Makussu/bunkerweb
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

php and nextcloud examples fix

Browse Source
This commit is contained in:
bunkerity 2020-11-22 17:38:07 +01:00
parent 58fcf0a725
commit 813b42cfa9
No known key found for this signature in database
GPG Key ID: 654FFF51CEF7CC47
7 changed files with 67 additions and 88 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
confs/site/php.conf
View File

@ -1,6 +1,3 @@
include %FASTCGI_PATH%fastcgi.conf;
include %FASTCGI_PATH%fastcgi_params;
location ~ \.php$ { location ~ \.php$ {
fastcgi_pass %REMOTE_PHP%:9000; fastcgi_pass %REMOTE_PHP%:9000;
fastcgi_index index.php; fastcgi_index index.php;

3
confs/site/server.conf
View File

@ -1,4 +1,5 @@
server { server {
%FASTCGI_PATH%
%SERVER_CONF% %SERVER_CONF%
%PROXY_REAL_IP% %PROXY_REAL_IP%
%MAIN_LUA% %MAIN_LUA%
@ -15,7 +16,6 @@ server {
} }
%LIMIT_REQ% %LIMIT_REQ%
%AUTH_BASIC% %AUTH_BASIC%
%USE_PHP%
%REMOVE_HEADERS% %REMOVE_HEADERS%
%X_FRAME_OPTIONS% %X_FRAME_OPTIONS%
%X_XSS_PROTECTION% %X_XSS_PROTECTION%
@ -38,4 +38,5 @@ server {
%USE_OPEN_FILE_CACHE% %USE_OPEN_FILE_CACHE%
%USE_PROXY_CACHE% %USE_PROXY_CACHE%
%USE_REVERSE_PROXY% %USE_REVERSE_PROXY%
%USE_PHP%
} }

4
entrypoint/site-config.sh
View File

@ -128,15 +128,15 @@ fi
# remote PHP # remote PHP
if [ "$REMOTE_PHP" != "" ] ; then if [ "$REMOTE_PHP" != "" ] ; then
replace_in_file "${NGINX_PREFIX}server.conf" "%USE_PHP%" "include ${NGINX_PREFIX}php.conf;" replace_in_file "${NGINX_PREFIX}server.conf" "%USE_PHP%" "include ${NGINX_PREFIX}php.conf;"
replace_in_file "${NGINX_PREFIX}server.conf" "%FASTCGI_PATH%" "include ${NGINX_PREFIX}fastcgi.conf;"
replace_in_file "${NGINX_PREFIX}php.conf" "%REMOTE_PHP%" "$REMOTE_PHP" replace_in_file "${NGINX_PREFIX}php.conf" "%REMOTE_PHP%" "$REMOTE_PHP"
replace_in_file "${NGINX_PREFIX}php.conf" "%FASTCGI_PATH%" "$NGINX_PREFIX"
if [ "$MULTISITE" = "yes" ] ; then if [ "$MULTISITE" = "yes" ] ; then
cp /etc/nginx/fastcgi.conf ${NGINX_PREFIX}fastcgi.conf cp /etc/nginx/fastcgi.conf ${NGINX_PREFIX}fastcgi.conf
cp /etc/nginx/fastcgi_params ${NGINX_PREFIX}fastcgi_params
fi fi
replace_in_file "${NGINX_PREFIX}fastcgi.conf" "\$document_root" "${REMOTE_PHP_PATH}/" replace_in_file "${NGINX_PREFIX}fastcgi.conf" "\$document_root" "${REMOTE_PHP_PATH}/"
else else
replace_in_file "${NGINX_PREFIX}server.conf" "%USE_PHP%" "" replace_in_file "${NGINX_PREFIX}server.conf" "%USE_PHP%" ""
replace_in_file "${NGINX_PREFIX}server.conf" "%FASTCGI_PATH%" ""
fi fi
# serve files # serve files

1
examples/multisite-custom-server-confs/docker-compose.yml
View File

@ -31,6 +31,7 @@ services:
- nc.website.com_LIMIT_REQ_BURST=60 - nc.website.com_LIMIT_REQ_BURST=60
- nc.website.com_ALLOWED_METHODS=GET|POST|HEAD|PROPFIND|DELETE|PUT|MKCOL|MOVE|COPY|PROPPATCH|REPORT - nc.website.com_ALLOWED_METHODS=GET|POST|HEAD|PROPFIND|DELETE|PUT|MKCOL|MOVE|COPY|PROPPATCH|REPORT
- nc.website.com_X_FRAME_OPTIONS=SAMEORIGIN - nc.website.com_X_FRAME_OPTIONS=SAMEORIGIN
- nc.website.com_FAIL2BAN_STATUS_CODE=400|401|403|405|444
networks: networks:
- net1 - net1
- net2 - net2

70
examples/multisite-custom-server-confs/server-confs/nc.website.com/nextcloud.conf
View File

@ -1,42 +1,32 @@
location ~ \.php(?:$|/) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
include /etc/nginx/nc.website.com/fastcgi.conf;
fastcgi_param SCRIPT_FILENAME /var/www/html/$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info;
fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice
fastcgi_param front_controller_active true; # Enable pretty urls
fastcgi_pass mync:9000;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ \.(?:css|js|svg|gif)$ {
try_files $uri /index.php$request_uri;
expires 6M; # Cache-Control policy borrowed from `.htaccess`
}
location ~ \.woff2?$ {
try_files $uri /index.php$request_uri;
expires 7d; # Cache-Control policy borrowed from `.htaccess`
}
location / { location / {
rewrite ^ /index.php; try_files $uri /index.php$request_uri;
} }
location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
deny all;
}
location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
include /etc/nginx/nc.website.com/fastcgi_params;
fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info;
fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass mync:9000;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
include /etc/nginx/nc.website.com/fastcgi.conf;
}
location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
try_files $uri/ =404;
index index.php;
}
location ~ \.(?:css|js|woff2?|svg|gif|map|mp4)$ {
try_files $uri /index.php$request_uri;
add_header Cache-Control "public, max-age=15778463";
}
location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {
try_files $uri /index.php$request_uri;
}

4
examples/nextcloud/docker-compose.yml
View File

@ -27,12 +27,12 @@ services:
- LIMIT_REQ_BURST=60 - LIMIT_REQ_BURST=60
- ALLOWED_METHODS=GET|POST|HEAD|PROPFIND|DELETE|PUT|MKCOL|MOVE|COPY|PROPPATCH|REPORT - ALLOWED_METHODS=GET|POST|HEAD|PROPFIND|DELETE|PUT|MKCOL|MOVE|COPY|PROPPATCH|REPORT
- X_FRAME_OPTIONS=SAMEORIGIN - X_FRAME_OPTIONS=SAMEORIGIN
- USE_CLIENT_CACHE=yes
- USE_GZIP=yes - USE_GZIP=yes
- USE_BROTLI=yes - USE_BROTLI=yes
- FAIL2BAN_STATUS_CODE=400|401|403|405|444
mync: mync:
image: nextcloud:stable-fpm image: nextcloud:20-fpm
restart: always restart: always
volumes: volumes:
- ./nc-files:/var/www/html - ./nc-files:/var/www/html

70
examples/nextcloud/server-confs/nextcloud.conf
View File

@ -1,42 +1,32 @@
location ~ \.php(?:$|/) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
include fastcgi.conf;
fastcgi_param SCRIPT_FILENAME /var/www/html/$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info;
fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice
fastcgi_param front_controller_active true; # Enable pretty urls
fastcgi_pass mync:9000;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ \.(?:css|js|svg|gif)$ {
try_files $uri /index.php$request_uri;
expires 6M; # Cache-Control policy borrowed from `.htaccess`
}
location ~ \.woff2?$ {
try_files $uri /index.php$request_uri;
expires 7d; # Cache-Control policy borrowed from `.htaccess`
}
location / { location / {
rewrite ^ /index.php; try_files $uri /index.php$request_uri;
} }
location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
deny all;
}
location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
include fastcgi_params;
fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info;
fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass mync:9000;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
include fastcgi.conf;
}
location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
try_files $uri/ =404;
index index.php;
}
location ~ \.(?:css|js|woff2?|svg|gif|map|mp4)$ {
try_files $uri /index.php$request_uri;
add_header Cache-Control "public, max-age=15778463";
}
location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {
try_files $uri /index.php$request_uri;
}