Initial Commit
This commit is contained in:
20
nginx/extra/headers-gzip.conf
Normal file
20
nginx/extra/headers-gzip.conf
Normal file
@@ -0,0 +1,20 @@
|
||||
### gzip + compression global rules
|
||||
### to be included a single time throughout this nginx instance
|
||||
### headers rules are also consolidated here
|
||||
|
||||
gzip on;
|
||||
gzip_disable "msie6";
|
||||
gzip_vary on;
|
||||
gzip_proxied any;
|
||||
gzip_comp_level 6;
|
||||
gzip_min_length 1100;
|
||||
gzip_buffers 16 8k;
|
||||
gzip_http_version 1.1;
|
||||
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
|
||||
|
||||
# Enable HSTS. This forces SSL on clients that respect it, most modern browsers. The includeSubDomains flag is optional.
|
||||
add_header Strict-Transport-Security "max-age=31536000;includeSubDomains";
|
||||
|
||||
## Header hardening
|
||||
add_header X-Frame-Options "SAMEORIGIN";
|
||||
add_header X-XSS-Protection "1; mode=block";
|
7
nginx/extra/php-fpm.conf
Normal file
7
nginx/extra/php-fpm.conf
Normal file
@@ -0,0 +1,7 @@
|
||||
|
||||
location ~ \.php$ {
|
||||
include fastcgi_params;
|
||||
fastcgi_index index.php;
|
||||
fastcgi_param SCRIPT_FILENAME $request_filename;
|
||||
fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
|
||||
}
|
39
nginx/extra/restrictions.conf
Normal file
39
nginx/extra/restrictions.conf
Normal file
@@ -0,0 +1,39 @@
|
||||
# Global restrictions configuration file
|
||||
# Designed to be included in any server {} block
|
||||
|
||||
## Disable TRACE, DELETE, PUT, OPTIONS modes
|
||||
if ($request_method !~ ^(GET|HEAD|POST)$ ) {
|
||||
return 405;
|
||||
}
|
||||
|
||||
location = /favicon.ico {
|
||||
log_not_found off;
|
||||
access_log off;
|
||||
}
|
||||
|
||||
location = /robots.txt {
|
||||
allow all;
|
||||
log_not_found off;
|
||||
access_log off;
|
||||
}
|
||||
|
||||
# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
|
||||
# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
|
||||
location ~ /\. {
|
||||
access_log off;
|
||||
log_not_found off;
|
||||
deny all;
|
||||
}
|
||||
|
||||
location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ {
|
||||
access_log off;
|
||||
log_not_found off;
|
||||
expires 360d;
|
||||
}
|
||||
|
||||
# Deny access to any files with a .php extension in the uploads directory
|
||||
# Works in sub-directory installs and also in multisite network
|
||||
# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
|
||||
location ~* /(?:uploads|files)/.*\.php$ {
|
||||
deny all;
|
||||
}
|
Reference in New Issue
Block a user