,70 0 0,0 220,150" fill="none"/>
</defs>
<!-- Top text -->
<text text-anchor="middle" class="error-text">
<textPath href="#topArc" startOffset="50%">
NOT FOUND
</textPath>
</text>
<!-- Bottom text -->
<text text-anchor="middle" class="error-code">
<textPath href="#bottomArc" startOffset="50%">
404
</textPath>
</text>
</svg>
</div>
</body>
</html>

44
errorpages/custom_500.html Normal file
View File

@@ -0,0 +1,44 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="robots" content="noindex">
<title>500 INTERNAL SERVER ERROR</title>
<link rel="stylesheet" href="/errorpages/style.css">
</head>
<body>
<div class="error-container">
<svg width="300" height="300" viewBox="0 0 300 300"
xmlns="http://www.w3.org/2000/svg">
<!-- PNG logo in the middle -->
<image href="/errorpages/logo.png"
width="100" height="100"
x="100" y="100"/>
<!-- Arc paths -->
<defs>
<path id="topArc" d="M 92,150 A 58,58 0 0,1 208,150" fill="none"/>
<path id="bottomArc" d="M 80,150 A 70,70 0 0,0 220,150" fill="none"/>
</defs>
<!-- Top text -->
<text text-anchor="middle" class="error-text">
<textPath href="#topArc" startOffset="50%">
INTERNAL SERVER ERROR
</textPath>
</text>
<!-- Bottom text -->
<text text-anchor="middle" class="error-code">
<textPath href="#bottomArc" startOffset="50%">
500
</textPath>
</text>
</svg>
</div>
</body>
</html>

44
errorpages/custom_501.html Normal file
View File

@@ -0,0 +1,44 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="robots" content="noindex">
<title>501 NOT IMPLEMENTED</title>
<link rel="stylesheet" href="/errorpages/style.css">
</head>
<body>
<div class="error-container">
<svg width="300" height="300" viewBox="0 0 300 300"
xmlns="http://www.w3.org/2000/svg">
<!-- PNG logo in the middle -->
<image href="/errorpages/logo.png"
width="100" height="100"
x="100" y="100"/>
<!-- Arc paths -->
<defs>
<path id="topArc" d="M 92,150 A 58,58 0 0,1 208,150" fill="none"/>
<path id="bottomArc" d="M 80,150 A 70,70 0 0,0 220,150" fill="none"/>
</defs>
<!-- Top text -->
<text text-anchor="middle" class="error-text">
<textPath href="#topArc" startOffset="50%">
NOT IMPLEMENTED
</textPath>
</text>
<!-- Bottom text -->
<text text-anchor="middle" class="error-code">
<textPath href="#bottomArc" startOffset="50%">
501
</textPath>
</text>
</svg>
</div>
</body>
</html>

44
errorpages/custom_502.html Normal file
View File

@@ -0,0 +1,44 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="robots" content="noindex">
<title>502 BAD GATEWAY</title>
<link rel="stylesheet" href="/errorpages/style.css">
</head>
<body>
<div class="error-container">
<svg width="300" height="300" viewBox="0 0 300 300"
xmlns="http://www.w3.org/2000/svg">
<!-- PNG logo in the middle -->
<image href="/errorpages/logo.png"
width="100" height="100"
x="100" y="100"/>
<!-- Arc paths -->
<defs>
<path id="topArc" d="M 92,150 A 58,58 0 0,1 208,150" fill="none"/>
<path id="bottomArc" d="M 80,150 A 70,70 0 0,0 220,150" fill="none"/>
</defs>
<!-- Top text -->
<text text-anchor="middle" class="error-text">
<textPath href="#topArc" startOffset="50%">
BAD GATEWAY
</textPath>
</text>
<!-- Bottom text -->
<text text-anchor="middle" class="error-code">
<textPath href="#bottomArc" startOffset="50%">
502
</textPath>
</text>
</svg>
</div>
</body>
</html>

44
errorpages/custom_503.html Normal file
View File

@@ -0,0 +1,44 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="robots" content="noindex">
<title>503 SERVICE UNAVAILABLE</title>
<link rel="stylesheet" href="/errorpages/style.css">
</head>
<body>
<div class="error-container">
<svg width="300" height="300" viewBox="0 0 300 300"
xmlns="http://www.w3.org/2000/svg">
<!-- PNG logo in the middle -->
<image href="/errorpages/logo.png"
width="100" height="100"
x="100" y="100"/>
<!-- Arc paths -->
<defs>
<path id="topArc" d="M 92,150 A 58,58 0 0,1 208,150" fill="none"/>
<path id="bottomArc" d="M 80,150 A 70,70 0 0,0 220,150" fill="none"/>
</defs>
<!-- Top text -->
<text text-anchor="middle" class="error-text">
<textPath href="#topArc" startOffset="50%">
SERVICE UNAVAILABLE
</textPath>
</text>
<!-- Bottom text -->
<text text-anchor="middle" class="error-code">
<textPath href="#bottomArc" startOffset="50%">
503
</textPath>
</text>
</svg>
</div>
</body>
</html>

44
errorpages/custom_504.html Normal file
View File

@@ -0,0 +1,44 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="robots" content="noindex">
<title>504 GATEWAY TIMEOUT</title>
<link rel="stylesheet" href="/errorpages/style.css">
</head>
<body>
<div class="error-container">
<svg width="300" height="300" viewBox="0 0 300 300"
xmlns="http://www.w3.org/2000/svg">
<!-- PNG logo in the middle -->
<image href="/errorpages/logo.png"
width="100" height="100"
x="100" y="100"/>
<!-- Arc paths -->
<defs>
<path id="topArc" d="M 92,150 A 58,58 0 0,1 208,150" fill="none"/>
<path id="bottomArc" d="M 80,150 A 70,70 0 0,0 220,150" fill="none"/>
</defs>
<!-- Top text -->
<text text-anchor="middle" class="error-text">
<textPath href="#topArc" startOffset="50%">
GATEWAY TIMEOUT
</textPath>
</text>
<!-- Bottom text -->
<text text-anchor="middle" class="error-code">
<textPath href="#bottomArc" startOffset="50%">
504
</textPath>
</text>
</svg>
</div>
</body>
</html>

BIN
errorpages/logo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 3.1 KiB

37
errorpages/style.css Normal file
View File

@@ -0,0 +1,37 @@
/*
#
# Full height page, flexbox centers the SVG horizontally and vertically.
#
*/
html, body {
height: 100%;
margin: 0;
background: #fff;
}
body {
display: flex;
justify-content: center;
align-items: center;
}
/*
#
# Force SVG to act as a block so flexbox can center it properly.
#
*/
svg {
display: block;
}
/*
#
# Text style for the arc labels.
#
*/
svg text {
font-family: Arial, sans-serif;
font-size: 12px;
fill: #d90000;
letter-spacing: 1px;
}

9
gzipconfig.conf Normal file
View File

@@ -0,0 +1,9 @@
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_min_length 256;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript image/svg+xml;

39
hostfiles/README.md Normal file
View File

@@ -0,0 +1,39 @@
# Nginx Hostfile Configuration Guide
[![OS](https://img.shields.io/badge/ubuntu-24.04-E95420)](#)
[![Shell](https://img.shields.io/badge/shell-bash-121011)](#)
[![WebServer](https://img.shields.io/badge/server-nginx-009639)](#)
[![PHP](https://img.shields.io/badge/php-fpm-777BB4)](#)
[![License](https://img.shields.io/badge/License-MIT-green)](./LICENSE)
Instructions for adjusting host-specific configuration files included with the **nginx-snippets** collection.
## Configuration Adjustments Required
### Domain
Replace every occurrence of the variable `DOMAIN` in the configuration file with your actual domain name.
### PHP Socket
Update the PHP-FPM socket reference to match the version currently installed. For example, change:
```
PHPVERSION.sock
```
to something like:
```
php8.3-fpm.sock
```
---
### More Information
More guides and documentation can be found on [wiki.x-files.dk](https://wiki.x-files.dk)
---
### License
Licensed under the [MIT License](./LICENSE).
---

117
hostfiles/dokuwiki.443.conf Normal file
View File

@@ -0,0 +1,117 @@
##### Process http start #######################################################
server {
listen 80;
server_name DOMAIN;
server_tokens off;
return 301 https://DOMAIN$request_uri;
}
##### Process http stop ########################################################
##### Process https start ######################################################
server {
listen 443 ssl http2;
server_name DOMAIN;
server_tokens off;
root /var/www/html/DOMAIN;
index doku.php;
##### SSL configuration start ##############################################
# ssl_protocols TLSv1.2 TLSv1.3;
# ssl_ciphers EECDH+AESGCM:EDH+AESGCM;
# ssl_prefer_server_ciphers off;
# ssl_stapling on;
# ssl_stapling_verify on;
# resolver 8.8.4.4 8.8.8.8;
# resolver_timeout 5s;
# ssl_session_timeout 1d;
# ssl_session_tickets off;
# ssl_session_cache shared:SSL:10m;
# ssl_certificate /etc/letsencrypt/live/DOMAIN/fullchain.pem;
# ssl_certificate_key /etc/letsencrypt/live/DOMAIN/privkey.pem;
# ssl_trusted_certificate /etc/letsencrypt/live/DOMAIN/fullchain.pem;
##### SSL configuration stop ###############################################
##### XSS headers start ####################################################
# add_header X-Frame-Options DENY;
# add_header X-Frame-Options SAMEORIGIN;
# add_header X-Content-Type-Options nosniff;
# add_header X-XSS-Protection "1; mode=block";
# add_header Permissions-Policy interest-cohort=();
# add_header Content-Security-Policy "default-src 'self'";
# add_header Referrer-Policy strict-origin-when-cross-origin;
# add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
##### XSS headers stop #####################################################
##### Optional include custom Error pages start ############################
include /etc/nginx/nginx-snippets/custom-errors.conf;
##### Optional include custom Error pages stop #############################
##### Optional disable gzip start ##########################################
# gzip off;
##### Optional disable gzip stop ###########################################
##### Optional disable access log start ####################################
# access_log off;
##### Optional disable access log stop #####################################
##### Block Bad referers and bad bots start ################################
if ($bad_referer) { return 444; }
if ($bad_user_agent) { return 444; }
##### Block Bad referers and bad bots stop #################################
##### Optional stuff start #################################################
# include /etc/nginx/nginx-snippets/block-engines.conf;
include /etc/nginx/nginx-snippets/log-exclude.conf;
include /etc/nginx/nginx-snippets/block-htaccess.conf;
include /etc/nginx/nginx-snippets/block-file-access.conf;
##### Optional stuff stop ##################################################
##### Enable fastcgi cache start ###########################################
set $skip_cache 0;
##### Enable fastcgi cache stop ############################################
##### Process content start ################################################
location / {
# include /etc/nginx/nginx-snippets/block-engines.conf;
include /etc/nginx/nginx-snippets/log-exclude.conf;
include /etc/nginx/nginx-snippets/block-file-access.conf;
include /etc/nginx/nginx-snippets/block-htaccess.conf;
try_files $uri $uri/ @dokuwiki;
}
##### Process content stop #################################################
# Dokuwiki hardening start #################################################
# Uncomment these 2 lines containing "location" after dokuwiki is installed
# ||
# \/
# location ~ /(data|conf|bin|inc|vendor)/ { deny all; }
# location ~ /install.php { deny all; }
# /\
# ||
# Uncomment these 2 lines containing "location" after dokuwiki is installed
# Dokuwiki hardening stop ##################################################
##### Dokuwiki specific start ##############################################
location @dokuwiki {
rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last;
rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last;
rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last;
rewrite ^/(.*) /doku.php?id=$1&$args last;
}
##### Dokuwiki specific stop ###############################################
##### Process php start ####################################################
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/PHPVERSION.sock;
include /etc/nginx/nginx-snippets/microcache.conf;
}
##### Process php stop #####################################################
##### Cache js css static content and open files start #####################
# include /etc/nginx/nginx-snippets/cache-open-files.conf;
# include /etc/nginx/nginx-snippets/cache-statics.conf;
# include /etc/nginx/nginx-snippets/cache-js-css.conf;
##### Cache js css static content and open files stop ######################
}
##### Process https stop #######################################################

81
hostfiles/dokuwiki.80.conf Normal file
View File

@@ -0,0 +1,81 @@
##### Process http start #######################################################
server {
listen 80;
server_name DOMAIN;
server_tokens off;
root /var/www/html/DOMAIN;
index doku.php;
##### Optional include custom Error pages start ############################
include /etc/nginx/nginx-snippets/custom-errors.conf;
##### Optional include custom Error pages stop #############################
##### Optional disable gzip start ##########################################
# gzip off;
##### Optional disable gzip stop ###########################################
##### Optional disable access log start ####################################
# access_log off;
##### Optional disable access log stop #####################################
##### Block Bad referers and bad bots start ################################
if ($bad_referer) { return 444; }
if ($bad_user_agent) { return 444; }
##### Block Bad referers and bad bots stop #################################
##### Optional stuff start #################################################
# include /etc/nginx/nginx-snippets/block-engines.conf;
include /etc/nginx/nginx-snippets/log-exclude.conf;
include /etc/nginx/nginx-snippets/block-htaccess.conf;
include /etc/nginx/nginx-snippets/block-file-access.conf;
##### Optional stuff stop ##################################################
##### Enable fastcgi cache start ###########################################
set $skip_cache 0;
##### Enable fastcgi cache stop ############################################
##### Process content start ################################################
location / {
# include /etc/nginx/nginx-snippets/block-engines.conf;
include /etc/nginx/nginx-snippets/log-exclude.conf;
include /etc/nginx/nginx-snippets/block-file-access.conf;
include /etc/nginx/nginx-snippets/block-htaccess.conf;
try_files $uri $uri/ @dokuwiki;
}
##### Process content stop #################################################
# Dokuwiki hardening start #################################################
# Uncomment these 2 lines containing "location" after dokuwiki is installed
# ||
# \/
# location ~ /(data|conf|bin|inc|vendor)/ { deny all; }
# location ~ /install.php { deny all; }
# /\
# ||
# Uncomment these 2 lines containing "location" after dokuwiki is installed
# Dokuwiki hardening stop ##################################################
##### Dokuwiki specific start ##############################################
location @dokuwiki {
rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last;
rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last;
rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last;
rewrite ^/(.*) /doku.php?id=$1&$args last;
}
##### Dokuwiki specific stop ###############################################
##### Process php start ####################################################
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/PHPVERSION.sock;
include /etc/nginx/nginx-snippets/microcache.conf;
}
##### Process php stop #####################################################
##### Cache js css static content and open files start #####################
# include /etc/nginx/nginx-snippets/cache-open-files.conf;
# include /etc/nginx/nginx-snippets/cache-statics.conf;
# include /etc/nginx/nginx-snippets/cache-js-css.conf;
##### Cache js css static content and open files stop ######################
}
##### Process http stop ########################################################

94
hostfiles/example.443.conf Normal file
View File

@@ -0,0 +1,94 @@
##### Process http start #######################################################
server {
listen 80;
server_name DOMAIN;
return 301 https://DOMAIN$request_uri;
server_tokens off;
}
##### Process http stop ########################################################
##### Process https start ######################################################
server {
listen 443 ssl http2;
server_name DOMAIN;
server_tokens off;
root /var/www/html/DOMAIN;
index index.php index.html;
##### SSL configuration start ##############################################
# ssl_protocols TLSv1.2 TLSv1.3;
# ssl_ciphers EECDH+AESGCM:EDH+AESGCM;
# ssl_prefer_server_ciphers off;
# ssl_stapling on;
# ssl_stapling_verify on;
# resolver 8.8.4.4 8.8.8.8;
# resolver_timeout 5s;
# ssl_session_timeout 1d;
# ssl_session_tickets off;
# ssl_session_cache shared:SSL:10m;
# ssl_certificate /etc/letsencrypt/live/DOMAIN/fullchain.pem;
# ssl_certificate_key /etc/letsencrypt/live/DOMAIN/privkey.pem;
# ssl_trusted_certificate /etc/letsencrypt/live/DOMAIN/fullchain.pem;
##### SSL configuration stop ###############################################
##### XSS headers start ####################################################
# add_header X-Frame-Options DENY;
# add_header X-Frame-Options SAMEORIGIN;
# add_header X-Content-Type-Options nosniff;
# add_header X-XSS-Protection "1; mode=block";
# add_header Permissions-Policy interest-cohort=();
# add_header Content-Security-Policy "default-src 'self'";
# add_header Referrer-Policy strict-origin-when-cross-origin;
# add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
##### XSS headers stop #####################################################
##### Optional include custom Error pages start ############################
include /etc/nginx/nginx-snippets/custom-errors.conf;
##### Optional include custom Error pages stop #############################
##### Optional disable gzip start ##########################################
# gzip off;
##### Optional disable gzip stop ###########################################
##### Optional disable access log start ####################################
# access_log off;
##### Optional disable access log stop #####################################
##### Block Bad referers and bad bots start ################################
if ($bad_referer) { return 444; }
if ($bad_user_agent) { return 444; }
##### Block Bad referers and bad bots stop #################################
##### Optional stuff start #################################################
# include /etc/nginx/nginx-snippets/block-engines.conf;
include /etc/nginx/nginx-snippets/log-exclude.conf;
include /etc/nginx/nginx-snippets/block-htaccess.conf;
include /etc/nginx/nginx-snippets/block-file-access.conf;
##### Optional stuff stop ##################################################
##### Enable fastcgi cache start ###########################################
set $skip_cache 0;
##### Enable fastcgi cache stop ############################################
##### Process content start ################################################
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
##### Process content stop #################################################
##### Process php start ####################################################
location ~ \.php$ {
# include /etc/nginx/nginx-snippets/proxyheader.conf;
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/PHPVERSION.sock;
include /etc/nginx/nginx-snippets/microcache.conf;
}
##### Process php stop #####################################################
##### Cache js css static content and open files start #####################
# include /etc/nginx/nginx-snippets/cache-open-files.conf;
# include /etc/nginx/nginx-snippets/cache-statics.conf;
# include /etc/nginx/nginx-snippets/cache-js-css.conf;
##### Cache js css static content and open files stop ######################
}
##### Process https stop #######################################################

58
hostfiles/example.80.conf Normal file
View File

@@ -0,0 +1,58 @@
##### Process http start #######################################################
server {
listen 80;
server_name DOMAIN;
server_tokens off;
root /var/www/html/DOMAIN;
index index.php index.html;
##### Optional include custom Error pages start ############################
include /etc/nginx/nginx-snippets/custom-errors.conf;
##### Optional include custom Error pages stop #############################
##### Optional disable gzip start ##########################################
# gzip off;
##### Optional disable gzip stop ###########################################
##### Optional disable access log start ####################################
# access_log off;
##### Optional disable access log stop #####################################
##### Block Bad referers and bad bots start ################################
if ($bad_referer) { return 444; }
if ($bad_user_agent) { return 444; }
##### Block Bad referers and bad bots stop #################################
##### Optional stuff start #################################################
# include /etc/nginx/nginx-snippets/block-engines.conf;
include /etc/nginx/nginx-snippets/log-exclude.conf;
include /etc/nginx/nginx-snippets/block-htaccess.conf;
include /etc/nginx/nginx-snippets/block-file-access.conf;
##### Optional stuff stop ##################################################
##### Enable fastcgi cache start ###########################################
set $skip_cache 0;
##### Enable fastcgi cache stop ############################################
##### Process content start ################################################
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
##### Process content stop #################################################
##### Process php start ####################################################
location ~ \.php$ {
# include /etc/nginx/nginx-snippets/proxyheader.conf;
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/PHPVERSION.sock;
include /etc/nginx/nginx-snippets/microcache.conf;
}
##### Process php stop #####################################################
##### Cache js css static content and open files start #####################
# include /etc/nginx/nginx-snippets/cache-open-files.conf;
# include /etc/nginx/nginx-snippets/cache-statics.conf;
# include /etc/nginx/nginx-snippets/cache-js-css.conf;
##### Cache js css static content and open files stop ######################
}
##### Process http stop ########################################################

88
hostfiles/gitea-multi.443.conf Normal file
View File

@@ -0,0 +1,88 @@
##### Process http start #######################################################
server {
listen 80;
server_name DOMAIN;
return 301 https://DOMAIN$request_uri;
server_tokens off;
}
##### Process http stop ########################################################
##### Process https start ######################################################
server {
listen 443 ssl http2;
server_name DOMAIN;
server_tokens off;
##### SSL configuration start ##############################################
# ssl_protocols TLSv1.2 TLSv1.3;
# ssl_ciphers EECDH+AESGCM:EDH+AESGCM;
# ssl_prefer_server_ciphers off;
# ssl_stapling on;
# ssl_stapling_verify on;
# resolver 8.8.4.4 8.8.8.8;
# resolver_timeout 5s;
# ssl_session_timeout 1d;
# ssl_session_tickets off;
# ssl_session_cache shared:SSL:10m;
# ssl_certificate /etc/letsencrypt/live/DOMAIN/fullchain.pem;
# ssl_certificate_key /etc/letsencrypt/live/DOMAIN/privkey.pem;
# ssl_trusted_certificate /etc/letsencrypt/live/DOMAIN/fullchain.pem;
##### SSL configuration stop ###############################################
##### XSS headers start ####################################################
# add_header X-Frame-Options DENY;
# add_header X-Frame-Options SAMEORIGIN;
# add_header X-Content-Type-Options nosniff;
# add_header X-XSS-Protection "1; mode=block";
# add_header Permissions-Policy interest-cohort=();
# add_header Content-Security-Policy "default-src 'self'";
# add_header Referrer-Policy strict-origin-when-cross-origin;
# add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
##### XSS headers stop #####################################################
##### Optional include custom Error pages start ############################
include /etc/nginx/nginx-snippets/custom-errors.conf;
##### Optional include custom Error pages stop #############################
##### Optional disable gzip start ##########################################
# gzip off;
##### Optional disable gzip stop ###########################################
##### Optional disable access log start ####################################
# access_log off;
##### Optional disable access log stop #####################################
##### Block Bad referers and bad bots start ################################
if ($bad_referer) { return 444; }
if ($bad_user_agent) { return 444; }
##### Block Bad referers and bad bots stop #################################
##### Optional stuff start #################################################
# include /etc/nginx/nginx-snippets/block-engines.conf;
# include /etc/nginx/nginx-snippets/log-exclude.conf;
location = /.env { access_log off; log_not_found off; }
location = /favicon.ico { access_log off; log_not_found off; }
include /etc/nginx/nginx-snippets/block-htaccess.conf;
include /etc/nginx/nginx-snippets/block-file-access.conf;
##### Optional stuff stop ##################################################
##### Enable fastcgi cache start ###########################################
set $skip_cache 0;
##### Enable fastcgi cache stop ############################################
##### Process content start ################################################
location / {
# include /etc/nginx/nginx-snippets/proxyheader.conf;
# proxy_set_header Host $host; # May fix som proxy issues
# proxy_ssl_verify off; # Disable cert check with internal proxy
proxy_pass http://127.0.0.1:GITEAPORT;
}
##### Process content stop #################################################
##### Cache js css static content and open files start #####################
# include /etc/nginx/nginx-snippets/cache-open-files.conf;
# include /etc/nginx/nginx-snippets/cache-statics.conf;
# include /etc/nginx/nginx-snippets/cache-js-css.conf;
##### Cache js css static content and open files stop ######################
}
##### Process https stop #######################################################

52
hostfiles/gitea-multi.80.conf Normal file
View File

@@ -0,0 +1,52 @@
##### Process http start #######################################################
server {
listen 80;
server_name DOMAIN;
server_tokens off;
##### Optional include custom Error pages start ############################
include /etc/nginx/nginx-snippets/custom-errors.conf;
##### Optional include custom Error pages stop #############################
##### Optional disable gzip start ##########################################
# gzip off;
##### Optional disable gzip stop ###########################################
##### Optional disable access log start ####################################
# access_log off;
##### Optional disable access log stop #####################################
##### Block Bad referers and bad bots start ################################
if ($bad_referer) { return 444; }
if ($bad_user_agent) { return 444; }
##### Block Bad referers and bad bots stop #################################
##### Optional stuff start #################################################
# include /etc/nginx/nginx-snippets/block-engines.conf;
# include /etc/nginx/nginx-snippets/log-exclude.conf;
location = /.env { access_log off; log_not_found off; }
location = /favicon.ico { access_log off; log_not_found off; }
include /etc/nginx/nginx-snippets/block-htaccess.conf;
include /etc/nginx/nginx-snippets/block-file-access.conf;
##### Optional stuff stop ##################################################
##### Enable fastcgi cache start ###########################################
set $skip_cache 0;
##### Enable fastcgi cache stop ############################################
##### Process content start ################################################
location / {
# include /etc/nginx/nginx-snippets/proxyheader.conf;
# proxy_set_header Host $host; # May fix som proxy issues
# proxy_ssl_verify off; # Disable cert check with internal proxy
proxy_pass http://127.0.0.1:GITEAPORT;
}
##### Process content stop #################################################
##### Cache js css static content and open files start #####################
# include /etc/nginx/nginx-snippets/cache-open-files.conf;
# include /etc/nginx/nginx-snippets/cache-statics.conf;
# include /etc/nginx/nginx-snippets/cache-js-css.conf;
##### Cache js css static content and open files stop ######################
}
##### Process http stop ########################################################

88
hostfiles/gitea.443.conf Normal file
View File

@@ -0,0 +1,88 @@
##### Process http start #######################################################
server {
listen 80;
server_name DOMAIN;
return 301 https://DOMAIN$request_uri;
server_tokens off;
}
##### Process http stop ########################################################
##### Process https start ######################################################
server {
listen 443 ssl http2;
server_name DOMAIN;
server_tokens off;
##### SSL configuration start ##############################################
# ssl_protocols TLSv1.2 TLSv1.3;
# ssl_ciphers EECDH+AESGCM:EDH+AESGCM;
# ssl_prefer_server_ciphers off;
# ssl_stapling on;
# ssl_stapling_verify on;
# resolver 8.8.4.4 8.8.8.8;
# resolver_timeout 5s;
# ssl_session_timeout 1d;
# ssl_session_tickets off;
# ssl_session_cache shared:SSL:10m;
# ssl_certificate /etc/letsencrypt/live/DOMAIN/fullchain.pem;
# ssl_certificate_key /etc/letsencrypt/live/DOMAIN/privkey.pem;
# ssl_trusted_certificate /etc/letsencrypt/live/DOMAIN/fullchain.pem;
##### SSL configuration stop ###############################################
##### XSS headers start ####################################################
# add_header X-Frame-Options DENY;
# add_header X-Frame-Options SAMEORIGIN;
# add_header X-Content-Type-Options nosniff;
# add_header X-XSS-Protection "1; mode=block";
# add_header Permissions-Policy interest-cohort=();
# add_header Content-Security-Policy "default-src 'self'";
# add_header Referrer-Policy strict-origin-when-cross-origin;
# add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
##### XSS headers stop #####################################################
##### Optional include custom Error pages start ############################
include /etc/nginx/nginx-snippets/custom-errors.conf;
##### Optional include custom Error pages stop #############################
##### Optional disable gzip start ##########################################
# gzip off;
##### Optional disable gzip stop ###########################################
##### Optional disable access log start ####################################
# access_log off;
##### Optional disable access log stop #####################################
##### Block Bad referers and bad bots start ################################
if ($bad_referer) { return 444; }
if ($bad_user_agent) { return 444; }
##### Block Bad referers and bad bots stop #################################
##### Optional stuff start #################################################
# include /etc/nginx/nginx-snippets/block-engines.conf;
# include /etc/nginx/nginx-snippets/log-exclude.conf;
location = /.env { access_log off; log_not_found off; }
location = /favicon.ico { access_log off; log_not_found off; }
include /etc/nginx/nginx-snippets/block-htaccess.conf;
include /etc/nginx/nginx-snippets/block-file-access.conf;
##### Optional stuff stop ##################################################
##### Enable fastcgi cache start ###########################################
set $skip_cache 0;
##### Enable fastcgi cache stop ############################################
##### Process content start ################################################
location / {
# include /etc/nginx/nginx-snippets/proxyheader.conf;
# proxy_set_header Host $host; # May fix som proxy issues
# proxy_ssl_verify off; # Disable cert check with internal proxy
proxy_pass http://127.0.0.1:3000;
}
##### Process content stop #################################################
##### Cache js css static content and open files start #####################
# include /etc/nginx/nginx-snippets/cache-open-files.conf;
# include /etc/nginx/nginx-snippets/cache-statics.conf;
# include /etc/nginx/nginx-snippets/cache-js-css.conf;
##### Cache js css static content and open files stop ######################
}
##### Process https stop #######################################################

52
hostfiles/gitea.80.conf Normal file
View File

@@ -0,0 +1,52 @@
##### Process http start #######################################################
server {
listen 80;
server_name DOMAIN;
server_tokens off;
##### Optional include custom Error pages start ############################
include /etc/nginx/nginx-snippets/custom-errors.conf;
##### Optional include custom Error pages stop #############################
##### Optional disable gzip start ##########################################
# gzip off;
##### Optional disable gzip stop ###########################################
##### Optional disable access log start ####################################
# access_log off;
##### Optional disable access log stop #####################################
##### Block Bad referers and bad bots start ################################
if ($bad_referer) { return 444; }
if ($bad_user_agent) { return 444; }
##### Block Bad referers and bad bots stop #################################
##### Optional stuff start #################################################
# include /etc/nginx/nginx-snippets/block-engines.conf;
# include /etc/nginx/nginx-snippets/log-exclude.conf;
location = /.env { access_log off; log_not_found off; }
location = /favicon.ico { access_log off; log_not_found off; }
include /etc/nginx/nginx-snippets/block-htaccess.conf;
include /etc/nginx/nginx-snippets/block-file-access.conf;
##### Optional stuff stop ##################################################
##### Enable fastcgi cache start ###########################################
set $skip_cache 0;
##### Enable fastcgi cache stop ############################################
##### Process content start ################################################
location / {
# include /etc/nginx/nginx-snippets/proxyheader.conf;
# proxy_set_header Host $host; # May fix som proxy issues
# proxy_ssl_verify off; # Disable cert check with internal proxy
proxy_pass http://127.0.0.1:3000;
}
##### Process content stop #################################################
##### Cache js css static content and open files start #####################
# include /etc/nginx/nginx-snippets/cache-open-files.conf;
# include /etc/nginx/nginx-snippets/cache-statics.conf;
# include /etc/nginx/nginx-snippets/cache-js-css.conf;
##### Cache js css static content and open files stop ######################
}
##### Process http stop ########################################################

98
hostfiles/wordpress.443.conf Normal file
View File

@@ -0,0 +1,98 @@
##### Process http start #######################################################
server {
listen 80;
server_name DOMAIN;
return 301 https://DOMAIN$request_uri;
server_tokens off;
}
##### Process http stop ########################################################
##### Process https start ######################################################
server {
listen 443 ssl http2;
server_name DOMAIN;
server_tokens off;
root /var/www/html/DOMAIN;
index index.php index.html;
##### SSL configuration start ##############################################
# ssl_protocols TLSv1.2 TLSv1.3;
# ssl_ciphers EECDH+AESGCM:EDH+AESGCM;
# ssl_prefer_server_ciphers off;
# ssl_stapling on;
# ssl_stapling_verify on;
# resolver 8.8.4.4 8.8.8.8;
# resolver_timeout 5s;
# ssl_session_timeout 1d;
# ssl_session_tickets off;
# ssl_session_cache shared:SSL:10m;
# ssl_certificate /etc/letsencrypt/live/DOMAIN/fullchain.pem;
# ssl_certificate_key /etc/letsencrypt/live/DOMAIN/privkey.pem;
# ssl_trusted_certificate /etc/letsencrypt/live/DOMAIN/fullchain.pem;
##### SSL configuration stop ###############################################
##### XSS headers start ####################################################
# add_header X-Frame-Options DENY;
# add_header X-Frame-Options SAMEORIGIN;
# add_header X-Content-Type-Options nosniff;
# add_header X-XSS-Protection "1; mode=block";
# add_header Permissions-Policy interest-cohort=();
# add_header Content-Security-Policy "default-src 'self'";
# add_header Referrer-Policy strict-origin-when-cross-origin;
# add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
##### XSS headers stop #####################################################
##### Optional include custom Error pages start ############################
include /etc/nginx/nginx-snippets/custom-errors.conf;
##### Optional include custom Error pages stop #############################
##### Optional disable gzip start ##########################################
# gzip off;
##### Optional disable gzip stop ###########################################
##### Optional disable access log start ####################################
# access_log off;
##### Optional disable access log stop #####################################
##### Block Bad referers and bad bots start ################################
if ($bad_referer) { return 444; }
if ($bad_user_agent) { return 444; }
##### Block Bad referers and bad bots stop #################################
##### Optional stuff start #################################################
# include /etc/nginx/nginx-snippets/block-engines.conf;
include /etc/nginx/nginx-snippets/log-exclude.conf;
include /etc/nginx/nginx-snippets/block-htaccess.conf;
include /etc/nginx/nginx-snippets/block-file-access.conf;
##### Optional stuff stop ##################################################
##### Enable fastcgi cache start ###########################################
set $skip_cache 0;
##### Enable fastcgi cache stop ############################################
##### Process content start ################################################
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
##### Process content stop #################################################
##### Wordpress Hardeing start #############################################
include /etc/nginx/includes/wp-hardening.conf;
##### Wordpress Hardeing stop ##############################################
##### Process php start ####################################################
location ~ \.php$ {
# include /etc/nginx/nginx-snippets/proxyheader.conf;
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/PHPVERSION.sock;
include /etc/nginx/nginx-snippets/microcache.conf;
}
##### Process php stop #####################################################
##### Cache js css static content and open files start #####################
# include /etc/nginx/nginx-snippets/cache-open-files.conf;
# include /etc/nginx/nginx-snippets/cache-statics.conf;
# include /etc/nginx/nginx-snippets/cache-js-css.conf;
##### Cache js css static content and open files stop ######################
}
##### Process https stop #######################################################

62
hostfiles/wordpress.80.conf Normal file
View File

@@ -0,0 +1,62 @@
##### Process http start #######################################################
server {
listen 80;
server_name DOMAIN;
server_tokens off;
root /var/www/html/DOMAIN;
index index.php index.html;
##### Optional include custom Error pages start ############################
include /etc/nginx/nginx-snippets/custom-errors.conf;
##### Optional include custom Error pages stop #############################
##### Optional disable gzip start ##########################################
# gzip off;
##### Optional disable gzip stop ###########################################
##### Optional disable access log start ####################################
# access_log off;
##### Optional disable access log stop #####################################
##### Block Bad referers and bad bots start ################################
if ($bad_referer) { return 444; }
if ($bad_user_agent) { return 444; }
##### Block Bad referers and bad bots stop #################################
##### Optional stuff start #################################################
# include /etc/nginx/nginx-snippets/block-engines.conf;
include /etc/nginx/nginx-snippets/log-exclude.conf;
include /etc/nginx/nginx-snippets/block-htaccess.conf;
include /etc/nginx/nginx-snippets/block-file-access.conf;
##### Optional stuff stop ##################################################
##### Enable fastcgi cache start ###########################################
set $skip_cache 0;
##### Enable fastcgi cache stop ############################################
##### Process content start ################################################
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
##### Process content stop #################################################
##### Wordpress Hardeing start #############################################
include /etc/nginx/includes/wp-hardening.conf;
##### Wordpress Hardeing stop ##############################################
##### Process php start ####################################################
location ~ \.php$ {
# include /etc/nginx/nginx-snippets/proxyheader.conf;
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/PHPVERSION.sock;
include /etc/nginx/nginx-snippets/microcache.conf;
}
##### Process php stop #####################################################
##### Cache js css static content and open files start #####################
# include /etc/nginx/nginx-snippets/cache-open-files.conf;
# include /etc/nginx/nginx-snippets/cache-statics.conf;
# include /etc/nginx/nginx-snippets/cache-js-css.conf;
##### Cache js css static content and open files stop ######################
}
##### Process http stop ########################################################

122
hostfiles/zabbix.443.conf Normal file
View File

@@ -0,0 +1,122 @@
##### Process http start #######################################################
server {
listen 80;
server_name DOMAIN;
return 301 https://DOMAIN$request_uri;
server_tokens off;
}
##### Process http stop ########################################################
##### Process https start ######################################################
server {
listen 443 ssl http2;
server_name DOMAIN;
server_tokens off;
root /usr/share/zabbix;
index index.php;
##### SSL configuration start ##############################################
# ssl_protocols TLSv1.2 TLSv1.3;
# ssl_ciphers EECDH+AESGCM:EDH+AESGCM;
# ssl_prefer_server_ciphers off;
# ssl_stapling on;
# ssl_stapling_verify on;
# resolver 8.8.4.4 8.8.8.8;
# resolver_timeout 5s;
# ssl_session_timeout 1d;
# ssl_session_tickets off;
# ssl_session_cache shared:SSL:10m;
# ssl_certificate /etc/letsencrypt/live/DOMAIN/fullchain.pem;
# ssl_certificate_key /etc/letsencrypt/live/DOMAIN/privkey.pem;
# ssl_trusted_certificate /etc/letsencrypt/live/DOMAIN/fullchain.pem;
##### SSL configuration stop ###############################################
##### XSS headers start ####################################################
# add_header X-Frame-Options DENY;
# add_header X-Frame-Options SAMEORIGIN;
# add_header X-Content-Type-Options nosniff;
# add_header X-XSS-Protection "1; mode=block";
# add_header Permissions-Policy interest-cohort=();
# add_header Content-Security-Policy "default-src 'self'";
# add_header Referrer-Policy strict-origin-when-cross-origin;
# add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
##### XSS headers stop #####################################################
##### Optional include custom Error pages start ############################
include /etc/nginx/nginx-snippets/custom-errors.conf;
##### Optional include custom Error pages stop #############################
##### Optional disable gzip start ##########################################
# gzip off;
##### Optional disable gzip stop ###########################################
##### Optional disable access log start ####################################
# access_log off;
##### Optional disable access log stop #####################################
##### Block Bad referers and bad bots start ################################
if ($bad_referer) { return 444; }
if ($bad_user_agent) { return 444; }
##### Block Bad referers and bad bots stop #################################
##### Optional stuff start #################################################
# include /etc/nginx/nginx-snippets/block-engines.conf;
include /etc/nginx/nginx-snippets/log-exclude.conf;
include /etc/nginx/nginx-snippets/block-htaccess.conf;
include /etc/nginx/nginx-snippets/block-file-access.conf;
##### Optional stuff stop ##################################################
##### Enable fastcgi cache start ###########################################
set $skip_cache 0;
##### Enable fastcgi cache stop ############################################
##### Misc content start ###################################################
location / {
try_files $uri $uri/ =404;
}
location /assets {
access_log off;
expires 10d;
}
location ~ /(api\/|conf[^\.]|include|locale) {
deny all;
return 404;
}
##### Misc content stop ####################################################
##### Process php ##########################################################
location ~ [^/]\.php(/|$) {
fastcgi_pass unix:/var/run/php/zabbix.sock;
fastcgi_param DOCUMENT_ROOT /usr/share/zabbix;
fastcgi_param SCRIPT_FILENAME /usr/share/zabbix$fastcgi_script_name;
fastcgi_param PATH_TRANSLATED /usr/share/zabbix$fastcgi_script_name;
include fastcgi_params;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_intercept_errors on;
fastcgi_ignore_client_abort off;
fastcgi_connect_timeout 60;
fastcgi_send_timeout 180;
fastcgi_read_timeout 180;
fastcgi_buffer_size 128k;
fastcgi_buffers 4 256k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
}
##### Process php ##########################################################
##### Cache js css and all statics start ###################################
# include /etc/nginx/nginx-snippets/cache-open-files.conf;
# include /etc/nginx/nginx-snippets/cache-statics.conf;
# include /etc/nginx/nginx-snippets/cache-js-css.conf;
##### Cache js css and all statics stop ####################################
}
##### Process https start ######################################################

86
hostfiles/zabbix.80.conf Normal file
View File

@@ -0,0 +1,86 @@
##### Process http start #######################################################
server {
listen 80;
server_name DOMAIN;
server_tokens off;
root /usr/share/zabbix;
index index.php;
##### Optional include custom Error pages start ############################
include /etc/nginx/nginx-snippets/custom-errors.conf;
##### Optional include custom Error pages stop #############################
##### Optional disable gzip start ##########################################
# gzip off;
##### Optional disable gzip stop ###########################################
##### Optional disable access log start ####################################
# access_log off;
##### Optional disable access log stop #####################################
##### Block Bad referers and bad bots start ################################
if ($bad_referer) { return 444; }
if ($bad_user_agent) { return 444; }
##### Block Bad referers and bad bots stop #################################
##### Optional stuff start #################################################
# include /etc/nginx/nginx-snippets/block-engines.conf;
include /etc/nginx/nginx-snippets/log-exclude.conf;
include /etc/nginx/nginx-snippets/block-htaccess.conf;
include /etc/nginx/nginx-snippets/block-file-access.conf;
##### Optional stuff stop ##################################################
##### Enable fastcgi cache start ###########################################
set $skip_cache 0;
##### Enable fastcgi cache stop ############################################
##### Misc content start ###################################################
location / {
try_files $uri $uri/ =404;
}
location /assets {
access_log off;
expires 10d;
}
location ~ /(api\/|conf[^\.]|include|locale) {
deny all;
return 404;
}
##### Misc content stop ####################################################
##### Process php ##########################################################
location ~ [^/]\.php(/|$) {
fastcgi_pass unix:/var/run/php/zabbix.sock;
fastcgi_param DOCUMENT_ROOT /usr/share/zabbix;
fastcgi_param SCRIPT_FILENAME /usr/share/zabbix$fastcgi_script_name;
fastcgi_param PATH_TRANSLATED /usr/share/zabbix$fastcgi_script_name;
include fastcgi_params;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_intercept_errors on;
fastcgi_ignore_client_abort off;
fastcgi_connect_timeout 60;
fastcgi_send_timeout 180;
fastcgi_read_timeout 180;
fastcgi_buffer_size 128k;
fastcgi_buffers 4 256k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
}
##### Process php ##########################################################
##### Cache js css and all statics start ###################################
# include /etc/nginx/nginx-snippets/cache-open-files.conf;
# include /etc/nginx/nginx-snippets/cache-statics.conf;
# include /etc/nginx/nginx-snippets/cache-js-css.conf;
##### Cache js css and all statics stop ####################################
}
##### Process http start #######################################################

3
log-exclude.conf Normal file
View File

@@ -0,0 +1,3 @@
location = /.env { access_log off; log_not_found off; }
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }

1
log.conf Normal file
View File

@@ -0,0 +1 @@
log_format main '[$time_local] [Cache:$upstream_cache_status] [$host] [Remote_Addr: $remote_addr] - $remote_user - $server_name to: $upstream_addr: "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" ';

13
microcache.conf Normal file
View File

@@ -0,0 +1,13 @@
fastcgi_hide_header X-Powered-By;
fastcgi_cache microcache;
fastcgi_cache_key $scheme$host$request_uri$request_method;
fastcgi_cache_valid 200 301 302 30s;
fastcgi_cache_use_stale updating error timeout invalid_header http_500;
fastcgi_pass_header Set-Cookie;
fastcgi_pass_header Cookie;
fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
fastcgi_buffers 16 256k;
fastcgi_buffer_size 128k;
fastcgi_intercept_errors on;
fastcgi_cache_bypass $skip_cache;
fastcgi_no_cache $skip_cache;

18
nginxconf/default Normal file
View File

@@ -0,0 +1,18 @@
server {
listen 80 default_server;
listen [::]:80 default_server;
server_tokens off;
root /var/www/html/default;
index index.html index.htm;
server_name _;
access_log /var/log/nginx/direct.ip.access.log main;
error_log /var/log/nginx/direct.ip.access.error.log crit;
access_log on;
log_not_found off;
location / {
return 444;
try_files $uri $uri/ =404;
}
}

98
nginxconf/nginx.conf Normal file
View File

@@ -0,0 +1,98 @@
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 1024;
use epoll;
multi_accept on;
}
http {
##### BASIC SETTINGS ####################### LAST UPDATED 08022021 #####
#
port_in_redirect off;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
keepalive_requests 100;
types_hash_max_size 2048;
server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
client_body_buffer_size 10K;
client_header_buffer_size 4k;
client_max_body_size 50m;
large_client_header_buffers 2 4k;
client_body_timeout 10;
client_header_timeout 10;
send_timeout 2;
reset_timedout_connection on;
#
##### BASIC SETTINGS ####################### LAST UPDATED 08022021 #####
##### SSL SETTINGS ######################### LAST UPDATED 08022021 #####
#
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
#
##### SSL SETTINGS ######################### LAST UPDATED 08022021 #####
##### CLOUDFLARE SHOW REAL IPs ############# LAST UPDATED 08022021 #####
include /etc/nginx/nginx-snippets/cloudflare.conf;
##### CLOUDFLARE SHOW REAL IPs ############# LAST UPDATED 08022021 #####
# BLOCK BAD REFERER AND BAD BOTS ########### LAST UPDATED 08022021 #####
include /etc/nginx/nginx-snippets/block-referer.conf;
include /etc/nginx/nginx-snippets/block-bots.conf;
# BLOCK BAD REFERER AND BAD BOTS ########### LAST UPDATED 08022021 #####
##### LOG SETTINGS ONLY LOG CRITICAL MSG ### LAST UPDATED 08022021 #####
include /etc/nginx/nginx-snippets/log.conf;
access_log /var/log/nginx/access.log main;
error_log /var/log/nginx/error.log crit;
access_log on;
log_not_found off;
#
##### LOG SETTINGS ONLY LOG CRITICAL MSG ### LAST UPDATED 08022021 #####
##### GZIP SETTINGS ######################## LAST UPDATED 08022021 #####
#
include /etc/nginx/nginx-snippets/gzipconfig.conf;
#
##### GZIP SETTINGS ######################## LAST UPDATED 08022021 #####
##### CACHE SETTINGS ####################### LAST UPDATED 08022021 #####
#
# open_file_cache max=10000 inactive=20s;
# open_file_cache_valid 30s;
# open_file_cache_min_uses 2;
# open_file_cache_errors on;
#
##### CACHE SETTINGS ####################### LAST UPDATED 08022021 #####
##### FASTCGI SETTINGS ##################### LAST UPDATED 08022021 #####
#
upstream php-fpm {
server unix:/var/run/php/PHPVERSION.sock;
}
fastcgi_read_timeout 300;
fastcgi_cache_path /var/cache/nginx/fcgi levels=1:2 keys_zone=microcache:10m max_size=1024m inactive=1h;
#
##### FASTCGI SETTINGS ##################### LAST UPDATED 08022021 #####
##### VHOST SETTINGS ####################### LAST UPDATED 08022021 #####
#
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
include /etc/nginx/static-sites/*.conf;
#
##### VHOST SETTINGS ####################### LAST UPDATED 08022021 #####
}

99
nginxconf/nginx.conf.high.perf Normal file
View File

@@ -0,0 +1,99 @@
user www-data;
worker_processes auto;
worker_rlimit_nofile 100000;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 8000;
use epoll;
multi_accept on;
}
http {
##### BASIC SETTINGS ####################### LAST UPDATED 08022021 #####
#
port_in_redirect off;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
keepalive_requests 100;
types_hash_max_size 2048;
server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
client_body_buffer_size 10K;
client_header_buffer_size 4k;
client_max_body_size 50m;
large_client_header_buffers 2 4k;
client_body_timeout 10;
client_header_timeout 10;
send_timeout 2;
reset_timedout_connection on;
#
##### BASIC SETTINGS ####################### LAST UPDATED 08022021 #####
##### SSL SETTINGS ######################### LAST UPDATED 08022021 #####
#
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
#
##### SSL SETTINGS ######################### LAST UPDATED 08022021 #####
##### CLOUDFLARE SHOW REAL IPs ############# LAST UPDATED 08022021 #####
include /etc/nginx/nginx-snippets/cloudflare.conf;
##### CLOUDFLARE SHOW REAL IPs ############# LAST UPDATED 08022021 #####
# BLOCK BAD REFERER AND BAD BOTS ########### LAST UPDATED 08022021 #####
include /etc/nginx/nginx-snippets/block-referer.conf;
include /etc/nginx/nginx-snippets/block-bots.conf;
# BLOCK BAD REFERER AND BAD BOTS ########### LAST UPDATED 08022021 #####
##### LOG SETTINGS ONLY LOG CRITICAL MSG ### LAST UPDATED 08022021 #####
include /etc/nginx/nginx-snippets/log.conf;
access_log /var/log/nginx/access.log main;
error_log /var/log/nginx/error.log crit;
access_log on;
log_not_found off;
#
##### LOG SETTINGS ONLY LOG CRITICAL MSG ### LAST UPDATED 08022021 #####
##### GZIP SETTINGS ######################## LAST UPDATED 08022021 #####
#
include /etc/nginx/nginx-snippets/gzipconfig.conf;
#
##### GZIP SETTINGS ######################## LAST UPDATED 08022021 #####
##### CACHE SETTINGS ####################### LAST UPDATED 08022021 #####
#
open_file_cache max=10000 inactive=20s;
open_file_cache_valid 30s;
open_file_cache_min_uses 2;
open_file_cache_errors on;
#
##### CACHE SETTINGS ####################### LAST UPDATED 08022021 #####
##### FASTCGI SETTINGS ##################### LAST UPDATED 08022021 #####
#
upstream php-fpm {
server unix:/var/run/php/PHPVERSION.sock;
}
fastcgi_read_timeout 300;
fastcgi_cache_path /var/cache/nginx/fcgi levels=1:2 keys_zone=microcache:10m max_size=1024m inactive=1h;
#
##### FASTCGI SETTINGS ##################### LAST UPDATED 08022021 #####
##### VHOST SETTINGS ####################### LAST UPDATED 08022021 #####
#
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
include /etc/nginx/static-sites/*.conf;
#
##### VHOST SETTINGS ####################### LAST UPDATED 08022021 #####
}

4
proxy-params.conf Normal file
View File

@@ -0,0 +1,4 @@
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;

55
wp-hardening.conf Normal file
View File

@@ -0,0 +1,55 @@
# Wordpress deny xmlrpc start #####################################################################################################
location = /xmlrpc.php {
deny all;
access_log off;
log_not_found off;
return 444;
}
# Wordpress deny xmlrpc stop ######################################################################################################
# Wordpress deny wp-cron start ####################################################################################################
location = /wp-cron.php {
deny all;
access_log off;
log_not_found off;
return 444;
}
# Wordpress deny wp-cron stop #####################################################################################################
# Wordpress limit get post start ##################################################################################################
if ($request_method !~ ^(GET|POST)$ ) {
return 444;
}
# Wordpress limit get post stop ###################################################################################################
# Wordpress deny php files where they dont belong start ###########################################################################
location ~* /(?:uploads|files|wp-content|wp-includes)/.*.php$ {
deny all;
access_log off;
log_not_found off;
return 444;
}
# Wordpress deny php files where they dont belong stop ############################################################################
# Wordpress limit request pr. sec here its 5 req/sec start ########################################################################
location = /wp-login.php {
limit_req zone=wp-rate-limit burst=3 nodelay;
limit_req_status 444;
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/PHPVERSION.sock;
}
# NOTE: The above requires the following file to exist:
# /etc/nginx/conf.d/wp-rate-limit.conf with the following content:
# limit_req_zone $binary_remote_addr zone=wp-rate-limit:10m rate=10r/s;
# Wordpress limit request pr. sec here its 5 req/sec stop #########################################################################
# Wordpress deny access to the following files in upload directory start ##########################################################
location ~* ^/wp-content/uploads/.*.(html|htm|shtml|php|js|swf)$ {
deny all;
}
# Wordpress deny access to the following files in upload directory stop ###########################################################
# Wordpress dont cache certain pages start ########################################################################################
if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php|/feed/|index.php|sitemap(_index)?.xml") { set $skip_cache 1; }
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") { set $skip_cache 1; }
# Wordpress dont cache certain pages stop #########################################################################################

1
wp-rate-limit.conf Normal file
View File

@@ -0,0 +1 @@
limit_req_zone $binary_remote_addr zone=wp-rate-limit:10m rate=10r/s;