- 1
4.x [Nginx] Conf File IPS 4.1.8.1+
-
Chi sta navigando 0 utenti
- Nessun utente registrato visualizza questa pagina.
Abbiamo inserito dei cookies nel tuo dispositivo per aiutarti a migliorare la tua esperienza su questo sito. Puoi modificare le impostazioni dei cookie, altrimenti puoi accettarli cliccando su continua. to insert a cookie message.
Domanda
Daniel
ho trovato un interessante configurazione per NGINX fatta per IPS4
il link di github è questo https://gist.github.com/zeronug/a16b06fde32dbf0685a5
(è specifica per centmindmod)
# IPB4 Working NGINX site conf file # Tested on IPB 4.1.8.1+ and Centminmod 123.09beta01 # This file is for a FORCED SSL site. Non-SSL requests will be directed to SSL. # Replace 10.0.0.121 with your IP address or domain name. # Information gathered from # Centminmod.com / Information pulled from multiple guides. Thx eva2000! # Makoto on IPB Forum via https://community.invisionpower.com/topic/384522-how-to-set-up-a-secure-ipboard-installation-with-nginx-and-php-fpm/ version 3.4.8 guide. # Base building forum thread: https://community.centminmod.com/threads/ipb-v4-1-x-files.4922/ # Anyone else not mentioned who helped modify and create this file: Thanks! # Redirect to HTTPS from port 80 # Redirect from www to non-www with forced SSL server { listen 80; server_name 10.0.0.121; return 301 https://10.0.0.121$request_uri; # Access and Error Logs access_log /home/nginx/domains/10.0.0.121/log/access_via80.log combined buffer=256k flush=60m; error_log /home/nginx/domains/10.0.0.121/log/error_via80.log; } server { listen 443 ssl http2; server_name 10.0.0.121; root /home/nginx/domains/10.0.0.121/public; ssl_dhparam /usr/local/nginx/conf/ssl/10.0.0.121/dhparam.pem; ssl_certificate /usr/local/nginx/conf/ssl/10.0.0.121/10.0.0.121.crt; ssl_certificate_key /usr/local/nginx/conf/ssl/10.0.0.121/10.0.0.121.key; include /usr/local/nginx/conf/ssl_include.conf; # Mozilla Recommended ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!CAMELLIA:!DES-CBC3-SHA; ssl_prefer_server_ciphers on; # add_header Alternate-Protocol 443:npn-spdy/3; # HTTP Public Key Pinning Header uncomment only one that applies include or exclude domains. # You'd want to include subdomains if you're using SSL wildcard certificates # include subdomain # add_header Public-Key-Pins 'pin-sha256="kUtRfCe0JWOz1gw4DOGvf15QCfSLkIrlu+eOpf/PFOg="; pin-sha256="7nF+BczNEgtaZKE9fU80QwigQ+9Ip5S4AhR8CYM/U70="; max-age=86400; includeSubDomains'; # exclude subdomains # add_header Public-Key-Pins 'pin-sha256="kUtRfCe0JWOz1gw4DOGvf15QCfSLkIrlu+eOpf/PFOg="; pin-sha256="7nF+BczNEgtaZKE9fU80QwigQ+9Ip5S4AhR8CYM/U70="; max-age=86400'; add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;"; add_header X-Frame-Options SAMEORIGIN; add_header X-Content-Type-Options "nosniff" always; # spdy_headers_comp 5; ssl_buffer_size 1400; ssl_session_tickets on; # enable ocsp stapling # resolver 8.8.8.8 8.8.4.4 valid=10m; # resolver_timeout 10s; # ssl_stapling on; # ssl_stapling_verify on; # ssl_trusted_certificate /usr/local/nginx/conf/ssl/10.0.0.121/10.0.0.121-trusted.crt; # ngx_pagespeed & ngx_pagespeed handler # include /usr/local/nginx/conf/pagespeed.conf; # include /usr/local/nginx/conf/pagespeedhandler.conf; # include /usr/local/nginx/conf/pagespeedstatslog.conf; # add_header X-Xss-Protection "1; mode=block" always; # add_header X-Xss-Protection "1; mode=block" always; # add_header X-Content-Type-Options "nosniff" always; # Limit Connections Per IP Address # Modified from default to allow Admin directory to have more connections # Modified in nginx.conf # limit_conn_zone $limitconn_map zone=limit_per_ip:16m; # ssi on; # Access and Error Logs access_log /home/nginx/domains/10.0.0.121/log/access_via443.log combined buffer=256k flush=60m; error_log /home/nginx/domains/10.0.0.121/log/error_via443.log; # Prevent access to ./directories and files location ~ (?:^|/)\. { deny all; } location / { # block common exploits, sql injections etc include /usr/local/nginx/conf/block.conf; # Enables directory listings when index file not found # autoindex on; # Shows file listing times as local time autoindex_localtime on; try_files $uri $uri/ /index.php; } location ~^(/page/).*(\.php)$ { try_files $uri $uri/ /index.php; } # Mask fake admin directory # Must comment this during install. Uncomment after you change the name of the admin directory. location ~^/admin/(.*)$ { deny all; } # Secure real admin directory # Replace /your_admin_renamed_directory/ with your renamed directory. #location /your_admin_renamed_directory/ { # auth_basic "Private"; # auth_basic_user_file /usr/local/nginx/conf/htpasswd_admin_php; # include /usr/local/nginx/conf/php.conf; # allow 127.0.0.1; # allow YOURIPADDRESS; # deny all; #} # IP.Board PHP/CGI Protection # Allow access to interface files location ~^(/applications/*/interface/).*(\.php)$ { allow all; } location ~^(/uploads/).*(\.php)$ { deny all; } location ~^(/system/).*(\.php)$ { deny all; } location ~^(/datastore/).*(\.php)$ { deny all; } location ~^(/plugins/).*(\.php)$ { deny all; } location ~^(/applications/blog/).*(\.php)$ { deny all; } location ~^(/applications/calendar/).*(\.php)$ { deny all; } location ~^(/applications/chat/).*(\.php)$ { deny all; } location ~^(/applications/cms/).*(\.php)$ { deny all; } location ~^(/applications/core/).*(\.php)$ { deny all; } location ~^(/applications/downloads/).*(\.php)$ { deny all; } location ~^(/applications/forums/).*(\.php)$ { deny all; } location ~^(/applications/gallery/).*(\.php)$ { deny all; } location ~^(/applications/nexus/).*(\.php)$ { deny all; } include /usr/local/nginx/conf/staticfiles.conf; include /usr/local/nginx/conf/php.conf; include /usr/local/nginx/conf/drop.conf; #include /usr/local/nginx/conf/errorpage.conf; include /usr/local/nginx/conf/vts_server.conf; }
Link al commento
Condividi su altri siti
0 risposte a questa domanda
Messaggi raccomandati
Crea un account o accedi per lasciare un commento
Devi essere un membro per lasciare un commento
Crea un account
Iscriviti per un nuovo account nella nostra community. È facile!
Registra un nuovo accountAccedi
Sei già registrato? Accedi qui.
Accedi Ora