disable default server
This commit is contained in:
parent
69ac95b29e
commit
43403f69ee
|
@ -197,11 +197,10 @@ Default value : system, exec, shell_exec, passthru, phpinfo, show_source, highli
|
|||
List of PHP functions blacklisted. They can't be used anywhere in PHP code.
|
||||
|
||||
## TODO
|
||||
- Block country alternative as maxmind db
|
||||
- Test with default wordpress install
|
||||
- Test with custom confs reverse proxy
|
||||
- Edit CONTENT_SECURITY_POLICY default value ?
|
||||
- Custom TLS certificates
|
||||
- Documentation
|
||||
- Certificate Transparency
|
||||
- Fail2Ban
|
||||
- Custom TLS certificates
|
||||
- HSTS preload
|
||||
- Web UI
|
||||
|
|
|
@ -1,4 +1,3 @@
|
|||
server {
|
||||
listen 0.0.0.0:80 default_server;
|
||||
if ($host !~ ^(%SERVER_NAME%)$) {
|
||||
return 444;
|
||||
}
|
||||
|
|
|
@ -67,15 +67,12 @@ http {
|
|||
# server config
|
||||
include /etc/nginx/server.conf;
|
||||
|
||||
# disable default server
|
||||
%DISABLE_DEFAULT_SERVER%
|
||||
|
||||
# check if country is blocked
|
||||
# list of blocked country
|
||||
%BLOCK_COUNTRY%
|
||||
|
||||
# check if user agent is blocked
|
||||
# list of blocker user agents
|
||||
%BLOCK_USER_AGENT%
|
||||
|
||||
# enable ModSecurity
|
||||
# enable/disable ModSecurity
|
||||
%USE_MODSECURITY%
|
||||
}
|
||||
|
|
|
@ -3,6 +3,7 @@ server {
|
|||
%AUTO_LETS_ENCRYPT%
|
||||
%REDIRECT_HTTP_TO_HTTPS%
|
||||
server_name %SERVER_NAME%;
|
||||
%DISABLE_DEFAULT_SERVER%
|
||||
%SERVE_FILES%
|
||||
if ($request_method !~ ^(%ALLOWED_METHODS%)$)
|
||||
{
|
||||
|
|
|
@ -149,9 +149,11 @@ else
|
|||
replace_in_file "/etc/nginx/server.conf" "%FEATURE_POLICY%" ""
|
||||
fi
|
||||
if [ "$DISABLE_DEFAULT_SERVER" = "yes" ] ; then
|
||||
replace_in_file "/etc/nginx/nginx.conf" "%DISABLE_DEFAULT_SERVER%" "include /etc/nginx/disable-default-server.conf;"
|
||||
replace_in_file "/etc/nginx/server.conf" "%DISABLE_DEFAULT_SERVER%" "include /etc/nginx/disable-default-server.conf;"
|
||||
SERVER_NAME_PIPE=$(echo $SERVER_NAME | sed "s/ /|/g")
|
||||
replace_in_file "/etc/nginx/disable-default-server.conf" "%SERVER_NAME%" "$SERVER_NAME_PIPE"
|
||||
else
|
||||
replace_in_file "/etc/nginx/nginx.conf" "%DISABLE_DEFAULT_SERVER%" ""
|
||||
replace_in_file "/etc/nginx/server.conf" "%DISABLE_DEFAULT_SERVER%" ""
|
||||
fi
|
||||
replace_in_file "/etc/nginx/server.conf" "%SERVER_NAME%" "$SERVER_NAME"
|
||||
replace_in_file "/etc/nginx/server.conf" "%ALLOWED_METHODS%" "$ALLOWED_METHODS"
|
||||
|
|
Loading…
Reference in New Issue