Home Explore Help
Register Sign In
demure
/
dotfiles
Watch 3
Star 3
Fork 3
Files Issues 0 Pull Requests 0 Wiki
Branch: master
Branches Tags
dotfiles
/
system_wide
/
etc
/
nginx
/
sites-available
/
demu.red

demu.red 2.4 KB
Permalink History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485 
  1. ## Main site config
    2. 

  2. 

  3. server {
    4. 

  4.     listen 80 default_server;
    5. 

  5.     listen [::]:80 default_server;
    6. 

  6.     listen 443 default_server ssl;
    7. 

  7.     listen [::]:443 default_server ssl;
    8. 

  8. 

  9.     # SSL configuration
    10. 

  10.     #
    11. 

  11.     # listen 443 ssl default_server;
    12. 

  12.     # listen [::]:443 ssl default_server;
    13. 

  13.     #
    14. 

  14.     # Note: You should disable gzip for SSL traffic.
    15. 

  15.     # See: https://bugs.debian.org/773332
    16. 

  16.     #
    17. 

  17.     # Read up on ssl_ciphers to ensure a secure configuration.
    18. 

  18.     # See: https://bugs.debian.org/765782
    19. 

  19.     #
    20. 

  20.     # Self signed certs generated by the ssl-cert package
    21. 

  21.     # Don't use them in a production server!
    22. 

  22.     #
    23. 

  23.     # include snippets/snakeoil.conf;
    24. 

  24. 

  25.     server_name demur.red;      ## Name of server
    26. 

  26.     root /var/www/pelican;      ## Path to root
    27. 

  27. 

  28.     ## Disable all methods besides HEAD, GET and POST.
    29. 

  29.     if ($request_method !~ ^(GET|HEAD|POST)$ ) {
    30. 

  30.         return 444;
    31. 

  31.     }
    32. 

  32. 

  33.     ## Add index.php to the list if you are using PHP
    34. 

  34.     index index.php index.html index.htm;
    35. 

  35. 

  36.     ## Include certbot fix
    37. 

  37.     include /etc/nginx/snippets/nginx.well-known.conf;
    38. 

  38. 

  39.     ## Include ssl
    40. 

  40.     include /etc/nginx/snippets/nginx.ssl.conf;
    41. 

  41. 

  42.     ### Deny Stuffs ### {{{
    43. 

  43.         ## Protect specific TXT and config files
    44. 

  44.         location ~ /(\.|readme.html|readme.md|changelog.txt|changelog.md|contributing.txt|contributing.md|license.txt|license.md|legalnotice|privacy.txt|privacy.md|security.txt|security.md|sample-.*txt)
    45. 

  45.         {
    46. 

  46.             deny all;
    47. 

  47.         }
    48. 

  48. 

  49.         ## Protect .git files
    50. 

  50.         location ~ /\.git/ {
    51. 

  51.             access_log off;
    52. 

  52.             log_not_found off;
    53. 

  53.             deny all;
    54. 

  54.         }
    55. 

  55. 

  56.         ## Stop logging /theme
    57. 

  57.         location /theme {
    58. 

  58.             access_log off;
    59. 

  59.         }
    60. 

  60.     ### End Deny Stuffs ### }}}
    61. 

  61. 

  62.     ### Rate Limit ### {{{
    63. 

  63.     limit_req zone=perip burst=100 nodelay;
    64. 

  64.     limit_req zone=perserver burst=5000;
    65. 

  65.     ### End Rate Limit ### }}}
    66. 

  66. 

  67.     ### php attempt ### {{{
    68. 

  68.     ## Pass the PHP scripts to FastCGI server listening on /var/run/php5-fpm.sock
    69. 

  69.     location ~ \.php$ {
    70. 

  70.         try_files $uri =404;
    71. 

  71.         fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
    72. 

  72.         fastcgi_index index.php;
    73. 

  73.         fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    74. 

  74.         include fastcgi_params;
    75. 

  75.     }
    76. 

  76.     ### End php ### }}}
    77. 

  77. 

  78.     ### Error Redirects ### {{{
    79. 

  79.     ## Redirect server error pages
    80. 

  80.     error_page 500 501 502 503 504 /pages/50x;
    81. 

  81.     error_page 404 /pages/404;
    82. 

  82.     error_page 403 /pages/403;
    83. 

  83.     ### End Error ### }}}
    84. 

  84. }
    85. 

  85.