Bob Mottram 8 лет назад
Родитель
Сommit
a246aaa461
1 измененных файлов: 48 добавлений и 30 удалений
  1. 48
    30
      src/freedombone-app-koel

+ 48
- 30
src/freedombone-app-koel Просмотреть файл

@@ -37,6 +37,7 @@ SHOW_ON_ABOUT=1
37 37
 KOEL_DOMAIN_NAME=
38 38
 KOEL_CODE=
39 39
 KOEL_ONION_PORT=8118
40
+KOEL_PORT=9000
40 41
 KOEL_REPO="https://github.com/phanan/koel"
41 42
 KOEL_COMMIT='70464a8977b1058f3bd0a4ec77877fe7894d8d84'
42 43
 KOEL_ADMIN_PASSWORD=
@@ -380,27 +381,37 @@ function install_koel_main {
380 381
         echo '  # Index' >> $koel_nginx_site
381 382
         echo '  index index.php;' >> $koel_nginx_site
382 383
         echo '' >> $koel_nginx_site
383
-        echo '  # PHP' >> $koel_nginx_site
384
-        echo '  location ~ \.php {' >> $koel_nginx_site
385
-        echo '    include snippets/fastcgi-php.conf;' >> $koel_nginx_site
386
-        echo '    fastcgi_pass unix:/var/run/php5-fpm.sock;' >> $koel_nginx_site
384
+        echo '  # Whitelist only index.php, robots.txt, and those start with public/ or api/' >> $koel_nginx_site
385
+        echo '  if ($request_uri !~ ^/$|index\.php|robots\.txt|api/|public/) {' >> $koel_nginx_site
386
+        echo '    return 404;' >> $koel_nginx_site
387
+        echo '  }' >> $koel_nginx_site
388
+        echo '' >> $koel_nginx_site
389
+        echo '  location /media/ {' >> $koel_nginx_site
390
+        echo '    internal;' >> $koel_nginx_site
391
+        echo '' >> $koel_nginx_site
392
+        echo '    # A X-Media-Root should be set to media_path settings from upstream' >> $koel_nginx_site
393
+        echo '    alias       $upstream_http_x_media_root;' >> $koel_nginx_site
394
+        echo '' >> $koel_nginx_site
387 395
         echo '  }' >> $koel_nginx_site
388 396
         echo '' >> $koel_nginx_site
389
-        echo '  # Location' >> $koel_nginx_site
390 397
         echo '  location / {' >> $koel_nginx_site
391 398
         function_check nginx_limits
392 399
         nginx_limits $KOEL_DOMAIN_NAME '15m'
393
-        echo '    try_files $uri $uri/ @koel;' >> $koel_nginx_site
400
+        echo '    try_files   $uri $uri/ /index.php?$args;' >> $koel_nginx_site
394 401
         echo '  }' >> $koel_nginx_site
395 402
         echo '' >> $koel_nginx_site
396
-        echo '  # Fancy URLs' >> $koel_nginx_site
397
-        echo '  location @koel {' >> $koel_nginx_site
398
-        echo '    rewrite ^(.*)$ /index.php?p=$1 last;' >> $koel_nginx_site
399
-        echo '  }' >> $koel_nginx_site
403
+        echo '  location ~ \.php$ {' >> $koel_nginx_site
404
+        echo '    try_files $uri $uri/ /index.php?$args;' >> $koel_nginx_site
405
+        echo '' >> $koel_nginx_site
406
+        echo '    fastcgi_param     PATH_INFO $fastcgi_path_info;' >> $koel_nginx_site
407
+        echo '    fastcgi_param     PATH_TRANSLATED $document_root$fastcgi_path_info;' >> $koel_nginx_site
408
+        echo '    fastcgi_param     SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> $koel_nginx_site
400 409
         echo '' >> $koel_nginx_site
401
-        echo '  # Restrict access that is unnecessary anyway' >> $koel_nginx_site
402
-        echo '  location ~ /\.(ht|git) {' >> $koel_nginx_site
403
-        echo '    deny all;' >> $koel_nginx_site
410
+        echo "    fastcgi_pass              127.0.0.1:$KOEL_PORT;" >> $koel_nginx_site
411
+        echo '    fastcgi_index             index.php;' >> $koel_nginx_site
412
+        echo '    fastcgi_split_path_info   ^(.+\.php)(/.+)$;' >> $koel_nginx_site
413
+        echo '    fastcgi_intercept_errors  on;' >> $koel_nginx_site
414
+        echo '    include                   fastcgi_params;' >> $koel_nginx_site
404 415
         echo '  }' >> $koel_nginx_site
405 416
         echo '' >> $koel_nginx_site
406 417
         echo '}' >> $koel_nginx_site
@@ -414,9 +425,6 @@ function install_koel_main {
414 425
     function_check nginx_compress
415 426
     nginx_compress $KOEL_DOMAIN_NAME
416 427
     echo '' >> $koel_nginx_site
417
-    function_check nginx_disable_sniffing
418
-    nginx_disable_sniffing $KOEL_DOMAIN_NAME
419
-    echo '' >> $koel_nginx_site
420 428
     echo '  # Logs' >> $koel_nginx_site
421 429
     echo '  access_log /dev/null;' >> $koel_nginx_site
422 430
     echo '  error_log /dev/null;' >> $koel_nginx_site
@@ -427,27 +435,37 @@ function install_koel_main {
427 435
     echo '  # Index' >> $koel_nginx_site
428 436
     echo '  index index.php;' >> $koel_nginx_site
429 437
     echo '' >> $koel_nginx_site
430
-    echo '  # PHP' >> $koel_nginx_site
431
-    echo '  location ~ \.php {' >> $koel_nginx_site
432
-    echo '    include snippets/fastcgi-php.conf;' >> $koel_nginx_site
433
-    echo '    fastcgi_pass unix:/var/run/php5-fpm.sock;' >> $koel_nginx_site
438
+    echo '  # Whitelist only index.php, robots.txt, and those start with public/ or api/' >> $koel_nginx_site
439
+    echo '  if ($request_uri !~ ^/$|index\.php|robots\.txt|api/|public/) {' >> $koel_nginx_site
440
+    echo '    return 404;' >> $koel_nginx_site
441
+    echo '  }' >> $koel_nginx_site
442
+    echo '' >> $koel_nginx_site
443
+    echo '  location /media/ {' >> $koel_nginx_site
444
+    echo '    internal;' >> $koel_nginx_site
445
+    echo '' >> $koel_nginx_site
446
+    echo '    # A X-Media-Root should be set to media_path settings from upstream' >> $koel_nginx_site
447
+    echo '    alias       $upstream_http_x_media_root;' >> $koel_nginx_site
448
+    echo '' >> $koel_nginx_site
434 449
     echo '  }' >> $koel_nginx_site
435 450
     echo '' >> $koel_nginx_site
436
-    echo '  # Location' >> $koel_nginx_site
437 451
     echo '  location / {' >> $koel_nginx_site
438 452
     function_check nginx_limits
439 453
     nginx_limits $KOEL_DOMAIN_NAME '15m'
440
-    echo '    try_files $uri $uri/ @koel;' >> $koel_nginx_site
454
+    echo '    try_files   $uri $uri/ /index.php?$args;' >> $koel_nginx_site
441 455
     echo '  }' >> $koel_nginx_site
442 456
     echo '' >> $koel_nginx_site
443
-    echo '  # Fancy URLs' >> $koel_nginx_site
444
-    echo '  location @koel {' >> $koel_nginx_site
445
-    echo '    rewrite ^(.*)$ /index.php?p=$1 last;' >> $koel_nginx_site
446
-    echo '  }' >> $koel_nginx_site
457
+    echo '  location ~ \.php$ {' >> $koel_nginx_site
458
+    echo '    try_files $uri $uri/ /index.php?$args;' >> $koel_nginx_site
459
+    echo '' >> $koel_nginx_site
460
+    echo '    fastcgi_param     PATH_INFO $fastcgi_path_info;' >> $koel_nginx_site
461
+    echo '    fastcgi_param     PATH_TRANSLATED $document_root$fastcgi_path_info;' >> $koel_nginx_site
462
+    echo '    fastcgi_param     SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> $koel_nginx_site
447 463
     echo '' >> $koel_nginx_site
448
-    echo '  # Restrict access that is unnecessary anyway' >> $koel_nginx_site
449
-    echo '  location ~ /\.(ht|git) {' >> $koel_nginx_site
450
-    echo '    deny all;' >> $koel_nginx_site
464
+    echo "    fastcgi_pass              127.0.0.1:$KOEL_PORT;" >> $koel_nginx_site
465
+    echo '    fastcgi_index             index.php;' >> $koel_nginx_site
466
+    echo '    fastcgi_split_path_info   ^(.+\.php)(/.+)$;' >> $koel_nginx_site
467
+    echo '    fastcgi_intercept_errors  on;' >> $koel_nginx_site
468
+    echo '    include                   fastcgi_params;' >> $koel_nginx_site
451 469
     echo '  }' >> $koel_nginx_site
452 470
     echo '' >> $koel_nginx_site
453 471
     echo '}' >> $koel_nginx_site
@@ -520,7 +538,7 @@ function install_koel {
520 538
     sed -i "s/DB_PASSWORD=secret/DB_PASSWORD=$MARIADB_PASSWORD/g" .env
521 539
 
522 540
     php artisan koel:init
523
-    php artisan serve
541
+    php artisan serve --port=$KOEL_PORT
524 542
 
525 543
     chown -R www-data:www-data /var/www/$KOEL_DOMAIN_NAME/htdocs
526 544
     systemctl restart nginx