|
|
@@ -37,6 +37,7 @@ SHOW_ON_ABOUT=1
|
|
37
|
37
|
KOEL_DOMAIN_NAME=
|
|
38
|
38
|
KOEL_CODE=
|
|
39
|
39
|
KOEL_ONION_PORT=8118
|
|
|
40
|
+KOEL_PORT=9000
|
|
40
|
41
|
KOEL_REPO="https://github.com/phanan/koel"
|
|
41
|
42
|
KOEL_COMMIT='70464a8977b1058f3bd0a4ec77877fe7894d8d84'
|
|
42
|
43
|
KOEL_ADMIN_PASSWORD=
|
|
|
@@ -380,27 +381,37 @@ function install_koel_main {
|
|
380
|
381
|
echo ' # Index' >> $koel_nginx_site
|
|
381
|
382
|
echo ' index index.php;' >> $koel_nginx_site
|
|
382
|
383
|
echo '' >> $koel_nginx_site
|
|
383
|
|
- echo ' # PHP' >> $koel_nginx_site
|
|
384
|
|
- echo ' location ~ \.php {' >> $koel_nginx_site
|
|
385
|
|
- echo ' include snippets/fastcgi-php.conf;' >> $koel_nginx_site
|
|
386
|
|
- echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> $koel_nginx_site
|
|
|
384
|
+ echo ' # Whitelist only index.php, robots.txt, and those start with public/ or api/' >> $koel_nginx_site
|
|
|
385
|
+ echo ' if ($request_uri !~ ^/$|index\.php|robots\.txt|api/|public/) {' >> $koel_nginx_site
|
|
|
386
|
+ echo ' return 404;' >> $koel_nginx_site
|
|
|
387
|
+ echo ' }' >> $koel_nginx_site
|
|
|
388
|
+ echo '' >> $koel_nginx_site
|
|
|
389
|
+ echo ' location /media/ {' >> $koel_nginx_site
|
|
|
390
|
+ echo ' internal;' >> $koel_nginx_site
|
|
|
391
|
+ echo '' >> $koel_nginx_site
|
|
|
392
|
+ echo ' # A X-Media-Root should be set to media_path settings from upstream' >> $koel_nginx_site
|
|
|
393
|
+ echo ' alias $upstream_http_x_media_root;' >> $koel_nginx_site
|
|
|
394
|
+ echo '' >> $koel_nginx_site
|
|
387
|
395
|
echo ' }' >> $koel_nginx_site
|
|
388
|
396
|
echo '' >> $koel_nginx_site
|
|
389
|
|
- echo ' # Location' >> $koel_nginx_site
|
|
390
|
397
|
echo ' location / {' >> $koel_nginx_site
|
|
391
|
398
|
function_check nginx_limits
|
|
392
|
399
|
nginx_limits $KOEL_DOMAIN_NAME '15m'
|
|
393
|
|
- echo ' try_files $uri $uri/ @koel;' >> $koel_nginx_site
|
|
|
400
|
+ echo ' try_files $uri $uri/ /index.php?$args;' >> $koel_nginx_site
|
|
394
|
401
|
echo ' }' >> $koel_nginx_site
|
|
395
|
402
|
echo '' >> $koel_nginx_site
|
|
396
|
|
- echo ' # Fancy URLs' >> $koel_nginx_site
|
|
397
|
|
- echo ' location @koel {' >> $koel_nginx_site
|
|
398
|
|
- echo ' rewrite ^(.*)$ /index.php?p=$1 last;' >> $koel_nginx_site
|
|
399
|
|
- echo ' }' >> $koel_nginx_site
|
|
|
403
|
+ echo ' location ~ \.php$ {' >> $koel_nginx_site
|
|
|
404
|
+ echo ' try_files $uri $uri/ /index.php?$args;' >> $koel_nginx_site
|
|
|
405
|
+ echo '' >> $koel_nginx_site
|
|
|
406
|
+ echo ' fastcgi_param PATH_INFO $fastcgi_path_info;' >> $koel_nginx_site
|
|
|
407
|
+ echo ' fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;' >> $koel_nginx_site
|
|
|
408
|
+ echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> $koel_nginx_site
|
|
400
|
409
|
echo '' >> $koel_nginx_site
|
|
401
|
|
- echo ' # Restrict access that is unnecessary anyway' >> $koel_nginx_site
|
|
402
|
|
- echo ' location ~ /\.(ht|git) {' >> $koel_nginx_site
|
|
403
|
|
- echo ' deny all;' >> $koel_nginx_site
|
|
|
410
|
+ echo " fastcgi_pass 127.0.0.1:$KOEL_PORT;" >> $koel_nginx_site
|
|
|
411
|
+ echo ' fastcgi_index index.php;' >> $koel_nginx_site
|
|
|
412
|
+ echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> $koel_nginx_site
|
|
|
413
|
+ echo ' fastcgi_intercept_errors on;' >> $koel_nginx_site
|
|
|
414
|
+ echo ' include fastcgi_params;' >> $koel_nginx_site
|
|
404
|
415
|
echo ' }' >> $koel_nginx_site
|
|
405
|
416
|
echo '' >> $koel_nginx_site
|
|
406
|
417
|
echo '}' >> $koel_nginx_site
|
|
|
@@ -414,9 +425,6 @@ function install_koel_main {
|
|
414
|
425
|
function_check nginx_compress
|
|
415
|
426
|
nginx_compress $KOEL_DOMAIN_NAME
|
|
416
|
427
|
echo '' >> $koel_nginx_site
|
|
417
|
|
- function_check nginx_disable_sniffing
|
|
418
|
|
- nginx_disable_sniffing $KOEL_DOMAIN_NAME
|
|
419
|
|
- echo '' >> $koel_nginx_site
|
|
420
|
428
|
echo ' # Logs' >> $koel_nginx_site
|
|
421
|
429
|
echo ' access_log /dev/null;' >> $koel_nginx_site
|
|
422
|
430
|
echo ' error_log /dev/null;' >> $koel_nginx_site
|
|
|
@@ -427,27 +435,37 @@ function install_koel_main {
|
|
427
|
435
|
echo ' # Index' >> $koel_nginx_site
|
|
428
|
436
|
echo ' index index.php;' >> $koel_nginx_site
|
|
429
|
437
|
echo '' >> $koel_nginx_site
|
|
430
|
|
- echo ' # PHP' >> $koel_nginx_site
|
|
431
|
|
- echo ' location ~ \.php {' >> $koel_nginx_site
|
|
432
|
|
- echo ' include snippets/fastcgi-php.conf;' >> $koel_nginx_site
|
|
433
|
|
- echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> $koel_nginx_site
|
|
|
438
|
+ echo ' # Whitelist only index.php, robots.txt, and those start with public/ or api/' >> $koel_nginx_site
|
|
|
439
|
+ echo ' if ($request_uri !~ ^/$|index\.php|robots\.txt|api/|public/) {' >> $koel_nginx_site
|
|
|
440
|
+ echo ' return 404;' >> $koel_nginx_site
|
|
|
441
|
+ echo ' }' >> $koel_nginx_site
|
|
|
442
|
+ echo '' >> $koel_nginx_site
|
|
|
443
|
+ echo ' location /media/ {' >> $koel_nginx_site
|
|
|
444
|
+ echo ' internal;' >> $koel_nginx_site
|
|
|
445
|
+ echo '' >> $koel_nginx_site
|
|
|
446
|
+ echo ' # A X-Media-Root should be set to media_path settings from upstream' >> $koel_nginx_site
|
|
|
447
|
+ echo ' alias $upstream_http_x_media_root;' >> $koel_nginx_site
|
|
|
448
|
+ echo '' >> $koel_nginx_site
|
|
434
|
449
|
echo ' }' >> $koel_nginx_site
|
|
435
|
450
|
echo '' >> $koel_nginx_site
|
|
436
|
|
- echo ' # Location' >> $koel_nginx_site
|
|
437
|
451
|
echo ' location / {' >> $koel_nginx_site
|
|
438
|
452
|
function_check nginx_limits
|
|
439
|
453
|
nginx_limits $KOEL_DOMAIN_NAME '15m'
|
|
440
|
|
- echo ' try_files $uri $uri/ @koel;' >> $koel_nginx_site
|
|
|
454
|
+ echo ' try_files $uri $uri/ /index.php?$args;' >> $koel_nginx_site
|
|
441
|
455
|
echo ' }' >> $koel_nginx_site
|
|
442
|
456
|
echo '' >> $koel_nginx_site
|
|
443
|
|
- echo ' # Fancy URLs' >> $koel_nginx_site
|
|
444
|
|
- echo ' location @koel {' >> $koel_nginx_site
|
|
445
|
|
- echo ' rewrite ^(.*)$ /index.php?p=$1 last;' >> $koel_nginx_site
|
|
446
|
|
- echo ' }' >> $koel_nginx_site
|
|
|
457
|
+ echo ' location ~ \.php$ {' >> $koel_nginx_site
|
|
|
458
|
+ echo ' try_files $uri $uri/ /index.php?$args;' >> $koel_nginx_site
|
|
|
459
|
+ echo '' >> $koel_nginx_site
|
|
|
460
|
+ echo ' fastcgi_param PATH_INFO $fastcgi_path_info;' >> $koel_nginx_site
|
|
|
461
|
+ echo ' fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;' >> $koel_nginx_site
|
|
|
462
|
+ echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> $koel_nginx_site
|
|
447
|
463
|
echo '' >> $koel_nginx_site
|
|
448
|
|
- echo ' # Restrict access that is unnecessary anyway' >> $koel_nginx_site
|
|
449
|
|
- echo ' location ~ /\.(ht|git) {' >> $koel_nginx_site
|
|
450
|
|
- echo ' deny all;' >> $koel_nginx_site
|
|
|
464
|
+ echo " fastcgi_pass 127.0.0.1:$KOEL_PORT;" >> $koel_nginx_site
|
|
|
465
|
+ echo ' fastcgi_index index.php;' >> $koel_nginx_site
|
|
|
466
|
+ echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> $koel_nginx_site
|
|
|
467
|
+ echo ' fastcgi_intercept_errors on;' >> $koel_nginx_site
|
|
|
468
|
+ echo ' include fastcgi_params;' >> $koel_nginx_site
|
|
451
|
469
|
echo ' }' >> $koel_nginx_site
|
|
452
|
470
|
echo '' >> $koel_nginx_site
|
|
453
|
471
|
echo '}' >> $koel_nginx_site
|
|
|
@@ -520,7 +538,7 @@ function install_koel {
|
|
520
|
538
|
sed -i "s/DB_PASSWORD=secret/DB_PASSWORD=$MARIADB_PASSWORD/g" .env
|
|
521
|
539
|
|
|
522
|
540
|
php artisan koel:init
|
|
523
|
|
- php artisan serve
|
|
|
541
|
+ php artisan serve --port=$KOEL_PORT
|
|
524
|
542
|
|
|
525
|
543
|
chown -R www-data:www-data /var/www/$KOEL_DOMAIN_NAME/htdocs
|
|
526
|
544
|
systemctl restart nginx
|
Bob Mottram
8 年之前