-
Notifications
You must be signed in to change notification settings - Fork 0
/
nginx.conf
144 lines (119 loc) · 3.46 KB
/
nginx.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
worker_processes 4;
pid /run/nginx.pid;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 2;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
#access_log off;
error_log /var/log/nginx/error.log;
gzip off; # Does this save any CPU?
gzip_disable "msie6";
#Based on Pi-Star's /etc/nginx/sites-enabled/pi-star
server {
listen 80 default_server;
root /var/www/dashboard;
location ^~ /admin {
try_files $uri $uri/ =404;
auth_basic "Restricted";
auth_basic_user_file /usr/local/etc/htpasswd;
client_max_body_size 512K;
#PHP
location ~ \.php$ {
fastcgi_index index.php;
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/run/php7.0-fpm.sock;
fastcgi_buffer_size 128k;
fastcgi_buffers 256 4k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
fastcgi_read_timeout 240;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_intercept_errors on;
fastcgi_hide_header X-Powered-By;
}
}
# Load the defaults in /etc/nginx/etc/nginx/default.d/ as Pi-Star.
# Caching
location /favicon.ico {
log_not_found off;
access_log off;
}
location /robots.txt {
log_not_found off;
access_log off;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
}
#index
index index.php index.html index.htm;
#PHP
location ~ \.php$ {
fastcgi_index index.php;
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/run/php7.0-fpm.sock;
fastcgi_buffer_size 128k;
fastcgi_buffers 256 4k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
fastcgi_read_timeout 240;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_intercept_errors on;
fastcgi_hide_header X-Powered-By;
}
#security
client_body_buffer_size 1k;
client_header_buffer_size 1k;
client_max_body_size 1k;
large_client_header_buffers 2 1k;
if ($request_method !~ ^(GET|HEAD|POST)$ )
{
return 444;
}
server_tokens off;
add_header X-Frame-Options "SAMEORIGIN";
location ~ /\. {
access_log off;
log_not_found off;
deny all;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
location ~ /\.ht {
deny all;
}
location ~ /\.git {
deny all;
}
}
}