|
|
|
@ -233,6 +233,88 @@ nginx_vhosts: |
|
|
|
|
return 403; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
location ~ /\. { |
|
|
|
|
access_log off; |
|
|
|
|
log_not_found off; |
|
|
|
|
deny all; |
|
|
|
|
} |
|
|
|
|
location ~ ~$ { |
|
|
|
|
access_log off; |
|
|
|
|
log_not_found off; |
|
|
|
|
deny all; |
|
|
|
|
} |
|
|
|
|
location ~ /\.ht { |
|
|
|
|
deny all; |
|
|
|
|
} |
|
|
|
|
location @rewrite { |
|
|
|
|
# Some modules enforce no slash (/) at the end of the URL |
|
|
|
|
# Else this rewrite block wouldn't be needed (GlobalRedirect) |
|
|
|
|
rewrite ^/(.*)$ /index.php?q=$1 last; |
|
|
|
|
} |
|
|
|
|
- listen: "{{ nginx_port }}" |
|
|
|
|
server_name: "2{{ server_hostname }} www.2{{ server_hostname }}" |
|
|
|
|
root: "/var/www/html/2{{ server_hostname }}" |
|
|
|
|
open_file_cache: "max=2000 inactive=120s" |
|
|
|
|
open_file_cache_valid: "240s" |
|
|
|
|
open_file_cache_min_uses: "5" |
|
|
|
|
open_file_cache_errors: "off" |
|
|
|
|
client_max_body_size: "5m" |
|
|
|
|
client_body_timeout: "60" |
|
|
|
|
index: "index.php index.html index.htm" |
|
|
|
|
error_page: "403 =404" |
|
|
|
|
access_log: "/var/log/nginx/2{{ server_hostname }}_access.log" |
|
|
|
|
error_log: "/var/log/nginx/2{{ server_hostname }}_error.log" |
|
|
|
|
extra_parameters: | |
|
|
|
|
location ~ ^/sites/.*/files/styles/ { |
|
|
|
|
try_files $uri @rewrite; |
|
|
|
|
} |
|
|
|
|
location ~ ^/sites/default/files/ { |
|
|
|
|
try_files $uri @rewrite; |
|
|
|
|
} |
|
|
|
|
location ~ \.(gif|jpg|jpeg|png|ico|bmp|js|css|pdf|doc|webp|woff|ico|js|css|svg)(\?[a-zA-Z0-9\.\-_,])?$ { |
|
|
|
|
expires max; |
|
|
|
|
log_not_found off; |
|
|
|
|
add_header Cache-Control "public"; |
|
|
|
|
add_header X-Cache $upstream_cache_status; |
|
|
|
|
} |
|
|
|
|
location = /favicon.ico { |
|
|
|
|
log_not_found off; |
|
|
|
|
access_log off; |
|
|
|
|
} |
|
|
|
|
location = /robots.txt { |
|
|
|
|
allow all; |
|
|
|
|
log_not_found off; |
|
|
|
|
access_log off; |
|
|
|
|
} |
|
|
|
|
location / { |
|
|
|
|
proxy_pass http://127.0.0.1:{{ apache_listen_port }}; |
|
|
|
|
proxy_set_header Host $host; |
|
|
|
|
proxy_set_header X-Real-IP $remote_addr; |
|
|
|
|
proxy_set_header X-Forwarded-For $remote_addr; |
|
|
|
|
add_header X-Cache $upstream_cache_status; |
|
|
|
|
add_header X-Loaded "/"; |
|
|
|
|
add_header X-Your-IP $remote_addr; |
|
|
|
|
} |
|
|
|
|
location ~ \.php$ { |
|
|
|
|
proxy_set_header X-Real-IP $remote_addr; |
|
|
|
|
proxy_set_header X-Forwarded-For $remote_addr; |
|
|
|
|
proxy_set_header Host $host; |
|
|
|
|
proxy_pass http://127.0.0.1:{{ apache_listen_port }}; |
|
|
|
|
add_header X-Cache $upstream_cache_status; |
|
|
|
|
add_header X-Loaded "php"; |
|
|
|
|
add_header X-Your-IP $remote_addr; |
|
|
|
|
} |
|
|
|
|
location = /backup { |
|
|
|
|
deny all; |
|
|
|
|
} |
|
|
|
|
location ~* \.(txt|log)$ { |
|
|
|
|
allow 127.0.0.1; |
|
|
|
|
deny all; |
|
|
|
|
} |
|
|
|
|
location ~ \..*/.*\.php$ { |
|
|
|
|
return 403; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
location ~ /\. { |
|
|
|
|
access_log off; |
|
|
|
|
log_not_found off; |
|
|
|
|