From ecfd3fd0f2be883869ee7300e168db4a8c5b4f8c Mon Sep 17 00:00:00 2001 From: Benji Date: Sat, 26 Aug 2017 17:32:43 +0000 Subject: [PATCH 1/9] Allow defining of NGINX version to be installed. --- nginx/installer.sh | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/nginx/installer.sh b/nginx/installer.sh index d8d604f..976bd95 100644 --- a/nginx/installer.sh +++ b/nginx/installer.sh @@ -57,6 +57,7 @@ openSslVers="1.0.2k" pagespeedVers="1.12.34.2" pcreVers="8.40" zlibVers="1.2.11" +nginxVers="1.13.3" #+----------------------------------------------------------------------------+ #+ Setup @@ -99,17 +100,15 @@ nginxSetup() #+------------------------------------------------------------------------+ #+ Clone required repositories from GitHub #+------------------------------------------------------------------------+ - #+ 1). NGINX - #+ 2). NGINX Dev. Kit (Module) - #+ 3). NGINX Headers More (Module) - #+ 4). NGINX VTS (Module) - #+ 5). Brotli (for Brotli Compression) - #+ 6). LibBrotli - #+ 7). NGINX Brotli (Module) - #+ 8). NAXSI (Module) + #+ 1). NGINX Dev. Kit (Module) + #+ 2). NGINX Headers More (Module) + #+ 3). NGINX VTS (Module) + #+ 4). Brotli (for Brotli Compression) + #+ 5). LibBrotli + #+ 6). NGINX Brotli (Module) + #+ 7). NAXSI (Module) #+------------------------------------------------------------------------+ cd /usr/local/src/github \ - && git clone https://github.com/nginx/nginx.git \ && git clone https://github.com/simpl/ngx_devel_kit.git \ && git clone https://github.com/openresty/headers-more-nginx-module.git \ && git clone https://github.com/vozlt/nginx-module-vts.git \ @@ -177,8 +176,10 @@ nginxCompile() #+------------------------------------------------------------------------+ #+ Configure & Compile NGINX #+------------------------------------------------------------------------+ - cd /usr/local/src/github/nginx \ - && ./auto/configure --prefix=/etc/nginx \ + wget https://nginx.org/download/nginx-${nginxVers}.tar.gz \ + && tar -xvzf nginx-${nginxVers}.tar.gz + && cd /usr/local/src/github/nginx-${nginxVers} \ + && ./configure --prefix=/etc/nginx \ --sbin-path=/usr/sbin/nginx \ --conf-path=/etc/nginx/config/nginx.conf \ --lock-path=/etc/nginx/lock/nginx.lock \ From bbaa06e855ae9f1f1cfc8f33263b826ac5e275a2 Mon Sep 17 00:00:00 2001 From: Benji Date: Sat, 26 Aug 2017 19:37:52 +0200 Subject: [PATCH 2/9] Trailing \ missing --- nginx/installer.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nginx/installer.sh b/nginx/installer.sh index 976bd95..8097097 100644 --- a/nginx/installer.sh +++ b/nginx/installer.sh @@ -177,7 +177,7 @@ nginxCompile() #+ Configure & Compile NGINX #+------------------------------------------------------------------------+ wget https://nginx.org/download/nginx-${nginxVers}.tar.gz \ - && tar -xvzf nginx-${nginxVers}.tar.gz + && tar -xvzf nginx-${nginxVers}.tar.gz \ && cd /usr/local/src/github/nginx-${nginxVers} \ && ./configure --prefix=/etc/nginx \ --sbin-path=/usr/sbin/nginx \ @@ -284,4 +284,4 @@ nginxCleanup() nginxSetup \ && nginxCompile \ && nginxConfigure \ -&& nginxCleanup \ No newline at end of file +&& nginxCleanup From 53b3204f1849295dff1a4f72efba6f7a729946ae Mon Sep 17 00:00:00 2001 From: Benji Date: Sat, 26 Aug 2017 19:41:45 +0200 Subject: [PATCH 3/9] Updating comments --- nginx/installer.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nginx/installer.sh b/nginx/installer.sh index 8097097..7e74df1 100644 --- a/nginx/installer.sh +++ b/nginx/installer.sh @@ -174,7 +174,7 @@ nginxSetup() nginxCompile() { #+------------------------------------------------------------------------+ - #+ Configure & Compile NGINX + #+ Download, Extract, Configure & Compile NGINX #+------------------------------------------------------------------------+ wget https://nginx.org/download/nginx-${nginxVers}.tar.gz \ && tar -xvzf nginx-${nginxVers}.tar.gz \ From f03101e30e42564328011a975a751eec1c2961e6 Mon Sep 17 00:00:00 2001 From: Benji Date: Sat, 26 Aug 2017 19:50:09 +0200 Subject: [PATCH 4/9] Fix download directory for NGINX --- nginx/installer.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/nginx/installer.sh b/nginx/installer.sh index 7e74df1..8ad92af 100644 --- a/nginx/installer.sh +++ b/nginx/installer.sh @@ -176,7 +176,8 @@ nginxCompile() #+------------------------------------------------------------------------+ #+ Download, Extract, Configure & Compile NGINX #+------------------------------------------------------------------------+ - wget https://nginx.org/download/nginx-${nginxVers}.tar.gz \ + cd /usr/local/src/github \ + && wget https://nginx.org/download/nginx-${nginxVers}.tar.gz \ && tar -xvzf nginx-${nginxVers}.tar.gz \ && cd /usr/local/src/github/nginx-${nginxVers} \ && ./configure --prefix=/etc/nginx \ From 959d38a795b868a6fcca8ce52e49860779e35b81 Mon Sep 17 00:00:00 2001 From: Benji Date: Fri, 2 Feb 2018 00:44:07 +0100 Subject: [PATCH 5/9] Updated versions and added PHP7.2 --- nginx/installer.sh | 14 +++++++------- php/.DS_Store | Bin 0 -> 6148 bytes php/7.2/installer.sh | 38 ++++++++++++++++++++++++++++++++++++++ 3 files changed, 45 insertions(+), 7 deletions(-) create mode 100644 php/.DS_Store create mode 100644 php/7.2/installer.sh diff --git a/nginx/installer.sh b/nginx/installer.sh index 8ad92af..b7f5720 100644 --- a/nginx/installer.sh +++ b/nginx/installer.sh @@ -53,11 +53,11 @@ cpuCount=$(nproc --all) currentPath="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" dhparamBits="4096" nginxUser="nginx" -openSslVers="1.0.2k" -pagespeedVers="1.12.34.2" +openSslVers="1.1.0g" +pagespeedVers="1.12.34.3" pcreVers="8.40" zlibVers="1.2.11" -nginxVers="1.13.3" +nginxVers="1.12.2" #+----------------------------------------------------------------------------+ #+ Setup @@ -123,9 +123,9 @@ nginxSetup() #+ https://modpagespeed.com/doc/build_ngx_pagespeed_from_source #+------------------------------------------------------------------------+ cd /usr/local/src/github \ - && wget https://github.com/pagespeed/ngx_pagespeed/archive/v${pagespeedVers}-beta.zip \ - && unzip v${pagespeedVers}-beta.zip \ - && cd ngx_pagespeed-${pagespeedVers}-beta \ + && wget https://github.com/pagespeed/ngx_pagespeed/archive/v${pagespeedVers}-stable.zip \ + && unzip v${pagespeedVers}-stable.zip \ + && cd incubator-pagespeed-ngx-${pagespeedVers}-stable \ && export psol_url=https://dl.google.com/dl/page-speed/psol/${pagespeedVers}.tar.gz \ && [ -e scripts/format_binary_url.sh ] && psol_url=$(scripts/format_binary_url.sh PSOL_BINARY_URL) \ && wget ${psol_url} \ @@ -231,7 +231,7 @@ nginxCompile() --add-module=/usr/local/src/github/ngx_brotli \ --add-module=/usr/local/src/github/headers-more-nginx-module \ --add-module=/usr/local/src/github/set-misc-nginx-module \ - --add-module=/usr/local/src/github/ngx_pagespeed-${pagespeedVers}-beta \ + --add-module=/usr/local/src/github/incubator-pagespeed-ngx-${pagespeedVers}-stable \ && make -j ${cpuCount} \ && make install } diff --git a/php/.DS_Store b/php/.DS_Store new file mode 100644 index 0000000000000000000000000000000000000000..65bd4f960d4f60009179704ab932248c6f4ac0eb GIT binary patch literal 6148 zcmeHK%}T>S5Z<*_6GY5Gu*bc4E7I1|dJ#gc2X8_}4=Qa!iVf7HG^s&jB(I@w zyF1aozYh5ACDvvKtl=i}-#_-FxK{h%Yo+q~#-?GKhPiFt_C{gSi=B8Db)4z7w0v*q zYW*S%$6vbRUi!nNZ|$ChLG1X!a5@)$bL9tKm~_Hf;6-wtb0;1_u3V^ZRnoN8XjVm| zew0;3+HTjXqIuZLGSk@GuOFWc?jN7h=j`QG@ymgJDLWbqcmqY3_t2XL<1n~`ks`W? zA|wWg0b+m{SSbedF<@-1RMk{0F+dFbgaOm`AT%JYKk59ma(WXWUjuJuyHGEHY41 zriJJKDf}`^ANh+ZWDx_zz&~Svm%F`g2a3{X>$mdotQF7(&`>ZgM+F4*g-ZY!xQ|q% eQ~3qz5NB)572+&7F4F<&A|MH&ju`j_20j6 /dev/null 2>&1; +then + echo "PHP Repository already exists. Updating/Syncing packages and then exiting." + apt-get update + exit; +else + apt-get update \ + && apt-get -y upgrade \ + && add-apt-repository -y ppa:ondrej/php \ + && apt-get update \ + && apt-get -y install ${phpPackages} +fi \ No newline at end of file From 04c6d6177c107866305290915aa0124326ba7f50 Mon Sep 17 00:00:00 2001 From: Benji Date: Fri, 2 Feb 2018 00:46:00 +0100 Subject: [PATCH 6/9] Remove stupid .DS_Store file --- php/.DS_Store | Bin 6148 -> 0 bytes 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 php/.DS_Store diff --git a/php/.DS_Store b/php/.DS_Store deleted file mode 100644 index 65bd4f960d4f60009179704ab932248c6f4ac0eb..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 6148 zcmeHK%}T>S5Z<*_6GY5Gu*bc4E7I1|dJ#gc2X8_}4=Qa!iVf7HG^s&jB(I@w zyF1aozYh5ACDvvKtl=i}-#_-FxK{h%Yo+q~#-?GKhPiFt_C{gSi=B8Db)4z7w0v*q zYW*S%$6vbRUi!nNZ|$ChLG1X!a5@)$bL9tKm~_Hf;6-wtb0;1_u3V^ZRnoN8XjVm| zew0;3+HTjXqIuZLGSk@GuOFWc?jN7h=j`QG@ymgJDLWbqcmqY3_t2XL<1n~`ks`W? zA|wWg0b+m{SSbedF<@-1RMk{0F+dFbgaOm`AT%JYKk59ma(WXWUjuJuyHGEHY41 zriJJKDf}`^ANh+ZWDx_zz&~Svm%F`g2a3{X>$mdotQF7(&`>ZgM+F4*g-ZY!xQ|q% eQ~3qz5NB)572+&7F4F<&A|MH&ju`j_20j6 Date: Fri, 2 Feb 2018 01:00:32 +0100 Subject: [PATCH 7/9] Added new nginx config and UFW rules --- nginx/installer.sh | 7 +- nginx/nginx/config/_general.conf | 31 +++++++ nginx/nginx/config/_letsencrypt.conf | 4 + nginx/nginx/config/_php.conf | 8 ++ nginx/nginx/config/_php_fastcgi.conf | 17 ++++ nginx/nginx/config/_ssl.conf | 22 +++++ nginx/nginx/config/_wordpress.conf | 24 +++++ nginx/nginx/config/nginx.conf | 130 ++++++--------------------- nginx/nginx/sites-available/_.conf | 20 +++++ nginx/nginx/sites/_.conf | 13 --- nginx/ufw/nginx | 14 +++ nginx/ufw/phpmyadmin | 4 + nginx/ufw/vsftpd | 4 + 13 files changed, 183 insertions(+), 115 deletions(-) create mode 100644 nginx/nginx/config/_general.conf create mode 100644 nginx/nginx/config/_letsencrypt.conf create mode 100644 nginx/nginx/config/_php.conf create mode 100644 nginx/nginx/config/_php_fastcgi.conf create mode 100644 nginx/nginx/config/_ssl.conf create mode 100644 nginx/nginx/config/_wordpress.conf create mode 100644 nginx/nginx/sites-available/_.conf delete mode 100644 nginx/nginx/sites/_.conf create mode 100644 nginx/ufw/nginx create mode 100644 nginx/ufw/phpmyadmin create mode 100644 nginx/ufw/vsftpd diff --git a/nginx/installer.sh b/nginx/installer.sh index b7f5720..b62f9f5 100644 --- a/nginx/installer.sh +++ b/nginx/installer.sh @@ -52,7 +52,7 @@ fi cpuCount=$(nproc --all) currentPath="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" dhparamBits="4096" -nginxUser="nginx" +nginxUser="www-data" openSslVers="1.1.0g" pagespeedVers="1.12.34.3" pcreVers="8.40" @@ -261,6 +261,11 @@ nginxConfigure() && cp -R ${currentPath}/nginx/* /etc/nginx \ && cp -R ${currentPath}/systemd/nginx.service /lib/systemd/system/nginx.service + #+------------------------------------------------------------------------+ + #+ Copy UFW rules + #+------------------------------------------------------------------------+ + cp -R ${currentPath}/ufw/* /etc/ufw/applications.d + #+------------------------------------------------------------------------+ #+ Set correct permissions and ownership #+------------------------------------------------------------------------+ diff --git a/nginx/nginx/config/_general.conf b/nginx/nginx/config/_general.conf new file mode 100644 index 0000000..f771610 --- /dev/null +++ b/nginx/nginx/config/_general.conf @@ -0,0 +1,31 @@ +# headers +add_header X-Frame-Options "SAMEORIGIN" always; +add_header X-XSS-Protection "1; mode=block" always; +add_header X-Content-Type-Options "nosniff" always; +add_header X-UA-Compatible "IE=Edge" always; +add_header Cache-Control "no-transform" always; + +# . files +location ~ /\. { + deny all; +} + +# assets, media +location ~* \.(?:css(\.map)?|js(\.map)?|jpe?g|png|gif|ico|cur|heic|webp|tiff?|mp3|m4a|aac|ogg|midi?|wav|mp4|mov|webm|mpe?g|avi|ogv|flv|wmv)$ { + expires 7d; + access_log off; +} + +# svg, fonts +location ~* \.(?:svgz?|ttf|ttc|otf|eot|woff|woff2)$ { + add_header Access-Control-Allow-Origin "*"; + expires 7d; + access_log off; +} + +# gzip +gzip on; +gzip_vary on; +gzip_proxied any; +gzip_comp_level 6; +gzip_types text/plain text/css text/xml application/json application/javascript application/xml+rss application/atom+xml image/svg+xml; \ No newline at end of file diff --git a/nginx/nginx/config/_letsencrypt.conf b/nginx/nginx/config/_letsencrypt.conf new file mode 100644 index 0000000..7666605 --- /dev/null +++ b/nginx/nginx/config/_letsencrypt.conf @@ -0,0 +1,4 @@ +# ACME-challenge +location ^~ /.well-known/acme-challenge/ { + root /srv/_letsencrypt; +} \ No newline at end of file diff --git a/nginx/nginx/config/_php.conf b/nginx/nginx/config/_php.conf new file mode 100644 index 0000000..8356916 --- /dev/null +++ b/nginx/nginx/config/_php.conf @@ -0,0 +1,8 @@ +# index +index index.php; + +# handle .php +location ~ \.php$ { + include _php_fastcgi.conf; + +} \ No newline at end of file diff --git a/nginx/nginx/config/_php_fastcgi.conf b/nginx/nginx/config/_php_fastcgi.conf new file mode 100644 index 0000000..0551b16 --- /dev/null +++ b/nginx/nginx/config/_php_fastcgi.conf @@ -0,0 +1,17 @@ +try_files $uri =404; + +# fastcgi +fastcgi_pass unix:/var/run/php/php7.2-fpm.sock; +fastcgi_index index.php; +fastcgi_split_path_info ^(.+\.php)(/.+)$; +fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; +fastcgi_param PHP_ADMIN_VALUE open_basedir=$base/:/usr/lib/php/:/tmp/; +fastcgi_intercept_errors off; + +fastcgi_buffer_size 128k; +fastcgi_buffers 256 16k; +fastcgi_busy_buffers_size 256k; +fastcgi_temp_file_write_size 256k; + +# default fastcgi_params +include fastcgi_params; \ No newline at end of file diff --git a/nginx/nginx/config/_ssl.conf b/nginx/nginx/config/_ssl.conf new file mode 100644 index 0000000..7d0c89d --- /dev/null +++ b/nginx/nginx/config/_ssl.conf @@ -0,0 +1,22 @@ +# https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=nginx-1.10.3&openssl=1.1.0g&hsts=yes&profile=intermediate +ssl_session_timeout 1d; +ssl_session_cache shared:SSL:50m; +ssl_session_tickets off; + +# Diffie-Hellman parameter for DHE ciphersuites +ssl_dhparam /etc/nginx/dhparam.pem; + +# intermediate configuration +ssl_protocols TLSv1 TLSv1.1 TLSv1.2; +ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS'; +ssl_prefer_server_ciphers on; + +# HSTS +add_header Strict-Transport-Security "max-age=15768000" always; + +# OCSP Stapling +ssl_stapling on; +ssl_stapling_verify on; + +resolver 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220 valid=60s; +resolver_timeout 2s; \ No newline at end of file diff --git a/nginx/nginx/config/_wordpress.conf b/nginx/nginx/config/_wordpress.conf new file mode 100644 index 0000000..addd1ee --- /dev/null +++ b/nginx/nginx/config/_wordpress.conf @@ -0,0 +1,24 @@ +# allow tinymce +location = /wp-includes/js/tinymce/wp-tinymce.php { + include _php_fastcgi.conf; +} + +# wp-content, wp-includes php files +location ~* ^/(?:wp-content|wp-includes)/.*\.php$ { + deny all; +} + +# wp-content/uploads nasty stuff +location ~* ^/wp-content/uploads/.*\.(?:s?html?|php|js|swf)$ { + deny all; +} + +# wp-content/plugins nasty stuff +location ~* ^/wp-content/plugins/.*\.(?!css(\.map)?|js(\.map)?|ttf|ttc|otf|eot|woff|woff2|svgz?|jpe?g|png|gif|ico|cur|heic|webp|tiff?|mp3|m4a|aac|ogg|midi?|wav|mp4|mov|webm|mpe?g|avi|ogv|flv|wmv|pdf|docx?|xlsx?|pptx?) { + deny all; +} + +# WordPress stuff +location ~* ^/(?:xmlrpc\.php|wp-links-opml\.php|wp-config\.php|wp-config-sample\.php|wp-comments-post\.php|readme\.html|license\.txt)$ { + deny all; +} \ No newline at end of file diff --git a/nginx/nginx/config/nginx.conf b/nginx/nginx/config/nginx.conf index 027d0dc..e01ec04 100644 --- a/nginx/nginx/config/nginx.conf +++ b/nginx/nginx/config/nginx.conf @@ -1,107 +1,35 @@ -#+----------------------------------------------------------------------------+ -#+ NGINX Configuration v1.0.0 -#+----------------------------------------------------------------------------+ -pcre_jit on; - -timer_resolution 100ms; -user nginx nginx; - -worker_priority -10; -worker_processes 1; -worker_rlimit_nofile 260000; +user www-data; +pid /run/nginx.pid; +worker_processes auto; +worker_rlimit_nofile 409600; events { - accept_mutex off; - accept_mutex_delay 200ms; - use epoll; - worker_connections 10000; + worker_connections 4096; + multi_accept on; } - http { - #+------------------------------------------------------------------------+ - #+ Enable Brotli - #+------------------------------------------------------------------------+ - brotli on; - brotli_static on; - brotli_min_length 1000; - brotli_buffers 32 8k; - brotli_comp_level 5; - brotli_types *; - - #+------------------------------------------------------------------------+ - #+ client_max_body_size controls the maximum file upload size - this will - #+ need to be modified should you need to allow file uploads over 50MB. - #+------------------------------------------------------------------------+ - client_body_buffer_size 256k; - client_body_in_file_only off; - client_body_timeout 10s; - client_header_buffer_size 64k; - client_header_timeout 5s; - client_max_body_size 50m; - - charset utf-8; - connection_pool_size 512; - default_type application/octet-stream; - directio 4m; - - #+------------------------------------------------------------------------+ - #+ Enable GZIP - #+------------------------------------------------------------------------+ - gzip on; - gzip_vary on; - gzip_disable "MSIE [1-6]\."; - gzip_static on; - gzip_min_length 1400; - gzip_buffers 32 8k; - gzip_http_version 1.0; - gzip_comp_level 5; - gzip_proxied any; - gzip_types text/plain text/css text/xml application/javascript application/x-javascript application/xml application/xml+rss application/ecmascript application/json image/svg+xml; - - ignore_invalid_headers on; - include /etc/nginx/config/mime.types; - index index.php index.html; - - keepalive_disable msie6; - keepalive_requests 500; - keepalive_timeout 5; - - large_client_header_buffers 8 64k; - lingering_time 20s; - lingering_timeout 5s; - - map_hash_bucket_size 128; - map_hash_max_size 4096; - - open_file_cache max=50000 inactive=60s; - open_file_cache_errors off; - open_file_cache_min_uses 2; - open_file_cache_valid 120s; - open_log_file_cache max=10000 inactive=30s min_uses=2; - - output_buffers 8 256k; - postpone_output 1460; - - proxy_temp_path /etc/nginx/cache/proxy; - - request_pool_size 32k; - reset_timedout_connection on; - sendfile on; - sendfile_max_chunk 512k; - send_timeout 10s; - - server_names_hash_bucket_size 128; - server_names_hash_max_size 2048; - server_name_in_redirect off; - - server_tokens off; - - tcp_nodelay on; - tcp_nopush on; - - types_hash_max_size 2048; - variables_hash_max_size 2048; - - include /etc/nginx/sites/*.conf; + charset utf-8; + sendfile on; + tcp_nopush on; + tcp_nodelay on; + types_hash_max_size 2048; + server_tokens off; + log_not_found off; + + client_max_body_size 16M; + client_body_buffer_size 128k; + + # mime + include mime.types; + default_type application/octet-stream; + + # logging + access_log /var/log/nginx/access.log; + access_log off; + error_log /var/log/nginx/error.log warn; + + # include configs + include /etc/nginx/conf.d/*.conf; + include /etc/nginx/sites-enabled/*; } \ No newline at end of file diff --git a/nginx/nginx/sites-available/_.conf b/nginx/nginx/sites-available/_.conf new file mode 100644 index 0000000..cd92257 --- /dev/null +++ b/nginx/nginx/sites-available/_.conf @@ -0,0 +1,20 @@ +server { + listen 80 default_server; + listen [::]:80; + + server_name _; + set $base /srv/default; + root $base/www; + + # logging + access_log /srv/default/log/nginx.access.log; + access_log off; + error_log /srv/default/log/nginx.error.log; + + # $url, index.html + location / { + try_files $uri $uri/ /index.html; + } + + include _general.conf; +} diff --git a/nginx/nginx/sites/_.conf b/nginx/nginx/sites/_.conf deleted file mode 100644 index 3199df7..0000000 --- a/nginx/nginx/sites/_.conf +++ /dev/null @@ -1,13 +0,0 @@ -server -{ - listen 80 default_server; - listen [::]:80; - server_name _; - - root /home/nginx/htdocs/public; - - location / - { - try_files $uri $uri/ =404; - } -} \ No newline at end of file diff --git a/nginx/ufw/nginx b/nginx/ufw/nginx new file mode 100644 index 0000000..82a99c3 --- /dev/null +++ b/nginx/ufw/nginx @@ -0,0 +1,14 @@ +[NginxHTTP] +title=Web Server (Nginx, HTTP) +description=Small, but very powerful and efficient web server +ports=80/tcp + +[NginxHTTPS] +title=Web Server (Nginx, HTTPS) +description=Small, but very powerful and efficient web server +ports=443/tcp + +[NginxFull] +title=Web Server (Nginx, HTTP + HTTPS + phpMyAdmin) +description=Small, but very powerful and efficient web server +ports=80,443/tcp \ No newline at end of file diff --git a/nginx/ufw/phpmyadmin b/nginx/ufw/phpmyadmin new file mode 100644 index 0000000..e7f3652 --- /dev/null +++ b/nginx/ufw/phpmyadmin @@ -0,0 +1,4 @@ +[phpMyAdmin] +title=phpMyAdmin +description=A web interface for MySQL and MariaDB. +ports=8000/tcp \ No newline at end of file diff --git a/nginx/ufw/vsftpd b/nginx/ufw/vsftpd new file mode 100644 index 0000000..e2bf890 --- /dev/null +++ b/nginx/ufw/vsftpd @@ -0,0 +1,4 @@ +[VSFTPD] +title=VSFTPD +description=VSFTPD TCP +ports=20,21,990,40000:50000/tcp \ No newline at end of file From 929b14f70822dcbc143f1f79be0810e838aff6f0 Mon Sep 17 00:00:00 2001 From: Benji Date: Fri, 2 Feb 2018 15:27:53 +0100 Subject: [PATCH 8/9] temporarily removed PID file location --- nginx/nginx/config/nginx.conf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nginx/nginx/config/nginx.conf b/nginx/nginx/config/nginx.conf index e01ec04..5ec7de0 100644 --- a/nginx/nginx/config/nginx.conf +++ b/nginx/nginx/config/nginx.conf @@ -1,5 +1,5 @@ user www-data; -pid /run/nginx.pid; +#pid /run/nginx.pid; worker_processes auto; worker_rlimit_nofile 409600; @@ -32,4 +32,4 @@ http { # include configs include /etc/nginx/conf.d/*.conf; include /etc/nginx/sites-enabled/*; -} \ No newline at end of file +} From ae18941fb1dbbe4e848721cd37aeffb2a9c74c2b Mon Sep 17 00:00:00 2001 From: Benji Date: Fri, 2 Feb 2018 18:06:49 +0100 Subject: [PATCH 9/9] fix dhparam.pem location --- nginx/nginx/config/_ssl.conf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nginx/nginx/config/_ssl.conf b/nginx/nginx/config/_ssl.conf index 7d0c89d..1dfa80a 100644 --- a/nginx/nginx/config/_ssl.conf +++ b/nginx/nginx/config/_ssl.conf @@ -4,7 +4,7 @@ ssl_session_cache shared:SSL:50m; ssl_session_tickets off; # Diffie-Hellman parameter for DHE ciphersuites -ssl_dhparam /etc/nginx/dhparam.pem; +ssl_dhparam /etc/nginx/ssl/dhparam.pem; # intermediate configuration ssl_protocols TLSv1 TLSv1.1 TLSv1.2; @@ -19,4 +19,4 @@ ssl_stapling on; ssl_stapling_verify on; resolver 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220 valid=60s; -resolver_timeout 2s; \ No newline at end of file +resolver_timeout 2s;