From eeadc05ca0dd80ae765253359cd6ff4d6d5d7cee Mon Sep 17 00:00:00 2001 From: Muppeth Date: Mon, 14 Oct 2019 16:03:10 +0200 Subject: [PATCH] fixed gitignore file --- .gitignore | 2 - .../sites-available/howto.disroot.lan.conf | 38 +++++++++++++++++++ 2 files changed, 38 insertions(+), 2 deletions(-) create mode 100644 vagrant/provision/etc/nginx/sites-available/howto.disroot.lan.conf diff --git a/.gitignore b/.gitignore index 1de03dc9..75378181 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1 @@ # vagrant folder -vagrant/ -themes/grav-theme-knowledge-base diff --git a/vagrant/provision/etc/nginx/sites-available/howto.disroot.lan.conf b/vagrant/provision/etc/nginx/sites-available/howto.disroot.lan.conf new file mode 100644 index 00000000..0cef7566 --- /dev/null +++ b/vagrant/provision/etc/nginx/sites-available/howto.disroot.lan.conf @@ -0,0 +1,38 @@ +server { + listen 80 ; + + root /var/www/howto.disroot.lan; + index index.html index.php; + server_name howto.disroot.org; + server_tokens off; + add_header X-XSS-Protection "1; mode=block"; + + + location / { + try_files $uri $uri/ /index.php?_url=$uri&$query_string; + } + + location /favicon.ico { + alias /var/www/howto.disroot.lan/favicon.png; + } + + # deny all direct access for these folders + location ~* /(.git|cache|bin|logs|backup|tests)/.*$ { return 403; } + + # deny running scripts inside core system folders + location ~* /(system|vendor)/.*\.(txt|xml|md|html|yaml|php|pl|py|cgi|twig|sh|bat)$ { return 403; } + + # deny running scripts inside user folder + location ~* /user/.*\.(txt|md|yaml|php|pl|py|cgi|twig|sh|bat)$ { return 403; } + + # deny access to specific files in the root folder + location ~ /(LICENSE.txt|composer.lock|composer.json|nginx.conf|web.config|htaccess.txt|\.htaccess) { return 403; } + + location ~ \.php$ { + fastcgi_pass unix:/var/run/php/php7.3-fpm.sock; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name; + } +}