Страница 1 из 1
Drupal Nginx + PhpBB - upweb
Добавлено: 30 май 2020, 15:03
brahman
Old config from ispmanager
Код: Выделить всё
server {
server_name upweb.me www.upweb.me;
charset off;
index index.php index.html;
disable_symlinks if_not_owner from=$root_path;
include /etc/nginx/vhosts-includes/*.conf;
include /etc/nginx/vhosts-resources/upweb.me/*.conf;
access_log /var/www/httpd-logs/upweb.me.access.log;
error_log /var/www/httpd-logs/upweb.me.error.log notice;
ssi on;
return 301 https://$host:443$request_uri;
set $root_path /var/www/upweb/data/www/upweb.me/web;
root $root_path;
location / {
location ~ [^/]\.ph(p\d*|tml)$ {
try_files /does_not_exists @php;
}
}
listen 46.10.178.152:80 default_server;
location @php {
fastcgi_index index.php;
fastcgi_param PHP_ADMIN_VALUE "sendmail_path = /usr/sbin/sendmail -t -i -f webmaster@upweb.me";
fastcgi_pass unix:/var/www/php-fpm/upweb.sock;
fastcgi_split_path_info ^((?U).+\.ph(?:p\d*|tml))(/?.+)$;
try_files $uri =404;
include fastcgi_params;
}
}
server {
server_name upweb.me www.upweb.me;
ssl_certificate "/var/www/httpd-cert/upweb/upweb.me_le2.crtca";
ssl_certificate_key "/var/www/httpd-cert/upweb/upweb.me_le2.key";
ssl_ciphers EECDH:+AES256:-3DES:RSA+AES:!NULL:!RC4;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
add_header Strict-Transport-Security "max-age=31536000;";
ssl_dhparam /etc/ssl/certs/dhparam4096.pem;
charset off;
index index.php index.html;
disable_symlinks if_not_owner from=$root_path;
include /etc/nginx/vhosts-includes/*.conf;
include /etc/nginx/vhosts-resources/upweb.me/*.conf;
access_log /var/www/httpd-logs/upweb.me.access.log;
error_log /var/www/httpd-logs/upweb.me.error.log notice;
ssi on;
set $root_path /var/www/upweb/data/www/upweb.me/web;
root $root_path;
location / {
location ~ [^/]\.ph(p\d*|tml)$ {
try_files /does_not_exists @php;
}
}
listen 46.10.178.152:443 ssl default_server http2;
location @php {
fastcgi_index index.php;
fastcgi_param PHP_ADMIN_VALUE "sendmail_path = /usr/sbin/sendmail -t -i -f webmaster@upweb.me";
fastcgi_pass unix:/var/www/php-fpm/upweb.sock;
fastcgi_split_path_info ^((?U).+\.ph(?:p\d*|tml))(/?.+)$;
try_files $uri =404;
include fastcgi_params;
}
}
Re: Drupal Nginx upweb
Добавлено: 30 май 2020, 15:04
brahman
Результат компиляции старого конфига и следующей инструкции
https://www.nginx.com/resources/wiki/st ... es/drupal/
Также была добавлена секция для работы phpbb
Код: Выделить всё
server {
server_name upweb.me www.upweb.me;
charset off;
index index.php index.html;
disable_symlinks if_not_owner from=$root_path;
include /etc/nginx/vhosts-includes/*.conf;
include /etc/nginx/vhosts-resources/upweb.me/*.conf;
access_log /var/www/httpd-logs/upweb.me.access.log;
error_log /var/www/httpd-logs/upweb.me.error.log notice;
ssi on;
set $root_path /var/www/upweb/data/www/upweb.me/web;
root $root_path;
location / {
try_files $uri /index.php?$query_string;
location ~ [^/]\.ph(p\d*|tml)$ {
try_files /does_not_exists @php;
}
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ \..*/.*\.php$ {
return 403;
}
location ~ ^/sites/.*/private/ {
return 403;
}
# Block access to scripts in site files directory
location ~ ^/sites/[^/]+/files/.*\.php$ {
deny all;
}
# Allow "Well-Known URIs" as per RFC 5785
location ~* ^/.well-known/ {
allow all;
}
# Block access to "hidden" files and directories whose names begin with a
# period. This includes directories used by version control systems such
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
}
location @rewrite {
rewrite ^/(.*)$ /index.php?q=$1;
}
# Don't allow direct access to PHP files in the vendor directory.
location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
# Protect files and directories from prying eyes.
location ~* \.(engine|inc|install|make|module|profile|po|sh|.*sql|theme|twig|tpl(\.php)?|xtmpl|yml)(~|\.sw[op]|\.bak|\.orig|\.save)?$|^(\.(?!well-known).*|Entries.*|Repository|Root|Tag|Template|composer\.(json|lock)|web\.config)$|^#.*#$|\.php(~|\.sw[op]|\.bak|\.orig|\.save)$ {
deny all;
return 404;
}
listen 46.10.178.152:80;
location @php {
fastcgi_index index.php;
fastcgi_param PHP_ADMIN_VALUE "sendmail_path = /usr/sbin/sendmail -t -i -f webmaster@upweb.me";
fastcgi_param HTTP_PROXY "";
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param QUERY_STRING $query_string;
fastcgi_intercept_errors on;
fastcgi_pass unix:/var/www/php-fpm/upweb.sock;
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
try_files $fastcgi_script_name =404;
include fastcgi_params;
}
}
server {
server_name upweb.me www.upweb.me;
ssl_certificate "/var/www/httpd-cert/upweb/upweb.me_le2.crtca";
ssl_certificate_key "/var/www/httpd-cert/upweb/upweb.me_le2.key";
ssl_ciphers EECDH:+AES256:-3DES:RSA+AES:!NULL:!RC4;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
add_header Strict-Transport-Security "max-age=31536000;";
ssl_dhparam /etc/ssl/certs/dhparam4096.pem;
charset off;
index index.php index.html;
disable_symlinks if_not_owner from=$root_path;
include /etc/nginx/vhosts-includes/*.conf;
include /etc/nginx/vhosts-resources/upweb.me/*.conf;
access_log /var/www/httpd-logs/upweb.me.access.log;
error_log /var/www/httpd-logs/upweb.me.error.log notice;
ssi on;
set $root_path /var/www/upweb/data/www/upweb.me/web;
root $root_path;
location / {
try_files $uri /index.php?$query_string;
location ~ [^/]\.ph(p\d*|tml)$ {
try_files /does_not_exists @php;
}
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ \..*/.*\.php$ {
return 403;
}
location ~ ^/sites/.*/private/ {
return 403;
}
# Block access to scripts in site files directory
location ~ ^/sites/[^/]+/files/.*\.php$ {
deny all;
}
# Allow "Well-Known URIs" as per RFC 5785
location ~* ^/.well-known/ {
allow all;
}
# Block access to "hidden" files and directories whose names begin with a
# period. This includes directories used by version control systems such
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
}
location @rewrite {
rewrite ^/(.*)$ /index.php?q=$1;
}
# Don't allow direct access to PHP files in the vendor directory.
location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
# Protect files and directories from prying eyes.
location ~* \.(engine|inc|install|make|module|profile|po|sh|.*sql|theme|twig|tpl(\.php)?|xtmpl|yml)(~|\.sw[op]|\.bak|\.orig|\.save)?$|^(\.(?!well-known).*|Entries.*|Repository|Root|Tag|Template|composer\.(json|lock)|web\.config)$|^#.*#$|\.php(~|\.sw[op]|\.bak|\.orig|\.save)$ {
deny all;
return 404;
}
listen 46.10.178.152:443 ssl http2;
location @php {
fastcgi_index index.php;
fastcgi_param PHP_ADMIN_VALUE "sendmail_path = /usr/sbin/sendmail -t -i -f webmaster@upweb.me";
fastcgi_param HTTP_PROXY "";
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param QUERY_STRING $query_string;
fastcgi_intercept_errors on;
fastcgi_pass unix:/var/www/php-fpm/upweb.sock;
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
try_files $fastcgi_script_name =404;
include fastcgi_params;
}
# для phpbb, чтобы открывался в подкатегории /forum без index.php
location /forum/ {
try_files $uri /forum/index.php?$query_string;
location ~ [^/]\.ph(p\d*|tml)$ {
try_files /does_not_exists @php;
}
}
# специально для phpbb
location ~ ^/update.php {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/www/php-fpm/upweb.sock;
fastcgi_index update.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_intercept_errors on;
include fastcgi_params;
}
}
Re: Drupal Nginx + PhpBB - upweb
Добавлено: 02 июн 2020, 23:59
brahman
часть работающего вариант конфига для форума без косяков
Код: Выделить всё
location @rewriteapp {
rewrite ^(.*)$ /forum/app.php/$1 last;
}
location /forum/ {
try_files $uri $uri/ @rewriteapp;
location ~ /(config\.php|common\.php|cache|files|images/avatars/upload|includes|(?<!ext/)phpbb|store|vendor) {
deny all;
}
location ~ \.php(/|$) {
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_param HTTP_PROXY '';
try_files $uri $uri/ /forum/app.php$is_args$args $document_root$fastcgi_script_name =404;
fastcgi_pass unix:/var/www/php-fpm/upweb.sock;
}
}
часть для инсталляции, не проверял.
Код: Выделить всё
location /forum/install/ {
try_files $uri $uri/ @rewrite_installapp;
location ~ \.php(/|$) {
include fastcgi.conf;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_param HTTP_PROXY '';
try_files $uri $uri/ /forum/install/app.php$is_args$args $document_root$fastcgi_script_name =404;
fastcgi_pass unix:/run/php/php7.2-fpm.sock;
}
}
location @rewrite_installapp {
rewrite ^(.*)$ /forum/install/app.php/$1 last;
}
}
Re: Drupal Nginx + PhpBB - upweb
Добавлено: 07 июл 2020, 01:20
brahman
Код: Выделить всё
server {
server_name upweb.me www.upweb.me;
charset off;
index index.php index.html;
disable_symlinks if_not_owner from=$root_path;
include /etc/nginx/vhosts-includes/*.conf;
include /etc/nginx/vhosts-resources/upweb.me/*.conf;
access_log /var/www/httpd-logs/upweb.me.access.log;
error_log /var/www/httpd-logs/upweb.me.error.log notice;
ssi on;
set $root_path /var/www/upweb/data/www/upweb.me/web;
root $root_path;
location / {
try_files $uri /index.php?$query_string;
location ~ [^/]\.ph(p\d*|tml)$ {
try_files /does_not_exists @php;
}
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ \..*/.*\.php$ {
return 403;
}
location ~ ^/sites/.*/private/ {
return 403;
}
# Block access to scripts in site files directory
location ~ ^/sites/[^/]+/files/.*\.php$ {
deny all;
}
# Allow "Well-Known URIs" as per RFC 5785
location ~* ^/.well-known/ {
allow all;
}
# Block access to "hidden" files and directories whose names begin with a
# period. This includes directories used by version control systems such
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
}
location @rewrite {
rewrite ^/(.*)$ /index.php?q=$1;
}
# Don't allow direct access to PHP files in the vendor directory.
location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
# Protect files and directories from prying eyes.
location ~* \.(engine|inc|install|make|module|profile|po|sh|.*sql|theme|twig|tpl(\.php)?|xtmpl|yml)(~|\.sw[op]|\.bak|\.orig|\.save)?$|^(\.(?!well-known).*|Entries.*|Repository|Root|Tag|Template|composer\.(json|lock)|web\.config)$|^#.*#$|\.php(~|\.sw[op]|\.bak|\.orig|\.save)$ {
deny all;
return 404;
}
listen 46.10.178.152:80;
location @php {
fastcgi_index index.php;
fastcgi_param PHP_ADMIN_VALUE "sendmail_path = /usr/sbin/sendmail -t -i -f webmaster@upweb.me";
fastcgi_param HTTP_PROXY "";
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param QUERY_STRING $query_string;
fastcgi_intercept_errors on;
fastcgi_pass unix:/var/www/php-fpm/upweb.sock;
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
try_files $fastcgi_script_name =404;
include fastcgi_params;
}
}
server {
server_name upweb.me www.upweb.me;
ssl_certificate "/var/www/httpd-cert/upweb/upweb.me_le2.crtca";
ssl_certificate_key "/var/www/httpd-cert/upweb/upweb.me_le2.key";
ssl_ciphers EECDH:+AES256:-3DES:RSA+AES:!NULL:!RC4;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
add_header Strict-Transport-Security "max-age=31536000;";
ssl_dhparam /etc/ssl/certs/dhparam4096.pem;
charset off;
index index.php index.html;
disable_symlinks if_not_owner from=$root_path;
include /etc/nginx/vhosts-includes/*.conf;
include /etc/nginx/vhosts-resources/upweb.me/*.conf;
access_log /var/www/httpd-logs/upweb.me.access.log;
error_log /var/www/httpd-logs/upweb.me.error.log notice;
ssi on;
set $root_path /var/www/upweb/data/www/upweb.me/web;
root $root_path;
location / {
try_files $uri /index.php?$query_string;
location ~ [^/]\.ph(p\d*|tml)$ {
try_files /does_not_exists @php;
}
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ \..*/.*\.php$ {
return 403;
}
location ~ ^/sites/.*/private/ {
return 403;
}
# Block access to scripts in site files directory
location ~ ^/sites/[^/]+/files/.*\.php$ {
deny all;
}
# Allow "Well-Known URIs" as per RFC 5785
location ~* ^/.well-known/ {
allow all;
}
# Block access to "hidden" files and directories whose names begin with a
# period. This includes directories used by version control systems such
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
}
location @rewrite {
rewrite ^/(.*)$ /index.php?q=$1;
}
# Don't allow direct access to PHP files in the vendor directory.
location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
# Protect files and directories from prying eyes.
location ~* \.(engine|inc|install|make|module|profile|po|sh|.*sql|theme|twig|tpl(\.php)?|xtmpl|yml)(~|\.sw[op]|\.bak|\.orig|\.save)?$|^(\.(?!well-known).*|Entries.*|Repository|Root|Tag|Template|composer\.(json|lock)|web\.config)$|^#.*#$|\.php(~|\.sw[op]|\.bak|\.orig|\.save)$ {
deny all;
return 404;
}
listen 46.10.178.152:443 ssl http2;
location @php {
fastcgi_index index.php;
fastcgi_param PHP_ADMIN_VALUE "sendmail_path = /usr/sbin/sendmail -t -i -f webmaster@upweb.me";
fastcgi_param HTTP_PROXY "";
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param QUERY_STRING $query_string;
fastcgi_intercept_errors on;
fastcgi_pass unix:/var/www/php-fpm/upweb.sock;
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
try_files $fastcgi_script_name =404;
include fastcgi_params;
}
# специально для phpbb
location @rewriteapp {
rewrite ^(.*)$ /forum/app.php/$1 last;
}
location @rewrite_installapp {
rewrite ^(.*)$ /forum/install/app.php/$1 last;
}
location /forum/ {
try_files $uri $uri/ @rewriteapp;
location ~ /(config\.php|common\.php|cache|files|images/avatars/upload|includes|(?<!ext/)phpbb|store|vendor) {
deny all;
}
location ~ \.php(/|$) {
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_param HTTP_PROXY '';
try_files $uri $uri/ /forum/app.php$is_args$args $document_root$fastcgi_script_name =404;
fastcgi_pass unix:/var/www/php-fpm/upweb.sock;
}
}
location /forum/install/ {
try_files $uri $uri/ @rewrite_installapp;
location ~ \.php(/|$) {
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_param HTTP_PROXY '';
try_files $uri $uri/ /forum/install/app.php$is_args$args $document_root$fastcgi_script_name =404;
fastcgi_pass unix:/run/php/php7.2-fpm.sock;
}
}
}