48 lines
1.1 KiB
Plaintext
48 lines
1.1 KiB
Plaintext
|
{% extends "core.j2" %}
|
||
|
|
||
|
{% block root %}
|
||
|
root {{ nginx_www_dir }}{{ item.root }};
|
||
|
index index.html index.php;
|
||
|
{% endblock %}
|
||
|
|
||
|
{% block location %}
|
||
|
|
||
|
## LOCATIONS
|
||
|
location / {
|
||
|
try_files $uri $uri/ /index.php?_url=$uri&$query_string;
|
||
|
}
|
||
|
|
||
|
location /favicon.ico {
|
||
|
alias {{ nginx_www_dir }}{{ item.root }}/favicon.png;
|
||
|
}
|
||
|
|
||
|
# deny all direct access for these folders
|
||
|
location ~* /(.git|cache|bin|logs|backup|tests)/.*$ {
|
||
|
return 403;
|
||
|
}
|
||
|
|
||
|
# deny running scripts inside core system folders
|
||
|
location ~* /(system|vendor)/.*\.(txt|xml|md|html|yaml|php|pl|py|cgi|twig|sh|bat)$ {
|
||
|
return 403;
|
||
|
}
|
||
|
|
||
|
# deny running scripts inside user folder
|
||
|
location ~* /user/.*\.(txt|md|yaml|php|pl|py|cgi|twig|sh|bat)$ {
|
||
|
return 403;
|
||
|
}
|
||
|
|
||
|
# deny access to specific files in the root folder
|
||
|
location ~ /(LICENSE.txt|composer.lock|composer.json|nginx.conf|web.config|htaccess.txt|\.htaccess) {
|
||
|
return 403;
|
||
|
}
|
||
|
|
||
|
location ~ \.php$ {
|
||
|
{% if item.upstream_params is defined and item.upstream_params is iterable %}
|
||
|
{% for param in item.upstream_params %}
|
||
|
{{ param }}
|
||
|
{% endfor %}
|
||
|
{% endif %}
|
||
|
}
|
||
|
{% endblock %}
|
||
|
|