feat: add the nginx config to the git repo
This commit is contained in:
parent
2dcce912a0
commit
77941b7151
7 changed files with 109 additions and 77 deletions
|
|
@ -1,53 +1,39 @@
|
||||||
# Generated by nginxconfig.io
|
# Generated by nginxconfig.io
|
||||||
|
# See nginxconfig.txt for the configuration share link
|
||||||
|
|
||||||
user www-data;
|
user www-data;
|
||||||
pid /run/nginx.pid;
|
pid /run/nginx.pid;
|
||||||
worker_processes auto;
|
worker_processes auto;
|
||||||
worker_rlimit_nofile 65535;
|
worker_rlimit_nofile 65535;
|
||||||
|
|
||||||
|
# Load modules
|
||||||
|
include /etc/nginx/modules-enabled/*.conf;
|
||||||
|
|
||||||
events {
|
events {
|
||||||
multi_accept on;
|
multi_accept on;
|
||||||
worker_connections 65535;
|
worker_connections 65535;
|
||||||
}
|
}
|
||||||
|
|
||||||
http {
|
http {
|
||||||
charset utf-8;
|
charset utf-8;
|
||||||
sendfile on;
|
sendfile on;
|
||||||
tcp_nopush on;
|
tcp_nopush on;
|
||||||
tcp_nodelay on;
|
tcp_nodelay on;
|
||||||
server_tokens off;
|
server_tokens off;
|
||||||
log_not_found off;
|
log_not_found off;
|
||||||
types_hash_max_size 2048;
|
types_hash_max_size 2048;
|
||||||
client_max_body_size 16M;
|
types_hash_bucket_size 64;
|
||||||
|
client_max_body_size 16M;
|
||||||
|
|
||||||
# MIME
|
# MIME
|
||||||
include mime.types;
|
include mime.types;
|
||||||
default_type application/octet-stream;
|
default_type application/octet-stream;
|
||||||
|
|
||||||
# logging
|
# Logging
|
||||||
access_log /var/log/nginx/access.log;
|
access_log off;
|
||||||
error_log /var/log/nginx/error.log warn;
|
error_log /dev/null;
|
||||||
|
|
||||||
# SSL
|
|
||||||
ssl_session_timeout 1d;
|
|
||||||
ssl_session_cache shared:SSL:10m;
|
|
||||||
ssl_session_tickets off;
|
|
||||||
|
|
||||||
# Diffie-Hellman parameter for DHE ciphersuites
|
|
||||||
ssl_dhparam /etc/nginx/dhparam.pem;
|
|
||||||
|
|
||||||
# Mozilla Intermediate configuration
|
|
||||||
ssl_protocols TLSv1.2 TLSv1.3;
|
|
||||||
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
|
|
||||||
|
|
||||||
# OCSP Stapling
|
|
||||||
ssl_stapling on;
|
|
||||||
ssl_stapling_verify on;
|
|
||||||
resolver 1.1.1.1 1.0.0.1 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220 valid=60s;
|
|
||||||
resolver_timeout 2s;
|
|
||||||
|
|
||||||
# load configs
|
|
||||||
include /etc/nginx/conf.d/*.conf;
|
|
||||||
include /etc/nginx/sites-enabled/*;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
# Load configs
|
||||||
|
include /etc/nginx/conf.d/*.conf;
|
||||||
|
include /etc/nginx/sites-enabled/*;
|
||||||
|
}
|
||||||
|
|
@ -1,32 +1,27 @@
|
||||||
# favicon.ico
|
# favicon.ico
|
||||||
location = /favicon.ico {
|
location = /favicon.ico {
|
||||||
log_not_found off;
|
log_not_found off;
|
||||||
access_log off;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
# robots.txt
|
# robots.txt
|
||||||
location = /robots.txt {
|
location = /robots.txt {
|
||||||
log_not_found off;
|
log_not_found off;
|
||||||
access_log off;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
# assets, media
|
# assets, media
|
||||||
location ~* \.(?:css(\.map)?|js(\.map)?|jpe?g|png|gif|ico|cur|heic|webp|tiff?|mp3|m4a|aac|ogg|midi?|wav|mp4|mov|webm|mpe?g|avi|ogv|flv|wmv)$ {
|
location ~* \.(?:css(\.map)?|js(\.map)?|jpe?g|png|gif|ico|cur|heic|webp|tiff?|mp3|m4a|aac|ogg|midi?|wav|mp4|mov|webm|mpe?g|avi|ogv|flv|wmv)$ {
|
||||||
expires 7d;
|
expires 7d;
|
||||||
access_log off;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
# svg, fonts
|
# svg, fonts
|
||||||
location ~* \.(?:svgz?|ttf|ttc|otf|eot|woff2?)$ {
|
location ~* \.(?:svgz?|ttf|ttc|otf|eot|woff2?)$ {
|
||||||
add_header Access-Control-Allow-Origin "*";
|
add_header Access-Control-Allow-Origin "*";
|
||||||
expires 7d;
|
expires 7d;
|
||||||
access_log off;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
# gzip
|
# gzip
|
||||||
gzip on;
|
gzip on;
|
||||||
gzip_vary on;
|
gzip_vary on;
|
||||||
gzip_proxied any;
|
gzip_proxied any;
|
||||||
gzip_comp_level 6;
|
gzip_comp_level 6;
|
||||||
gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;
|
gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;
|
||||||
|
|
||||||
|
|
@ -1,17 +1,15 @@
|
||||||
# 404
|
# 404
|
||||||
try_files $fastcgi_script_name =404;
|
try_files $fastcgi_script_name =404;
|
||||||
|
|
||||||
# default fastcgi_params
|
# default fastcgi_params
|
||||||
include fastcgi_params;
|
include fastcgi_params;
|
||||||
|
|
||||||
# fastcgi settings
|
# fastcgi settings
|
||||||
fastcgi_pass unix:/var/run/php/php8.2-fpm.sock;
|
fastcgi_index index.php;
|
||||||
fastcgi_index index.php;
|
fastcgi_buffers 8 16k;
|
||||||
fastcgi_buffers 8 16k;
|
fastcgi_buffer_size 32k;
|
||||||
fastcgi_buffer_size 32k;
|
|
||||||
|
|
||||||
# fastcgi params
|
# fastcgi params
|
||||||
fastcgi_param DOCUMENT_ROOT $realpath_root;
|
fastcgi_param DOCUMENT_ROOT $realpath_root;
|
||||||
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
|
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
|
||||||
fastcgi_param PHP_ADMIN_VALUE "open_basedir=$base/:/usr/lib/php/:/tmp/";
|
fastcgi_param PHP_ADMIN_VALUE "open_basedir=$base/:/usr/lib/php/:/tmp/";
|
||||||
|
|
||||||
|
|
@ -1,13 +1,11 @@
|
||||||
# security headers
|
# security headers
|
||||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
add_header X-XSS-Protection "1; mode=block" always;
|
||||||
add_header X-XSS-Protection "1; mode=block" always;
|
add_header X-Content-Type-Options "nosniff" always;
|
||||||
add_header X-Content-Type-Options "nosniff" always;
|
add_header Referrer-Policy "no-referrer-when-downgrade" always;
|
||||||
add_header Referrer-Policy "no-referrer-when-downgrade" always;
|
add_header Content-Security-Policy "default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';" always;
|
||||||
add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always;
|
add_header Permissions-Policy "interest-cohort=()" always;
|
||||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
|
|
||||||
|
|
||||||
# . files
|
# . files
|
||||||
location ~ /\.(?!well-known) {
|
location ~ /\.(?!well-known) {
|
||||||
deny all;
|
deny all;
|
||||||
}
|
}
|
||||||
|
|
||||||
1
configs/fox-api/nginx/nginxconfig.txt
Normal file
1
configs/fox-api/nginx/nginxconfig.txt
Normal file
|
|
@ -0,0 +1 @@
|
||||||
|
https://www.digitalocean.com/community/tools/nginx?domains.0.server.path=%2Fvar%2Fwww%2Fexample&domains.0.https.https=false&domains.0.https.http2=false&domains.0.php.phpServer=%2Fvar%2Frun%2Fphp%2Fphp8.2-fpm.sock
|
||||||
30
configs/fox-api/nginx/sites-available/fox-api.conf
Normal file
30
configs/fox-api/nginx/sites-available/fox-api.conf
Normal file
|
|
@ -0,0 +1,30 @@
|
||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
listen [::]:80;
|
||||||
|
set $base /home/coder/fox-api;
|
||||||
|
root $base/public;
|
||||||
|
|
||||||
|
# security
|
||||||
|
include nginxconfig.io/security.conf;
|
||||||
|
|
||||||
|
# logging
|
||||||
|
access_log /var/log/nginx/access.log combined buffer=512k flush=1m;
|
||||||
|
error_log /var/log/nginx/error.log warn;
|
||||||
|
|
||||||
|
# index.php
|
||||||
|
index index.php;
|
||||||
|
|
||||||
|
# index.php fallback
|
||||||
|
location / {
|
||||||
|
try_files $uri $uri/ /index.php?$query_string;
|
||||||
|
}
|
||||||
|
|
||||||
|
# additional config
|
||||||
|
include nginxconfig.io/general.conf;
|
||||||
|
|
||||||
|
# handle .php
|
||||||
|
location ~ \.php$ {
|
||||||
|
fastcgi_pass unix:/var/run/php/php8.2-fpm.sock;
|
||||||
|
include nginxconfig.io/php_fastcgi.conf;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
@ -3,5 +3,29 @@
|
||||||
echo "[BOOTSTRAP] Running initial nginx setup for FOX-API..."
|
echo "[BOOTSTRAP] Running initial nginx setup for FOX-API..."
|
||||||
|
|
||||||
# Download the nginx config files
|
# Download the nginx config files
|
||||||
curl -s https://raw.githubusercontent.com/fox-api/fox-api/master/scripts/fox-api/nginx.conf > /etc/nginx/nginx.conf
|
curl -s https://git.kakio.us/Furality/coder-templates/raw/branch/main/configs/fox-api/nginx/nginx.conf > /etc/nginx/nginx.conf
|
||||||
curl -s https://raw.githubusercontent.com/fox-api/fox-api/master/scripts/fox-api/default.conf > /etc/nginx/conf.d/default.conf
|
|
||||||
|
# Make a folder for the nginxconfig.io files
|
||||||
|
mkdir -p /etc/nginx/nginxconfig.io/
|
||||||
|
|
||||||
|
#Make sure the nginxconfig.io files are owned by www-data
|
||||||
|
chown -R www-data:www-data /etc/nginx/nginxconfig.io/
|
||||||
|
|
||||||
|
# Download the nginxconfig.io files
|
||||||
|
curl -s https://git.kakio.us/Furality/coder-templates/raw/branch/main/configs/fox-api/nginx/nginxconfig.io/general.conf > /etc/nginx/nginxconfig.io/general.conf
|
||||||
|
curl -s https://git.kakio.us/Furality/coder-templates/raw/branch/main/configs/fox-api/nginx/nginxconfig.io/php_fastcgi.conf > /etc/nginx/nginxconfig.io/php_fastcgi.conf
|
||||||
|
curl -s https://git.kakio.us/Furality/coder-templates/raw/branch/main/configs/fox-api/nginx/nginxconfig.io/security.conf > /etc/nginx/nginxconfig.io/security.conf
|
||||||
|
|
||||||
|
# Download the nginx sites-available files
|
||||||
|
curl -s https://git.kakio.us/Furality/coder-templates/raw/branch/main/configs/fox-api/nginx/sites-available/fox-api.conf > /etc/nginx/sites-available/fox-api.conf
|
||||||
|
|
||||||
|
# Link the sites-available files to sites-enabled
|
||||||
|
ln -s /etc/nginx/sites-available/fox-api.conf /etc/nginx/sites-enabled/fox-api.conf
|
||||||
|
|
||||||
|
# Remove the default nginx site
|
||||||
|
rm /etc/nginx/sites-enabled/default
|
||||||
|
|
||||||
|
# Restart nginx
|
||||||
|
systemctl restart nginx
|
||||||
|
|
||||||
|
echo "[BOOTSTRAP] Done!"
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue