cleanups
This commit is contained in:
Mateusz Gruszczyński
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
@@ -21,11 +21,4 @@ location ~* \.(?:svgz?|ttf|ttc|otf|eot|woff2?)$ {
|
||||
add_header Access-Control-Allow-Origin "*";
|
||||
expires 7d;
|
||||
access_log off;
|
||||
}
|
||||
|
||||
# gzip
|
||||
gzip on;
|
||||
gzip_vary on;
|
||||
gzip_proxied any;
|
||||
gzip_comp_level 6;
|
||||
gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;
|
||||
}
|
||||
@@ -1,10 +1,10 @@
|
||||
add_header X-Frame-Options SAMEORIGIN;
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
add_header X-XSS-Protection "1; mode=block";
|
||||
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
|
||||
add_header Content-Security-Policy "default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline';" always;
|
||||
add_header Referrer-Policy "origin";
|
||||
add_header Permissions-Policy "autoplay=(), encrypted-media=(), fullscreen=(), geolocation=(), microphone=(), midi=()";
|
||||
add_header Cross-Origin-Embedder-Policy "unsafe-none; report-to=default";
|
||||
add_header Cross-Origin-Opener-Policy "unsafe-none; report-to=default";
|
||||
add_header Cross-Origin-Resource-Policy "cross-origin";
|
||||
add_header X-Frame-Options SAMEORIGIN;
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
add_header X-XSS-Protection "1; mode=block";
|
||||
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
|
||||
add_header Content-Security-Policy "default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline';" always;
|
||||
add_header Referrer-Policy "origin";
|
||||
add_header Permissions-Policy "autoplay=(), encrypted-media=(), fullscreen=(), geolocation=(), microphone=(), midi=()";
|
||||
add_header Cross-Origin-Embedder-Policy "unsafe-none; report-to=default";
|
||||
add_header Cross-Origin-Opener-Policy "unsafe-none; report-to=default";
|
||||
add_header Cross-Origin-Resource-Policy "cross-origin";
|
||||
|
||||
@@ -1,12 +1,5 @@
|
||||
# Hotlinking dla obrazków/CSS/JS z wp-content
|
||||
location ~* ^/wp-content/.*\.(?:png|jpe?g|gif|webp|svg|ico|css|js)$ {
|
||||
|
||||
# Jeśli chcesz wpuszczać wejścia bez Referera – zostaw 'none'.
|
||||
# Jeśli chcesz je blokować – usuń 'none'.
|
||||
valid_referers none blocked server_names *.blog.linuxiarz.pl *.linuxiarz.pl;
|
||||
|
||||
if ($invalid_referer) { return 403; }
|
||||
|
||||
# normalne serwowanie
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
|
||||
@@ -1,16 +0,0 @@
|
||||
# 404
|
||||
try_files $fastcgi_script_name =404;
|
||||
|
||||
# default fastcgi_params
|
||||
include fastcgi_params;
|
||||
|
||||
# fastcgi settings
|
||||
fastcgi_pass unix:/run/php/php5.6-fpm.sock;
|
||||
fastcgi_index index.php;
|
||||
fastcgi_buffers 8 16k;
|
||||
fastcgi_buffer_size 32k;
|
||||
|
||||
# fastcgi params
|
||||
fastcgi_param DOCUMENT_ROOT $realpath_root;
|
||||
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
|
||||
fastcgi_param PHP_ADMIN_VALUE "open_basedir=$base/:/usr/lib/php/:/tmp/";
|
||||
@@ -1,7 +1,5 @@
|
||||
# Split PATH_INFO dla static.php i innych
|
||||
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
|
||||
|
||||
# WAŻNE: Przypisz do zmiennej PRZED try_files
|
||||
set $path_info $fastcgi_path_info;
|
||||
|
||||
# 404
|
||||
|
||||
@@ -1,18 +1,5 @@
|
||||
# security headers
|
||||
#add_header X-Frame-Options "SAMEORIGIN" always;
|
||||
#add_header X-XSS-Protection "1; mode=block" always;
|
||||
#add_header X-Content-Type-Options "nosniff" always;
|
||||
#add_header Referrer-Policy "no-referrer-when-downgrade" always;
|
||||
|
||||
add_header Strict-Transport-Security "max-age=31536000" always;
|
||||
|
||||
#add_header Content-Security-Policy "default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline';" always;
|
||||
#add_header Referrer-Policy "no-referrer-when-downgrade" always;
|
||||
#add_header Permissions-Policy "autoplay=(), encrypted-media=(), fullscreen=(), geolocation=(), microphone=(), midi=()" always;
|
||||
#add_header Cross-Origin-Embedder-Policy "unsafe-none; report-to=default" always;
|
||||
#add_header Cross-Origin-Opener-Policy "unsafe-none; report-to=default" always;
|
||||
#add_header Cross-Origin-Resource-Policy "cross-origin" always;
|
||||
|
||||
|
||||
# . files
|
||||
location ~ /\.(?!well-known) {
|
||||
deny all;
|
||||
|
||||
35
config/upstreams.conf
Normal file
35
config/upstreams.conf
Normal file
@@ -0,0 +1,35 @@
|
||||
upstream varnish {
|
||||
zone varnish 1m;
|
||||
server 127.0.0.1:6081;
|
||||
keepalive 16;
|
||||
}
|
||||
|
||||
upstream gitea {
|
||||
zone gitea 1m;
|
||||
server 127.0.0.1:3000;
|
||||
keepalive 16;
|
||||
}
|
||||
|
||||
upstream adphone_app {
|
||||
zone adphone_app 1m;
|
||||
server 127.0.0.1:8001;
|
||||
keepalive 16;
|
||||
}
|
||||
|
||||
upstream doh {
|
||||
zone doh 1m;
|
||||
server 127.0.0.1:8844;
|
||||
keepalive 16;
|
||||
}
|
||||
|
||||
upstream linuxiarz_app {
|
||||
zone linuxiarz_app 1m;
|
||||
server 127.0.0.1:8000;
|
||||
keepalive 16;
|
||||
}
|
||||
|
||||
upstream redirector_app {
|
||||
zone redirector_app 1m;
|
||||
server 127.0.0.1:8282;
|
||||
keepalive 16;
|
||||
}
|
||||
Reference in New Issue
Block a user