justb3a · February 6, 2018 14:14
diff --git a/nginx conf b/nginx conf
 # redirects

 server {
  listen 80; # 443
  
  # ssl

  root /xxx/public;
  server_name domain.org;

  client_max_body_size 100m;

  # logs
  error_log /xxx/log/error.log;
  access_log /xxx/log/access;

  index index.php index.html index.htm;

  include conf.d/processwire.conf;
  # include conf.d/typo3.conf
 }
diff --git a/nginx conf processwire b/nginx conf processwire
 # -----------------------------------------------------------------------------------------------
 # ProcessWire
 # -----------------------------------------------------------------------------------------------
 # Block access to ProcessWire system files
 location ~ \.(inc|info|module|sh|sql)$ {
  deny all;
 }

 # Block access to any file or directory that begins with a period
 location ~ /\. {
  deny all;
 }

 # Block access to protected assets directories
 location ~ ^/(site|site-[^/]+)/assets/(cache|logs|backups|sessions|config|install|tmp)($|/.*$) {
  deny all;
 }

 # Block acceess to the /site/install/ directory
 location ~ ^/(site|site-[^/]+)/install($|/.*$) {
  deny all;
 }

 # Block dirs in /site/assets/ dirs that start with a hyphen
 location ~ ^/(site|site-[^/]+)/assets.*/-.+/.* {
  deny all;
 }

 # Block access to /wire/config.php, /site/config.php, /site/config-dev.php, and /wire/index.config.php
 location ~ ^/(wire|site|site-[^/]+)/(config|index\.config|config-dev)\.php$ {
  deny all;
 }

 # Block access to any PHP-based files in /templates-admin/
 location ~ ^/(wire|site|site-[^/]+)/templates-admin($|/|/.*\.(php|html?|tpl|inc))$ {
  deny all;
 }

 # Block access to any PHP or markup files in /site/templates/
 location ~ ^/(site|site-[^/]+)/templates($|/|/.*\.(php|html?|tpl|inc|twig))$ {
 deny all;
 }

 # Block access to any PHP files in /site/assets/
 location ~ ^/(site|site-[^/]+)/assets($|/|/.*\.php)$ {
  deny all;
 }

 # Block access to any PHP files in core or core module directories
 location ~ ^/wire/(core|modules)/.*\.(php|inc|tpl|module)$ {
  deny all;
 }

 # Block access to any PHP files in /site/modules/
 location ~ ^/(site|site-[^/]+)/modules/.*\.(php|inc|tpl|module)$ {
  deny all;
 }

 # Block access to any software identifying txt files
 location ~ ^/(COPYRIGHT|INSTALL|README|htaccess)\.(txt|md)$ {
  deny all;
 }

 # Block all http access to the default/uninstalled site-default directory
 location ~ ^/site-default/ {
  deny all;
 }

 # If the request is for a static file, then set expires header and disable logging.
 # Give control to ProcessWire if the requested file or directory is non-existing.
 location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|eot|woff|ttf)$ {
  expires 24h;
  log_not_found off;
  access_log off;
  try_files $uri $uri/ /index.php?it=$uri&$args;

  types {
    text/html html;
    text/javascript js;
    text/css css;
    image/gif gif;
    image/jpeg jpg;
    image/png png;
    image/svg+xml svg;
  }
 }

 # This location processes all other requests. If the request is for a file or directory that
 # physically exists on the server, then load the file. Else give control to ProcessWire.
 location / {
  try_files $uri $uri/ /index.php?it=$uri&$args;
 }

 # Cache everything by default
 set $no_cache 0;

 # Don't cache POST requests
 if ($request_method = POST) {
  set $no_cache 1;
 }

 # Don't cache if the URL contains a query string
 if ($query_string != "") {
  set $no_cache 1;
 }

 # Don't cache the following URLs
 if ($request_uri ~* "/(jos/|login.php)") {
  set $no_cache 1;
 }

 # Don't cache if there is a cookie called PHPSESSID
 if ($http_cookie = "PHPSESSID") {
  set $no_cache 1;
 }

 # Pass .php requests to fastcgi socket
 location ~ \.php$ {

  # Check if the requested PHP file actually exists for security
  try_files $uri =404;

  # Fix for server variables that behave differently under nginx/php-fpm than typically expected
  fastcgi_split_path_info ^(.+\.php)(/.+)$;

  # Set environment variables
  include fastcgi_params;
  fastcgi_param PATH_INFO $fastcgi_path_info;
  fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

  # Pass request to php-fpm fastcgi socket
  fastcgi_pass 127.0.0.1:9000;

  fastcgi_buffers 32 32k;
  fastcgi_buffer_size 128k;
  fastcgi_busy_buffers_size 256k;
  fastcgi_temp_file_write_size 256k;

  fastcgi_index index.php;
 }
	# redirects

	server {
	listen 80; # 443

	# ssl

	root /xxx/public;
	server_name domain.org;

	client_max_body_size 100m;

	# logs
	error_log /xxx/log/error.log;
	access_log /xxx/log/access;

	index index.php index.html index.htm;

	include conf.d/processwire.conf;
	# include conf.d/typo3.conf
	}
	# -----------------------------------------------------------------------------------------------
	# ProcessWire
	# -----------------------------------------------------------------------------------------------
	# Block access to ProcessWire system files
	location ~ \.(inc\|info\|module\|sh\|sql)$ {
	deny all;
	}

	# Block access to any file or directory that begins with a period
	location ~ /\. {
	deny all;
	}

	# Block access to protected assets directories
	location ~ ^/(site\|site-[^/]+)/assets/(cache\|logs\|backups\|sessions\|config\|install\|tmp)($\|/.*$) {
	deny all;
	}

	# Block acceess to the /site/install/ directory
	location ~ ^/(site\|site-[^/]+)/install($\|/.*$) {
	deny all;
	}

	# Block dirs in /site/assets/ dirs that start with a hyphen
	location ~ ^/(site\|site-[^/]+)/assets./-.+/. {
	deny all;
	}

	# Block access to /wire/config.php, /site/config.php, /site/config-dev.php, and /wire/index.config.php
	location ~ ^/(wire\|site\|site-[^/]+)/(config\|index\.config\|config-dev)\.php$ {
	deny all;
	}

	# Block access to any PHP-based files in /templates-admin/
	location ~ ^/(wire\|site\|site-[^/]+)/templates-admin($\|/\|/.*\.(php\|html?\|tpl\|inc))$ {
	deny all;
	}

	# Block access to any PHP or markup files in /site/templates/
	location ~ ^/(site\|site-[^/]+)/templates($\|/\|/.*\.(php\|html?\|tpl\|inc\|twig))$ {
	deny all;
	}

	# Block access to any PHP files in /site/assets/
	location ~ ^/(site\|site-[^/]+)/assets($\|/\|/.*\.php)$ {
	deny all;
	}

	# Block access to any PHP files in core or core module directories
	location ~ ^/wire/(core\|modules)/.*\.(php\|inc\|tpl\|module)$ {
	deny all;
	}

	# Block access to any PHP files in /site/modules/
	location ~ ^/(site\|site-[^/]+)/modules/.*\.(php\|inc\|tpl\|module)$ {
	deny all;
	}

	# Block access to any software identifying txt files
	location ~ ^/(COPYRIGHT\|INSTALL\|README\|htaccess)\.(txt\|md)$ {
	deny all;
	}

	# Block all http access to the default/uninstalled site-default directory
	location ~ ^/site-default/ {
	deny all;
	}

	# If the request is for a static file, then set expires header and disable logging.
	# Give control to ProcessWire if the requested file or directory is non-existing.
	location ~* \.(js\|css\|png\|jpg\|jpeg\|gif\|ico\|svg\|eot\|woff\|ttf)$ {
	expires 24h;
	log_not_found off;
	access_log off;
	try_files $uri $uri/ /index.php?it=$uri&$args;

	types {
	text/html html;
	text/javascript js;
	text/css css;
	image/gif gif;
	image/jpeg jpg;
	image/png png;
	image/svg+xml svg;
	}
	}

	# This location processes all other requests. If the request is for a file or directory that
	# physically exists on the server, then load the file. Else give control to ProcessWire.
	location / {
	try_files $uri $uri/ /index.php?it=$uri&$args;
	}

	# Cache everything by default
	set $no_cache 0;

	# Don't cache POST requests
	if ($request_method = POST) {
	set $no_cache 1;
	}

	# Don't cache if the URL contains a query string
	if ($query_string != "") {
	set $no_cache 1;
	}

	# Don't cache the following URLs
	if ($request_uri ~* "/(jos/\|login.php)") {
	set $no_cache 1;
	}

	# Don't cache if there is a cookie called PHPSESSID
	if ($http_cookie = "PHPSESSID") {
	set $no_cache 1;
	}

	# Pass .php requests to fastcgi socket
	location ~ \.php$ {

	# Check if the requested PHP file actually exists for security
	try_files $uri =404;

	# Fix for server variables that behave differently under nginx/php-fpm than typically expected
	fastcgi_split_path_info ^(.+\.php)(/.+)$;

	# Set environment variables
	include fastcgi_params;
	fastcgi_param PATH_INFO $fastcgi_path_info;
	fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

	# Pass request to php-fpm fastcgi socket
	fastcgi_pass 127.0.0.1:9000;

	fastcgi_buffers 32 32k;
	fastcgi_buffer_size 128k;
	fastcgi_busy_buffers_size 256k;
	fastcgi_temp_file_write_size 256k;

	fastcgi_index index.php;
	}