Merge branch 'master' into cryptpad-4.14

2022-06-01 16:38:17 +00:00 · 2022-06-01 16:38:17 +00:00 · 92f8cace88
parent 6a5e237016 a2b99e98bf
commit 92f8cace88
3 changed files with 54 additions and 17 deletions
--- a/templates/etc/nginx/sites-available/akaunting.j2
+++ b/templates/etc/nginx/sites-available/akaunting.j2
@ -0,0 +1,44 @@
+{% extends "core.j2" %}
+
+{% block  location %}
+
+    root {{ item.root }};
+
+    index index.html index.htm index.php;
+
+    charset utf-8;
+
+    location / {
+        try_files $uri $uri/ /index.php?$query_string;
+    }
+
+    # Prevent Direct Access To Protected Files
+    location ~ \.(env|log) {
+        deny all;
+    }
+
+    # Prevent Direct Access To Protected Folders
+    location ~ ^/(^app$|bootstrap|config|database|overrides|resources|routes|storage|tests|artisan) {
+        deny all;
+    }
+
+    # Prevent Direct Access To modules/vendor Folders Except Assets
+    location ~ ^/(modules|vendor)\/(.*)\.((?!ico|gif|jpg|jpeg|png|js\b|css|less|sass|font|woff|woff2|eot|ttf|svg).)*$ {
+        deny all;
+    }
+
+    error_page 404 /index.php;
+
+    # Pass PHP Scripts To FastCGI Server
+    location ~ \.php$ {
+        fastcgi_split_path_info ^(.+\.php)(/.+)$;
+        fastcgi_pass unix:/var/run/php/php{{ php_version }}-fpm.sock; # Depends On The PHP Version
+        fastcgi_index index.php;
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        include fastcgi_params;
+    }
+
+    location ~ /\.(?!well-known).* {
+        deny all;
+    }
+{% endblock %}
--- a/templates/etc/nginx/sites-available/cryptpad.j2
+++ b/templates/etc/nginx/sites-available/cryptpad.j2
@ -111,7 +111,7 @@

  # privileged contexts allow a few more rights than unprivileged contexts, though limits are still applied
  if ($unsafe) {
-    set $scriptSrc "'self' 'unsafe-eval' 'unsafe-inline' resource: ${main_domain}";
+    set $scriptSrc "'self' 'unsafe-eval' 'unsafe-inline' resource: https://${main_domain}";
  }

  # Finally, set all the rules you composed above.
--- a/templates/etc/nginx/sites-available/privatebin.j2
+++ b/templates/etc/nginx/sites-available/privatebin.j2
@ -2,7 +2,7 @@
 {% block root %}
  root {{ nginx_www_dir }}{{ item.root }};
  index {{ item.index }};
-  try_files {{ item.override_try_files | default('$uri $uri/ /index.php') }};
+  try_files {{ item.override_try_files | default('try_files $uri $uri/ /index.php$is_args$args') }};
 {% endblock %}

 {% block location %}
@ -28,22 +28,7 @@
 
 {% endblock %}

-{% block extra_upstreams %}
-map $http_user_agent $pastebin_badagent {
-  ~*bot 1;
-  ~*spider 1;
-  ~*crawl 1;
-  ~https?:// 1;
-  WhatsApp 1;
-  SkypeUriPreview 1;
-  facebookexternalhit 1;
-}
-{% endblock %}
-
 {% block app_specific %}
-  if ($pastebin_badagent) {
-    return 403;
-  }

  location /cfg {
    return 403;
@ -52,4 +37,12 @@ map $http_user_agent $pastebin_badagent {
  location /data {
    deny all;
  }
+{% if item.file_cache is defined and item.file_cache is iterable %}
+{% for param in item.file_cache %}
+  open_file_cache          {{ param.cache }};
+  open_file_cache_valid    {{ param.valid }};
+  open_file_cache_min_uses {{ param.min_users }};
+  open_file_cache_errors   {{ param.cache_errors }};
+{% endfor %}
+{% endif %}
 {% endblock %}