librewolf
/
bunkerized-nginx
mirror of https://github.com/bunkerity/bunkerized-nginx
4
0
Fork 1
Code Issues Projects Releases Wiki Activity

disable default server

This commit is contained in:
bunkerity 2020-03-31 09:46:23 +02:00
parent 69ac95b29e
commit 43403f69ee
5 changed files with 12 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
README.md
View File

@ -197,11 +197,10 @@ Default value : system, exec, shell_exec, passthru, phpinfo, show_source, highli
List of PHP functions blacklisted. They can't be used anywhere in PHP code.
## TODO
- Block country alternative as maxmind db
- Test with default wordpress install
- Test with custom confs reverse proxy
- Edit CONTENT_SECURITY_POLICY default value ?
- Custom TLS certificates
- Documentation
- Certificate Transparency
- Fail2Ban
- Custom TLS certificates
- HSTS preload
- Web UI

3
confs/disable-default-server.conf
View File

@ -1,4 +1,3 @@
server {
listen 0.0.0.0:80 default_server;
if ($host !~ ^(%SERVER_NAME%)$) {
return 444;
}

9
confs/nginx.conf
View File

@ -67,15 +67,12 @@ http {
# server config
include /etc/nginx/server.conf;
# disable default server
%DISABLE_DEFAULT_SERVER%
# check if country is blocked
# list of blocked country
%BLOCK_COUNTRY%
# check if user agent is blocked
# list of blocker user agents
%BLOCK_USER_AGENT%
# enable ModSecurity
# enable/disable ModSecurity
%USE_MODSECURITY%
}

1
confs/server.conf
View File

@ -3,6 +3,7 @@ server {
%AUTO_LETS_ENCRYPT%
%REDIRECT_HTTP_TO_HTTPS%
server_name %SERVER_NAME%;
%DISABLE_DEFAULT_SERVER%
%SERVE_FILES%
if ($request_method !~ ^(%ALLOWED_METHODS%)$)
{

6
entrypoint.sh
View File

@ -149,9 +149,11 @@ else
replace_in_file "/etc/nginx/server.conf" "%FEATURE_POLICY%" ""
fi
if [ "$DISABLE_DEFAULT_SERVER" = "yes" ] ; then
replace_in_file "/etc/nginx/nginx.conf" "%DISABLE_DEFAULT_SERVER%" "include /etc/nginx/disable-default-server.conf;"
replace_in_file "/etc/nginx/server.conf" "%DISABLE_DEFAULT_SERVER%" "include /etc/nginx/disable-default-server.conf;"
SERVER_NAME_PIPE=$(echo $SERVER_NAME | sed "s/ /|/g")
replace_in_file "/etc/nginx/disable-default-server.conf" "%SERVER_NAME%" "$SERVER_NAME_PIPE"
else
replace_in_file "/etc/nginx/nginx.conf" "%DISABLE_DEFAULT_SERVER%" ""
replace_in_file "/etc/nginx/server.conf" "%DISABLE_DEFAULT_SERVER%" ""
fi
replace_in_file "/etc/nginx/server.conf" "%SERVER_NAME%" "$SERVER_NAME"
replace_in_file "/etc/nginx/server.conf" "%ALLOWED_METHODS%" "$ALLOWED_METHODS"