145 lines
3.5 KiB
Nginx Configuration File
145 lines
3.5 KiB
Nginx Configuration File
worker_processes 4;
|
|
pid /run/nginx.pid;
|
|
|
|
events {
|
|
worker_connections 768;
|
|
# multi_accept on;
|
|
}
|
|
|
|
http {
|
|
|
|
##
|
|
# Basic Settings
|
|
##
|
|
|
|
sendfile on;
|
|
tcp_nopush on;
|
|
tcp_nodelay on;
|
|
keepalive_timeout 2;
|
|
types_hash_max_size 2048;
|
|
# server_tokens off;
|
|
|
|
# server_names_hash_bucket_size 64;
|
|
# server_name_in_redirect off;
|
|
|
|
include /etc/nginx/mime.types;
|
|
default_type application/octet-stream;
|
|
|
|
##
|
|
# SSL Settings
|
|
##
|
|
|
|
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
|
|
ssl_prefer_server_ciphers on;
|
|
|
|
##
|
|
# Logging Settings
|
|
##
|
|
access_log /var/log/nginx/access.log;
|
|
#access_log off;
|
|
error_log /var/log/nginx/error.log;
|
|
|
|
gzip off; # Does this save any CPU?
|
|
gzip_disable "msie6";
|
|
|
|
#Based on Pi-Star's /etc/nginx/sites-enabled/pi-star
|
|
server {
|
|
listen 80 default_server;
|
|
root /var/www/dashboard;
|
|
|
|
location ^~ /admin {
|
|
try_files $uri $uri/ =404;
|
|
auth_basic "Restricted";
|
|
auth_basic_user_file /usr/local/etc/htpasswd;
|
|
client_max_body_size 512K;
|
|
#PHP
|
|
location ~ \.php$ {
|
|
fastcgi_index index.php;
|
|
try_files $uri =404;
|
|
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
|
include /etc/nginx/fastcgi_params;
|
|
fastcgi_pass unix:/run/php7.0-fpm.sock;
|
|
fastcgi_buffer_size 128k;
|
|
fastcgi_buffers 256 4k;
|
|
fastcgi_busy_buffers_size 256k;
|
|
fastcgi_temp_file_write_size 256k;
|
|
fastcgi_read_timeout 240;
|
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
|
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
|
|
fastcgi_intercept_errors on;
|
|
fastcgi_hide_header X-Powered-By;
|
|
}
|
|
}
|
|
|
|
# Load the defaults in /etc/nginx/etc/nginx/default.d/ as Pi-Star.
|
|
# Caching
|
|
location /favicon.ico {
|
|
log_not_found off;
|
|
access_log off;
|
|
}
|
|
|
|
location /robots.txt {
|
|
log_not_found off;
|
|
access_log off;
|
|
}
|
|
|
|
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
|
|
expires max;
|
|
log_not_found off;
|
|
}
|
|
|
|
#index
|
|
index index.php index.html index.htm;
|
|
|
|
#PHP
|
|
location ~ \.php$ {
|
|
fastcgi_index index.php;
|
|
try_files $uri =404;
|
|
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
|
include /etc/nginx/fastcgi_params;
|
|
fastcgi_pass unix:/run/php7.0-fpm.sock;
|
|
fastcgi_buffer_size 128k;
|
|
fastcgi_buffers 256 4k;
|
|
fastcgi_busy_buffers_size 256k;
|
|
fastcgi_temp_file_write_size 256k;
|
|
fastcgi_read_timeout 240;
|
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
|
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
|
|
fastcgi_intercept_errors on;
|
|
fastcgi_hide_header X-Powered-By;
|
|
}
|
|
|
|
#security
|
|
client_body_buffer_size 1k;
|
|
client_header_buffer_size 1k;
|
|
client_max_body_size 1k;
|
|
large_client_header_buffers 2 1k;
|
|
|
|
if ($request_method !~ ^(GET|HEAD|POST)$ )
|
|
{
|
|
return 444;
|
|
}
|
|
|
|
server_tokens off;
|
|
add_header X-Frame-Options "SAMEORIGIN";
|
|
|
|
location ~ /\. {
|
|
access_log off;
|
|
log_not_found off;
|
|
deny all;
|
|
}
|
|
|
|
# deny access to .htaccess files, if Apache's document root
|
|
# concurs with nginx's one
|
|
|
|
location ~ /\.ht {
|
|
deny all;
|
|
}
|
|
|
|
location ~ /\.git {
|
|
deny all;
|
|
}
|
|
|
|
}
|
|
}
|