Merge branch 'master' into cryptpad-4.14
This commit is contained in:
commit
92f8cace88
|
@ -0,0 +1,44 @@
|
|||
{% extends "core.j2" %}
|
||||
|
||||
{% block location %}
|
||||
|
||||
root {{ item.root }};
|
||||
|
||||
index index.html index.htm index.php;
|
||||
|
||||
charset utf-8;
|
||||
|
||||
location / {
|
||||
try_files $uri $uri/ /index.php?$query_string;
|
||||
}
|
||||
|
||||
# Prevent Direct Access To Protected Files
|
||||
location ~ \.(env|log) {
|
||||
deny all;
|
||||
}
|
||||
|
||||
# Prevent Direct Access To Protected Folders
|
||||
location ~ ^/(^app$|bootstrap|config|database|overrides|resources|routes|storage|tests|artisan) {
|
||||
deny all;
|
||||
}
|
||||
|
||||
# Prevent Direct Access To modules/vendor Folders Except Assets
|
||||
location ~ ^/(modules|vendor)\/(.*)\.((?!ico|gif|jpg|jpeg|png|js\b|css|less|sass|font|woff|woff2|eot|ttf|svg).)*$ {
|
||||
deny all;
|
||||
}
|
||||
|
||||
error_page 404 /index.php;
|
||||
|
||||
# Pass PHP Scripts To FastCGI Server
|
||||
location ~ \.php$ {
|
||||
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||
fastcgi_pass unix:/var/run/php/php{{ php_version }}-fpm.sock; # Depends On The PHP Version
|
||||
fastcgi_index index.php;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
include fastcgi_params;
|
||||
}
|
||||
|
||||
location ~ /\.(?!well-known).* {
|
||||
deny all;
|
||||
}
|
||||
{% endblock %}
|
|
@ -111,7 +111,7 @@
|
|||
|
||||
# privileged contexts allow a few more rights than unprivileged contexts, though limits are still applied
|
||||
if ($unsafe) {
|
||||
set $scriptSrc "'self' 'unsafe-eval' 'unsafe-inline' resource: ${main_domain}";
|
||||
set $scriptSrc "'self' 'unsafe-eval' 'unsafe-inline' resource: https://${main_domain}";
|
||||
}
|
||||
|
||||
# Finally, set all the rules you composed above.
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
{% block root %}
|
||||
root {{ nginx_www_dir }}{{ item.root }};
|
||||
index {{ item.index }};
|
||||
try_files {{ item.override_try_files | default('$uri $uri/ /index.php') }};
|
||||
try_files {{ item.override_try_files | default('try_files $uri $uri/ /index.php$is_args$args') }};
|
||||
{% endblock %}
|
||||
|
||||
{% block location %}
|
||||
|
@ -28,22 +28,7 @@
|
|||
|
||||
{% endblock %}
|
||||
|
||||
{% block extra_upstreams %}
|
||||
map $http_user_agent $pastebin_badagent {
|
||||
~*bot 1;
|
||||
~*spider 1;
|
||||
~*crawl 1;
|
||||
~https?:// 1;
|
||||
WhatsApp 1;
|
||||
SkypeUriPreview 1;
|
||||
facebookexternalhit 1;
|
||||
}
|
||||
{% endblock %}
|
||||
|
||||
{% block app_specific %}
|
||||
if ($pastebin_badagent) {
|
||||
return 403;
|
||||
}
|
||||
|
||||
location /cfg {
|
||||
return 403;
|
||||
|
@ -52,4 +37,12 @@ map $http_user_agent $pastebin_badagent {
|
|||
location /data {
|
||||
deny all;
|
||||
}
|
||||
{% if item.file_cache is defined and item.file_cache is iterable %}
|
||||
{% for param in item.file_cache %}
|
||||
open_file_cache {{ param.cache }};
|
||||
open_file_cache_valid {{ param.valid }};
|
||||
open_file_cache_min_uses {{ param.min_users }};
|
||||
open_file_cache_errors {{ param.cache_errors }};
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
{% endblock %}
|
||||
|
|
Loading…
Reference in New Issue