@@ -11,9 +11,9 @@ server {
1111 access_log /var/log/nginx/domains/% domain% .log combined;
1212 access_log /var/log/nginx/domains/% domain% .bytes bytes;
1313 error_log /var/log/nginx/domains/% domain% .error.log error;
14-
14+
1515 include % home% /% user% /conf/web/% domain% /nginx.forcessl.conf*;
16-
16+
1717 location = /favicon.ico {
1818 log_not_found off;
1919 access_log off;
@@ -25,46 +25,9 @@ server {
2525 access_log off;
2626 }
2727
28- # Gzip Settings, convert all types.
29- gzip on;
30- gzip_vary on;
31- gzip_proxied any;
32-
33- # Can be enhance to 5, but it can slow you server
34- # gzip_comp_level 5;
35- # gzip_min_length 256;
36-
37- gzip_types
38- application/atom+xml
39- application/javascript
40- application/json
41- application/ld+json
42- application/manifest+json
43- application/rss+xml
44- application/vnd.geo+json
45- application/vnd.ms-fontobject
46- application/x-font-ttf
47- application/x-web-app-manifest+json
48- application/xhtml+xml
49- application/xml
50- font/opentype
51- image/bmp
52- image/svg+xml
53- image/x-icon
54- text/cache-manifest
55- text/css
56- text/plain
57- text/vcard
58- text/vnd.rim.location.xloc
59- text/vtt
60- text/x-component
61- text/x-cross-domain-policy;
62-
63- gzip_disable "MSIE [1-6]\.(?!.*SV1)";
64-
65- # Cloudflare / Max CDN fix
66- location ~* \.(eot|otf|ttf|woff(?:2)?)$ {
67- add_header Access-Control-Allow-Origin *;
28+ location ~ /\.(?!well-known\/) {
29+ deny all;
30+ return 404;
6831 }
6932
7033 # Force pdf files to be downloaded
@@ -73,7 +36,7 @@ server {
7336 add_header X-Content-Type-Options nosniff;
7437 }
7538
76- # Force files inupload directory to be downloaded
39+ # Force files in upload directory to be downloaded
7740 location ~ ^/upload/ {
7841 add_header Content-Disposition Attachment;
7942 add_header X-Content-Type-Options nosniff;
@@ -107,25 +70,32 @@ server {
10770 # Source code directories
10871 location ~ ^/(app|bin|cache|classes|config|controllers|docs|localization|override|src|tests|tools|translations|travis-scripts|vendor|var)/ {
10972 deny all;
73+ return 404;
11074 }
75+
11176 # vendor in modules directory
11277 location ~ ^/modules/.*/vendor/ {
11378 deny all;
79+ return 404;
11480 }
81+
11582 # Prevent exposing other sensitive files
11683 location ~ \.(yml|log|tpl|twig|sass)$ {
11784 deny all;
85+ return 404;
11886 }
11987
12088 # Prevent injection of php files
12189 location /upload {
12290 location ~ \.php$ {
12391 deny all;
92+ return 404;
12493 }
12594 }
12695 location /img {
12796 location ~ \.php$ {
12897 deny all;
98+ return 404;
12999 }
130100 }
131101
@@ -137,47 +107,35 @@ server {
137107 rewrite ^(.+)$ /index.php?q= $1 last;
138108 }
139109
140- location ~* ^.+\.(jpeg| jpg|png |gif|bmp |ico|svg| css|js)$ {
141- expires max ;
142- fastcgi_hide_header " Set-Cookie"
110+ location ~* ^.+\.(ogg|ogv|svg|svgz|swf|eot|otf|woff|woff2|mov|mp3|mp4|webm|flv|ttf|rss|atom| jpg|jpeg |gif|png |ico|bmp|mid|midi|wav|rtf| css|js|jar )$ {
111+ expires 30d ;
112+ fastcgi_hide_header " Set-Cookie"
143113 }
144114
145- location ~ [^/]\.php(/|$) {
115+ location ~ [^/]\.php(/|$) {
116+ fastcgi_split_path_info ^(.+\.php)(/.+)$;
146117 fastcgi_param SCRIPT_FILENAME $document_root $fastcgi_script_name ;
147-
148118 try_files $fastcgi_script_name /index.php$uri &$args =404;
149-
150- # Environment variables for PHP
151- fastcgi_split_path_info ^(.+\.php)(/.+)$;
152-
153- fastcgi_pass % backend_lsnr% ;
154- fastcgi_index index.php;
155- include /etc/nginx/fastcgi_params;
119+ fastcgi_pass % backend_lsnr% ;
120+ fastcgi_index index.php;
121+ include /etc/nginx/fastcgi_params;
156122 }
157123 }
158124
159- error_page 403 /error/404.html;
160- error_page 404 /index.php?controller=404;
161- error_page 500 502 503 504 /error/50x.html;
162-
125+ error_page 403 /error/404.html;
126+ error_page 404 /index.php?controller=404;
127+ error_page 500 502 503 504 /error/50x.html;
163128
164129 location /error/ {
165130 alias % home% /% user% /web/% domain% /document_errors/;
166131 }
167132
168- location ~* "/\.(htaccess|htpasswd)$" {
169- deny all;
170- return 404;
171- }
172-
173133 location /vstats/ {
174134 alias % home% /% user% /web/% domain% /stats/;
175135 include % home% /% user% /web/% domain% /stats/auth.conf*;
176136 }
177137
178138 include /etc/nginx/conf.d/phpmyadmin.inc*;
179139 include /etc/nginx/conf.d/phppgadmin.inc*;
180- include /etc/nginx/conf.d/webmail.inc*;
181-
182140 include %home%/%user%/conf/web/%domain%/nginx.conf_*;
183141}
0 commit comments