|
|
@@ -1437,6 +1437,29 @@ function set_default_onion_domains {
|
|
1437
|
1437
|
fi
|
|
1438
|
1438
|
}
|
|
1439
|
1439
|
|
|
|
1440
|
+function nginx_disable_sniffing {
|
|
|
1441
|
+ domain_name=$1
|
|
|
1442
|
+ filename=/etc/nginx/sites-available/$domain_name
|
|
|
1443
|
+ echo ' add_header X-Frame-Options DENY;' >> $filename
|
|
|
1444
|
+ echo ' add_header X-Content-Type-Options nosniff;' >> $filename
|
|
|
1445
|
+ echo '' >> $filename
|
|
|
1446
|
+}
|
|
|
1447
|
+
|
|
|
1448
|
+function nginx_limits {
|
|
|
1449
|
+ domain_name=$1
|
|
|
1450
|
+ max_body='20m'
|
|
|
1451
|
+ if [ $2 ]; then
|
|
|
1452
|
+ max_body=$2
|
|
|
1453
|
+ fi
|
|
|
1454
|
+ filename=/etc/nginx/sites-available/$domain_name
|
|
|
1455
|
+ echo " client_max_body_size ${max_body};" >> $filename
|
|
|
1456
|
+ echo ' client_body_buffer_size 128k;' >> $filename
|
|
|
1457
|
+ echo '' >> $filename
|
|
|
1458
|
+ echo ' limit_conn conn_limit_per_ip 10;' >> $filename
|
|
|
1459
|
+ echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> $filename
|
|
|
1460
|
+ echo '' >> $filename
|
|
|
1461
|
+}
|
|
|
1462
|
+
|
|
1440
|
1463
|
function nginx_http_redirect {
|
|
1441
|
1464
|
# redirect port 80 to https
|
|
1442
|
1465
|
domain_name=$1
|
|
|
@@ -1448,9 +1471,7 @@ function nginx_http_redirect {
|
|
1448
|
1471
|
echo " root /var/www/${domain_name}/htdocs;" >> $filename
|
|
1449
|
1472
|
echo ' access_log off;' >> $filename
|
|
1450
|
1473
|
echo " error_log /var/log/nginx/${domain_name}_error.log $WEBSERVER_LOG_LEVEL;" >> $filename
|
|
1451
|
|
- echo ' limit_conn conn_limit_per_ip 10;' >> $filename
|
|
1452
|
|
- echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> $filename
|
|
1453
|
|
- echo '' >> $filename
|
|
|
1474
|
+ nginx_limits $domain_name
|
|
1454
|
1475
|
echo ' rewrite ^ https://$server_name$request_uri? permanent;' >> $filename
|
|
1455
|
1476
|
echo '}' >> $filename
|
|
1456
|
1477
|
echo '' >> $filename
|
|
|
@@ -1471,14 +1492,6 @@ function nginx_ssl {
|
|
1471
|
1492
|
echo " ssl_ciphers '$SSL_CIPHERS';" >> $filename
|
|
1472
|
1493
|
}
|
|
1473
|
1494
|
|
|
1474
|
|
-function nginx_disable_sniffing {
|
|
1475
|
|
- domain_name=$1
|
|
1476
|
|
- filename=/etc/nginx/sites-available/$domain_name
|
|
1477
|
|
- echo ' add_header X-Frame-Options DENY;' >> $filename
|
|
1478
|
|
- echo ' add_header X-Content-Type-Options nosniff;' >> $filename
|
|
1479
|
|
- echo '' >> $filename
|
|
1480
|
|
-}
|
|
1481
|
|
-
|
|
1482
|
1495
|
function set_repo_commit {
|
|
1483
|
1496
|
repo_dir=$1
|
|
1484
|
1497
|
repo_commit_name=$2
|
|
|
@@ -6506,8 +6519,7 @@ function install_owncloud {
|
|
6506
|
6519
|
echo ' access_log off;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
|
6507
|
6520
|
echo " error_log /var/log/nginx/${OWNCLOUD_DOMAIN_NAME}_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
|
6508
|
6521
|
echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
|
6509
|
|
- echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
|
6510
|
|
- echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
|
|
6522
|
+ nginx_limits $OWNCLOUD_DOMAIN_NAME '10G'
|
|
6511
|
6523
|
echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
|
6512
|
6524
|
nginx_ssl $OWNCLOUD_DOMAIN_NAME
|
|
6513
|
6525
|
nginx_disable_sniffing $OWNCLOUD_DOMAIN_NAME
|
|
|
@@ -6521,8 +6533,6 @@ function install_owncloud {
|
|
6521
|
6533
|
echo ' allow all;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
|
6522
|
6534
|
echo ' }' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
|
6523
|
6535
|
echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
|
6524
|
|
- echo ' client_max_body_size 10G; # set max upload size' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
|
6525
|
|
- echo ' client_body_buffer_size 128k;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
|
6526
|
6536
|
echo ' fastcgi_buffers 64 4K;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
|
6527
|
6537
|
echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
|
6528
|
6538
|
echo ' rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
|
|
@@ -6582,9 +6592,7 @@ function install_owncloud {
|
|
6582
|
6592
|
echo ' access_log off;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
|
6583
|
6593
|
echo " error_log /var/log/nginx/${OWNCLOUD_DOMAIN_NAME}_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
|
6584
|
6594
|
echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
|
6585
|
|
- echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
|
6586
|
|
- echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
|
6587
|
|
- echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
|
|
6595
|
+ nginx_limits $OWNCLOUD_DOMAIN_NAME '10G'
|
|
6588
|
6596
|
nginx_disable_sniffing $OWNCLOUD_DOMAIN_NAME
|
|
6589
|
6597
|
echo ' add_header Strict-Transport-Security max-age=15768000;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
|
6590
|
6598
|
echo ' # if you want to be able to access the site via HTTP' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
|
|
@@ -6596,8 +6604,6 @@ function install_owncloud {
|
|
6596
|
6604
|
echo ' allow all;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
|
6597
|
6605
|
echo ' }' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
|
6598
|
6606
|
echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
|
6599
|
|
- echo ' client_max_body_size 10G; # set max upload size' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
|
6600
|
|
- echo ' client_body_buffer_size 128k;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
|
6601
|
6607
|
echo ' fastcgi_buffers 64 4K;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
|
6602
|
6608
|
echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
|
6603
|
6609
|
echo ' rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
|
|
@@ -6906,8 +6912,7 @@ function install_gogs {
|
|
6906
|
6912
|
echo ' access_log off;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
|
|
6907
|
6913
|
echo " error_log /var/log/nginx/${GIT_DOMAIN_NAME}_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
|
|
6908
|
6914
|
nginx_disable_sniffing $GIT_DOMAIN_NAME
|
|
6909
|
|
- echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
|
|
6910
|
|
- echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
|
|
|
6915
|
+ nginx_limits $GIT_DOMAIN_NAME
|
|
6911
|
6916
|
echo ' location / {' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
|
|
6912
|
6917
|
echo ' proxy_pass http://localhost:3000;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
|
|
6913
|
6918
|
echo ' }' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
|
|
|
@@ -6926,9 +6931,7 @@ function install_gogs {
|
|
6926
|
6931
|
echo ' access_log off;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
|
|
6927
|
6932
|
echo " error_log /var/log/nginx/${GIT_DOMAIN_NAME}_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
|
|
6928
|
6933
|
echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
|
|
6929
|
|
- echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
|
|
6930
|
|
- echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
|
|
6931
|
|
- echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
|
|
|
6934
|
+ nginx_limits $GIT_DOMAIN_NAME '10G'
|
|
6932
|
6935
|
nginx_ssl $GIT_DOMAIN_NAME
|
|
6933
|
6936
|
nginx_disable_sniffing $GIT_DOMAIN_NAME
|
|
6934
|
6937
|
echo ' add_header Strict-Transport-Security max-age=0;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
|
|
|
@@ -6937,8 +6940,6 @@ function install_gogs {
|
|
6937
|
6940
|
echo ' proxy_pass http://localhost:3000;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
|
|
6938
|
6941
|
echo ' }' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
|
|
6939
|
6942
|
echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
|
|
6940
|
|
- echo ' client_max_body_size 10G; # set max upload size' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
|
|
6941
|
|
- echo ' client_body_buffer_size 128k;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
|
|
6942
|
6943
|
echo ' fastcgi_buffers 64 4K;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
|
|
6943
|
6944
|
echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
|
|
6944
|
6945
|
echo ' error_page 403 /core/templates/403.php;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
|
|
|
@@ -6961,9 +6962,7 @@ function install_gogs {
|
|
6961
|
6962
|
echo ' access_log off;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
|
|
6962
|
6963
|
echo " error_log /var/log/nginx/${GIT_DOMAIN_NAME}_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
|
|
6963
|
6964
|
echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
|
|
6964
|
|
- echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
|
|
6965
|
|
- echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
|
|
6966
|
|
- echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
|
|
|
6965
|
+ nginx_limits $GIT_DOMAIN_NAME '10G'
|
|
6967
|
6966
|
nginx_disable_sniffing $GIT_DOMAIN_NAME
|
|
6968
|
6967
|
echo ' add_header Strict-Transport-Security max-age=0;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
|
|
6969
|
6968
|
echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
|
|
|
@@ -6971,8 +6970,6 @@ function install_gogs {
|
|
6971
|
6970
|
echo ' proxy_pass http://localhost:3000;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
|
|
6972
|
6971
|
echo ' }' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
|
|
6973
|
6972
|
echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
|
|
6974
|
|
- echo ' client_max_body_size 10G; # set max upload size' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
|
|
6975
|
|
- echo ' client_body_buffer_size 128k;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
|
|
6976
|
6973
|
echo ' fastcgi_buffers 64 4K;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
|
|
6977
|
6974
|
echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
|
|
6978
|
6975
|
echo ' error_page 403 /core/templates/403.php;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
|
|
|
@@ -7661,14 +7658,9 @@ function install_wiki {
|
|
7661
|
7658
|
echo " error_log /var/log/nginx/${WIKI_DOMAIN_NAME}_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
|
|
7662
|
7659
|
echo ' index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
|
|
7663
|
7660
|
echo ' charset utf-8;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
|
|
7664
|
|
- echo ' client_max_body_size 20m;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
|
|
7665
|
|
- echo ' client_body_buffer_size 128k;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
|
|
7666
|
7661
|
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
|
|
7667
|
7662
|
nginx_disable_sniffing $WIKI_DOMAIN_NAME
|
|
7668
|
|
- echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
|
|
7669
|
|
- echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
|
|
7670
|
|
- echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
|
|
7671
|
|
- echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
|
|
|
7663
|
+ nginx_limits $WIKI_DOMAIN_NAME
|
|
7672
|
7664
|
echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
|
|
7673
|
7665
|
echo ' location / {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
|
|
7674
|
7666
|
echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
|
|
|
@@ -7740,12 +7732,7 @@ function install_wiki {
|
|
7740
|
7732
|
echo " error_log /var/log/nginx/${WIKI_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
|
|
7741
|
7733
|
echo ' index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
|
|
7742
|
7734
|
echo ' charset utf-8;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
|
|
7743
|
|
- echo ' client_max_body_size 20m;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
|
|
7744
|
|
- echo ' client_body_buffer_size 128k;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
|
|
7745
|
|
- echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
|
|
7746
|
|
- echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
|
|
7747
|
|
- echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
|
|
7748
|
|
- echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
|
|
|
7735
|
+ nginx_limits $WIKI_DOMAIN_NAME
|
|
7749
|
7736
|
nginx_ssl $WIKI_DOMAIN_NAME
|
|
7750
|
7737
|
nginx_disable_sniffing $WIKI_DOMAIN_NAME
|
|
7751
|
7738
|
echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
|
|
|
@@ -7824,12 +7811,7 @@ function install_wiki {
|
|
7824
|
7811
|
echo " error_log /var/log/nginx/${WIKI_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
|
|
7825
|
7812
|
echo ' index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
|
|
7826
|
7813
|
echo ' charset utf-8;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
|
|
7827
|
|
- echo ' client_max_body_size 20m;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
|
|
7828
|
|
- echo ' client_body_buffer_size 128k;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
|
|
7829
|
|
- echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
|
|
7830
|
|
- echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
|
|
7831
|
|
- echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
|
|
7832
|
|
- echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
|
|
|
7814
|
+ nginx_limits $WIKI_DOMAIN_NAME
|
|
7833
|
7815
|
nginx_disable_sniffing $WIKI_DOMAIN_NAME
|
|
7834
|
7816
|
echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
|
|
7835
|
7817
|
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
|
|
|
@@ -7994,14 +7976,8 @@ function install_blog {
|
|
7994
|
7976
|
echo " error_log /var/log/nginx/${FULLBLOG_DOMAIN_NAME}_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
|
7995
|
7977
|
echo ' index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
|
7996
|
7978
|
echo ' charset utf-8;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
|
7997
|
|
- echo ' client_max_body_size 20m;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
|
7998
|
|
- echo ' client_body_buffer_size 128k;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
|
7999
|
|
- echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
|
8000
|
|
- echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
|
8001
|
|
- echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
|
8002
|
|
- echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
|
|
7979
|
+ nginx_limits $FULLBLOG_DOMAIN_NAME
|
|
8003
|
7980
|
nginx_disable_sniffing $FULLBLOG_DOMAIN_NAME
|
|
8004
|
|
- echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
|
8005
|
7981
|
echo ' # Always redirect the login page to https' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
|
8006
|
7982
|
echo ' location /login {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
|
8007
|
7983
|
echo ' rewrite ^ https://$server_name$request_uri?;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
|
|
@@ -8078,12 +8054,7 @@ function install_blog {
|
|
8078
|
8054
|
echo " error_log /var/log/nginx/${FULLBLOG_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
|
8079
|
8055
|
echo ' index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
|
8080
|
8056
|
echo ' charset utf-8;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
|
8081
|
|
- echo ' client_max_body_size 20m;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
|
8082
|
|
- echo ' client_body_buffer_size 128k;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
|
8083
|
|
- echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
|
8084
|
|
- echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
|
8085
|
|
- echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
|
8086
|
|
- echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
|
|
8057
|
+ nginx_limits $FULLBLOG_DOMAIN_NAME
|
|
8087
|
8058
|
nginx_ssl $FULLBLOG_DOMAIN_NAME
|
|
8088
|
8059
|
nginx_disable_sniffing $FULLBLOG_DOMAIN_NAME
|
|
8089
|
8060
|
echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
|
|
@@ -8162,12 +8133,7 @@ function install_blog {
|
|
8162
|
8133
|
echo " error_log /var/log/nginx/${FULLBLOG_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
|
8163
|
8134
|
echo ' index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
|
8164
|
8135
|
echo ' charset utf-8;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
|
8165
|
|
- echo ' client_max_body_size 20m;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
|
8166
|
|
- echo ' client_body_buffer_size 128k;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
|
8167
|
|
- echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
|
8168
|
|
- echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
|
8169
|
|
- echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
|
8170
|
|
- echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
|
|
8136
|
+ nginx_limits $FULLBLOG_DOMAIN_NAME
|
|
8171
|
8137
|
nginx_disable_sniffing $FULLBLOG_DOMAIN_NAME
|
|
8172
|
8138
|
echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
|
8173
|
8139
|
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
|
|
@@ -8392,8 +8358,7 @@ function install_rss_reader {
|
|
8392
|
8358
|
echo ' }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
|
|
8393
|
8359
|
echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
|
|
8394
|
8360
|
nginx_disable_sniffing $RSS_READER_DOMAIN_NAME
|
|
8395
|
|
- echo ' client_max_body_size 15m;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
|
|
8396
|
|
- echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
|
|
|
8361
|
+ nginx_limits $RSS_READER_DOMAIN_NAME '15m'
|
|
8397
|
8362
|
echo ' set $mobile_rewrite do_not_perform;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
|
|
8398
|
8363
|
echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
|
|
8399
|
8364
|
echo ' ## chi http_user_agent for mobile / smart phones ##' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
|
|
|
@@ -8657,6 +8622,7 @@ function install_gnu_social {
|
|
8657
|
8622
|
echo ' # Security' >> $microblog_nginx_site
|
|
8658
|
8623
|
nginx_ssl $MICROBLOG_DOMAIN_NAME
|
|
8659
|
8624
|
nginx_disable_sniffing $MICROBLOG_DOMAIN_NAME
|
|
|
8625
|
+ nginx_limits $MICROBLOG_DOMAIN_NAME '15m'
|
|
8660
|
8626
|
echo ' add_header Strict-Transport-Security max-age=15768000;' >> $microblog_nginx_site
|
|
8661
|
8627
|
echo '' >> $microblog_nginx_site
|
|
8662
|
8628
|
echo ' # Logs' >> $microblog_nginx_site
|
|
|
@@ -8689,8 +8655,6 @@ function install_gnu_social {
|
|
8689
|
8655
|
echo ' location ~ /\.(ht|git) {' >> $microblog_nginx_site
|
|
8690
|
8656
|
echo ' deny all;' >> $microblog_nginx_site
|
|
8691
|
8657
|
echo ' }' >> $microblog_nginx_site
|
|
8692
|
|
- echo '' >> $microblog_nginx_site
|
|
8693
|
|
- echo ' client_max_body_size 15m;' >> $microblog_nginx_site
|
|
8694
|
8658
|
echo '}' >> $microblog_nginx_site
|
|
8695
|
8659
|
else
|
|
8696
|
8660
|
echo -n '' > $microblog_nginx_site
|
|
|
@@ -8731,7 +8695,7 @@ function install_gnu_social {
|
|
8731
|
8695
|
echo ' }' >> $microblog_nginx_site
|
|
8732
|
8696
|
echo '' >> $microblog_nginx_site
|
|
8733
|
8697
|
nginx_disable_sniffing $MICROBLOG_DOMAIN_NAME
|
|
8734
|
|
- echo ' client_max_body_size 15m;' >> $microblog_nginx_site
|
|
|
8698
|
+ nginx_limits $MICROBLOG_DOMAIN_NAME '15m'
|
|
8735
|
8699
|
echo '}' >> $microblog_nginx_site
|
|
8736
|
8700
|
|
|
8737
|
8701
|
configure_php
|
|
|
@@ -9110,13 +9074,8 @@ function install_hubzilla {
|
|
9110
|
9074
|
echo " error_log /var/log/nginx/${HUBZILLA_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
|
|
9111
|
9075
|
echo ' index index.php;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
|
|
9112
|
9076
|
echo ' charset utf-8;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
|
|
9113
|
|
- echo ' client_max_body_size 20m;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
|
|
9114
|
|
- echo ' client_body_buffer_size 128k;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
|
|
9115
|
9077
|
echo ' access_log off;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
|
|
9116
|
|
- echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
|
|
9117
|
|
- echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
|
|
9118
|
|
- echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
|
|
9119
|
|
- echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
|
|
|
9078
|
+ nginx_limits $HUBZILLA_DOMAIN_NAME
|
|
9120
|
9079
|
nginx_ssl $HUBZILLA_DOMAIN_NAME
|
|
9121
|
9080
|
nginx_disable_sniffing $HUBZILLA_DOMAIN_NAME
|
|
9122
|
9081
|
echo ' add_header Strict-Transport-Security max-age=15768000;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
|
|
|
@@ -9187,13 +9146,8 @@ function install_hubzilla {
|
|
9187
|
9146
|
echo " error_log /var/log/nginx/${HUBZILLA_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
|
|
9188
|
9147
|
echo ' index index.php;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
|
|
9189
|
9148
|
echo ' charset utf-8;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
|
|
9190
|
|
- echo ' client_max_body_size 20m;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
|
|
9191
|
|
- echo ' client_body_buffer_size 128k;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
|
|
9192
|
9149
|
echo ' access_log off;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
|
|
9193
|
|
- echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
|
|
9194
|
|
- echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
|
|
9195
|
|
- echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
|
|
9196
|
|
- echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
|
|
|
9150
|
+ nginx_limits $HUBZILLA_DOMAIN_NAME
|
|
9197
|
9151
|
nginx_disable_sniffing $HUBZILLA_DOMAIN_NAME
|
|
9198
|
9152
|
echo ' add_header Strict-Transport-Security max-age=15768000;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
|
|
9199
|
9153
|
echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
|
|
|
@@ -9477,8 +9431,7 @@ function install_mediagoblin {
|
|
9477
|
9431
|
echo " server_name $MEDIAGOBLIN_DOMAIN_NAME;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
|
|
9478
|
9432
|
echo ' access_log off;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
|
|
9479
|
9433
|
echo " error_log /var/log/nginx/${MEDIAGOBLIN_DOMAIN_NAME}_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
|
|
9480
|
|
- echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
|
|
9481
|
|
- echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
|
|
|
9434
|
+ nginx_limits $MEDIAGOBLIN_DOMAIN_NAME
|
|
9482
|
9435
|
echo ' location / {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
|
|
9483
|
9436
|
echo ' proxy_pass http://localhost:6543;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
|
|
9484
|
9437
|
echo ' }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
|
|
|
@@ -9500,9 +9453,7 @@ function install_mediagoblin {
|
|
9500
|
9453
|
echo ' access_log off;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
|
|
9501
|
9454
|
echo " error_log /var/log/nginx/${MEDIAGOBLIN_DOMAIN_NAME}_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
|
|
9502
|
9455
|
echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
|
|
9503
|
|
- echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
|
|
9504
|
|
- echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
|
|
9505
|
|
- echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
|
|
|
9456
|
+ nginx_limits $MEDIAGOBLIN_DOMAIN_NAME '10G'
|
|
9506
|
9457
|
nginx_ssl $MEDIAGOBLIN_DOMAIN_NAME
|
|
9507
|
9458
|
nginx_disable_sniffing $MEDIAGOBLIN_DOMAIN_NAME
|
|
9508
|
9459
|
echo ' add_header Strict-Transport-Security max-age=0;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
|
|
|
@@ -9511,8 +9462,6 @@ function install_mediagoblin {
|
|
9511
|
9462
|
echo ' proxy_pass http://localhost:6543;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
|
|
9512
|
9463
|
echo ' }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
|
|
9513
|
9464
|
echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
|
|
9514
|
|
- echo ' client_max_body_size 10G; # set max upload size' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
|
|
9515
|
|
- echo ' client_body_buffer_size 128k;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
|
|
9516
|
9465
|
echo ' fastcgi_buffers 64 4K;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
|
|
9517
|
9466
|
echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
|
|
9518
|
9467
|
echo ' error_page 403 /core/templates/403.php;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
|
Bob Mottram
9 years ago