SimonSimCity · December 15, 2015 19:18
diff --git a/localhost b/localhost
 server {
    server_name localhost linos;

 	root /srv/http/$host/www;
 	index index.php index.html index.htm;

 	access_log /srv/http/$host/log/nginx.access.log;
 	error_log /srv/http/localhost/log/nginx.error.log;

 	location / {
 		try_files $uri $uri/ =404;
 	}

 	location ~ ^.+\.php {
 		set $fpmkey localhost;
 		include global/php_inkl_pathinfo;
 	}

 	# deny access to .htaccess files, if Apache's document root
 	# concurs with nginx's one
 	#
 	location ~ /\.ht {
 		deny all;
 	}
 }
diff --git a/php b/php
 # Zero-day exploit defense.
 # http://forum.nginx.org/read.php?2,88845,page=3
 # Won't work properly (404 error) if the file is not stored on this server, which is entirely possible with php-fpm/php-fcgi.
 # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on another machine.  And then cross your fingers that you won't get hacked.
 try_files $uri =404;

 include fastcgi_params;
 fastcgi_pass unix:/var/run/php5-fpm.$fpmkey.sock;
diff --git a/php_inkl_pathinfo b/php_inkl_pathinfo
 fastcgi_split_path_info ^(.+\.php)(/.+)$;
 # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini

 include fastcgi_params;

 # Override settings according to pathinfo
 fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
 fastcgi_param PATH_INFO $fastcgi_path_info;
 fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;

 # Zero-day exploit defense.
 # http://forum.nginx.org/read.php?2,88845,page=3
 # Deny execution of the script if it does not end with .php
 if ( $fastcgi_script_name !~* .php ) {
    return 403;
 }

 fastcgi_pass unix:/var/run/php5-fpm.$fpmkey.sock;
	server {
	server_name localhost linos;

	root /srv/http/$host/www;
	index index.php index.html index.htm;

	access_log /srv/http/$host/log/nginx.access.log;
	error_log /srv/http/localhost/log/nginx.error.log;

	location / {
	try_files $uri $uri/ =404;
	}

	location ~ ^.+\.php {
	set $fpmkey localhost;
	include global/php_inkl_pathinfo;
	}

	# deny access to .htaccess files, if Apache's document root
	# concurs with nginx's one
	#
	location ~ /\.ht {
	deny all;
	}
	}
	# Zero-day exploit defense.
	# http://forum.nginx.org/read.php?2,88845,page=3
	# Won't work properly (404 error) if the file is not stored on this server, which is entirely possible with php-fpm/php-fcgi.
	# Comment the 'try_files' line out if you set up php-fpm/php-fcgi on another machine. And then cross your fingers that you won't get hacked.
	try_files $uri =404;

	include fastcgi_params;
	fastcgi_pass unix:/var/run/php5-fpm.$fpmkey.sock;
	fastcgi_split_path_info ^(.+\.php)(/.+)$;
	# NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini

	include fastcgi_params;

	# Override settings according to pathinfo
	fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
	fastcgi_param PATH_INFO $fastcgi_path_info;
	fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;

	# Zero-day exploit defense.
	# http://forum.nginx.org/read.php?2,88845,page=3
	# Deny execution of the script if it does not end with .php
	if ( $fastcgi_script_name !~* .php ) {
	return 403;
	}

	fastcgi_pass unix:/var/run/php5-fpm.$fpmkey.sock;