-
-
Save amishakov/19d602c5705b085e71449e090186c4d8 to your computer and use it in GitHub Desktop.
Revisions
-
BillBrower revised this gist
Jul 13, 2017 . 1 changed file with 1 addition and 6 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -26,7 +26,7 @@ server { listen 443 ssl; ssl_protocols TLSv1.2; ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256'; ssl_prefer_server_ciphers On; ssl_certificate /etc/letsencrypt/live/kirby.dev/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/kirby.dev/privkey.pem; @@ -56,11 +56,6 @@ server { # Block all files in the site and kirby folder from being accessed directly rewrite ^/(site|kirby)/(.*)$ /error last; # Panel links location /panel { autoindex off; -
May 19, 2017 . 1 changed file with 35 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,7 +1,41 @@ server { listen 80; server_name kirby.dev www.kirby.dev; root /path/to/www/kirby; access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log; # Route LetsEncrypt ACME Challenges to the right place location ^~ /.well-known/acme-challenge/ { allow all; default_type "text/plain"; try_files $uri /404; } # Route everything else through SSL location ~* ^/(.*)$ { return 301 https://$server_name/$1$is_args$args; } } server { charset utf-8; server_name kirby.dev www.kirby.dev; root /path/to/www/kirby; listen 443 ssl; ssl_protocols TLSv1.2; ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES1$ ssl_prefer_server_ciphers On; ssl_certificate /etc/letsencrypt/live/kirby.dev/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/kirby.dev/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/kirby.dev/chain.pem; ssl_session_cache shared:SSL:128m; add_header Strict-Transport-Security "max-age=31557600; includeSubDomains"; ssl_stapling on; ssl_stapling_verify on; resolver 8.8.8.8; # Google Resolver index index.php index.html index.htm; error_page 404 /404.html; -
May 18, 2017 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,86 @@ server { listen 80; server_name kirby.dev; root /path/to/www/kirby; index index.php index.html index.htm; error_page 404 /404.html; error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html; } access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log; # Don't hint these as folders rewrite ^/(content|site|kirby)$ /error last; # Block content rewrite ^/content/(.*).(txt|md|mdown)$ /error last; # Block all files in the site and kirby folder from being accessed directly rewrite ^/(site|kirby)/(.*)$ /error last; # Removes trailing slashes (prevents SEO duplicate content issues) if (!-d $request_filename) { rewrite ^/(.+)/$ /$1 permanent; } # Panel links location /panel { autoindex off; try_files $uri $uri/ /panel/index.php?$query_string; } # Site links location / { autoindex off; try_files $uri $uri/ /index.php?$query_string; #$uri&$args; } # PHP scripts location ~ \.php$ { # Set CORS headers if ($request_method = 'OPTIONS') { add_header 'Access-Control-Allow-Origin' '*'; add_header 'Access-Control-Allow-Credentials' 'true'; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'; add_header 'Access-Control-Max-Age' 1728000; add_header 'Content-Type' 'text/plain charset=UTF-8'; add_header 'Content-Length' 0; return 204; } if ($request_method = 'POST') { add_header 'Access-Control-Allow-Origin' '*'; add_header 'Access-Control-Allow-Credentials' 'true'; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'; } if ($request_method = 'GET') { add_header 'Access-Control-Allow-Origin' '*'; add_header 'Access-Control-Allow-Credentials' 'true'; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'; } try_files $uri =404; fastcgi_pass unix:/var/run/php5-fpm.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_script_name; include fastcgi_params; } # Prevent clients from accessing hidden files (starting with a dot) # This is particularly important if you store .htpasswd files in the site hierarchy location ~ (?:^|/)\. { deny all; } # Prevent clients from accessing to backup/config/source files location ~ (?:\.(?:bak|config|sql|fla|psd|ini|log|sh|inc|swp|dist)|~)$ { deny all; } }