/ Register

Get the most out of your Centmin Mod LEMP stack
Become a Member

About new XenForo 2 friendly URLs

Discussion in 'Forum software usage' started by GamerJota, Mar 22, 2018.

Tags:
Previous Thread Next Thread
Loading...
  1. Mar 22, 2018 #1
    GamerJota

    GamerJota Member

    56
    7
    8
    Mar 1, 2016
    Chile
    Ratings:
    +18
    Local Time:
    8:26 AM
    Hey!

    So I just updated my .conf and I get an error whenever I try to add

    Code:
    location /src/ {
     internal;
}
    I get

    Code:
    [emerg] duplicate location "/src/" in /usr/local/nginx/conf/conf.d/example.conf:112
    I have no where else a "/src/" directive.

    Full censored example with "/src/" commented.
    Code:
    server {
  listen [::]:443 ssl http2;
  listen 443 ssl http2;
  server_name example.com www.example.com;

  include /usr/local/nginx/conf/ssl/example.com/example.com.crt.key.conf;
  include /usr/local/nginx/conf/ssl_include.conf;

  # cloudflare authenticated origin pull cert community.centminmod.com/threads/13847/
  ssl_client_certificate /usr/local/nginx/conf/ssl/cloudflare/example.com/origin.crt;
  ssl_verify_client on;
  http2_max_field_size 16k;
  http2_max_header_size 32k;
  # mozilla recommended
  ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES2$
  ssl_prefer_server_ciphers   on;

  # before enabling HSTS line below read centminmod.com/nginx_domain_dns_setup.html#hsts
  add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
  add_header X-Frame-Options SAMEORIGIN;
  add_header X-Xss-Protection "1; mode=block" always;
  add_header X-Content-Type-Options "nosniff" always;
  add_header Referrer-Policy "strict-origin-when-cross-origin";
  ssl_buffer_size 1369;
  ssl_session_tickets on;

  access_log /home/nginx/domains/example.com/log/access.log;
  error_log /home/nginx/domains/example.com/log/error.log;

  include /usr/local/nginx/conf/autoprotect/example.com/autoprotect-example.com.conf;
  root /home/nginx/domains/example.com/public;
  # uncomment cloudflare.conf include if using cloudflare for
  # server and/or vhost site
  include /usr/local/nginx/conf/cloudflare.conf;
  include /usr/local/nginx/conf/503include-main.conf;

  location / {
  include /usr/local/nginx/conf/503include-only.conf;

# block common exploits, sql injections etc
include /usr/local/nginx/conf/block.conf;

  # XenForo 2 SEO  friendly URLs
  index index.php index.html index.htm;
  try_files $uri $uri/ /index.php?$uri&$args;

  }

  location /internal_data/ {
  internal;
  }

  location /library/ {
  internal;
  }

  location /install/ {
  auth_basic "Private";
  auth_basic_user_file /usr/local/nginx/conf/htpasswd_admin_php;
  include /usr/local/nginx/conf/php.conf;
  allow 127.0.0.1;
  allow x.x.x.x;
  deny all;
  }

  location /install/data/ {
       internal;
  }

  location /install/templates/ {
       internal;
  }

  #location /src/ {
  #     internal;
  #}

  location /mftp/ {
  auth_basic "Private";
  auth_basic_user_file /usr/local/nginx/conf/htpasswd_admin_php;
  include /usr/local/nginx/conf/php.conf;
  allow 127.0.0.1;
  allow x.x.x.x;
  deny all;
  }

  include /usr/local/nginx/conf/pre-staticfiles-local-example.com.conf;
  include /usr/local/nginx/conf/pre-staticfiles-global.conf;
  include /usr/local/nginx/conf/staticfiles.conf;
  include /usr/local/nginx/conf/php.conf;

  include /usr/local/nginx/conf/drop.conf;
  #include /usr/local/nginx/conf/errorpage.conf;
  include /usr/local/nginx/conf/vts_server.conf;
}
    I have no idea what could it be.
     
  2. Mar 22, 2018 #2
    GamerJota

    GamerJota Member

    56
    7
    8
    Mar 1, 2016
    Chile
    Ratings:
    +18
    Local Time:
    8:26 AM
    Nevermind I found it, autoprotect was adding the following

    Code:
    location /src/ {
  location ~ ^/src/(.+/)?(.+)\.(js)$ { allow all; expires 30d; }
  location ~ ^/src/(.+/)?(.+)\.(css)$ { allow all; expires 30d; }
  location ~ ^/src/(.+/)?(.+)\.(gif|jpe?g|png|webp|eot|svg|ttf|woff|woff)$ { allow all; expires 30d; }
  location ~ ^/src/(.+/)?(.+)\.(php|cgi|pl|php3|php4|php5|php6|phtml|shtml)$ { allow 127.0.0.1; deny all; }
}
     
  3. Mar 22, 2018 #3
    eva2000

    eva2000 Administrator Staff Member

    43,417
    9,856
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,223
    Local Time:
    9:26 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    yes if you re-run /usr/local/src/centminmod/tools/autoprotect.sh on latest 123.09beta01 it should skip auto adding /src location context
     
    • Informative Informative x 1
  4. Mar 22, 2018 #4
    Sunka

    Sunka Well-Known Member

    1,126
    311
    83
    Oct 31, 2015
    Pula, Croatia
    Ratings:
    +504
    Local Time:
    1:26 PM
    Nginx 1.17.9
    MariaDB 10.3.22
    @eva2000, I am little confused.

    I install centminod about 2 years ago.
    On very first week I make xenforo friendly urls code in my domain.com.ssl.conf

    That part looks:
    Code:
    location / {
        index index.php index.html index.htm;
        try_files $uri $uri/ /index.php?$uri&$args;
       include /usr/local/nginx/conf/blockbots.conf;
    }

location /internal_data/ {
        internal;
        allow 127.0.0.1;
        allow xxxxxxxxx;
        deny all;
    }
 
    location /library/ {
        internal;
        allow 127.0.0.1;
        allow xxxxxxxxx;
        deny all;
    }
 
  # prevent access to ./directories and files
        location ~ (?:^|/)\. {
   deny all;
        }
    Now, I need to add for new XF2 version location for src.
    And also, I see that there is two new locations (I do not know when you add it into manual)??
    • /install/templates/
    • /install/data/

    But OK. I add all three into my domain.com.ssl.conf.
    I restart nginx, ran cli command nginx -v and all is OK.
    This is now new version for xf2 friendly urls.


    Code:
    location / {
        index index.php index.html index.htm;
        try_files $uri $uri/ /index.php?$uri&$args;
       include /usr/local/nginx/conf/blockbots.conf;
    }

location /internal_data/ {
        internal;
        allow 127.0.0.1;
        allow xxxxxxxxx;
        deny all;
    }
 
    location /library/ {
        internal;
        allow 127.0.0.1;
        allow xxxxxxxxx;
        deny all;
    }
 
    location /install/data/ {
        internal;
        allow 127.0.0.1;
        allow xxxxxxxxx;
        deny all;
    }
 
      location /install/templates/ {
        internal;
        allow 127.0.0.1;
        allow xxxxxxxxx;
        deny all;
    }
 
      location /src/ {
        internal;
        allow 127.0.0.1;
        allow xxxxxxxxx;
        deny all;
    }

  # prevent access to ./directories and files
        location ~ (?:^|/)\. {
   deny all;
        }
    BUT, regarding autoprotect script...
    After I restart nginx, I can see that /src/ is added to that file.
    I really do not know is that have to be that way, or should I remove that /src/ part?
    Or that should be there and should be in that way?

    Code:
    # Xenforo bypass /home/nginx/domains/pijanitvor.com/public/install/data

# Xenforo bypass /home/nginx/domains/pijanitvor.com/public/install/templates

# Xenforo bypass /home/nginx/domains/pijanitvor.com/public/library

# location /library/ {
#   internal;
#   allow 127.0.0.1;
#   deny all;
# }

# /home/nginx/domains/pijanitvor.com/public/data/Siropu/invoices
location ~* ^/data/Siropu/invoices/ { allow 127.0.0.1; deny all; }
# /home/nginx/domains/pijanitvor.com/public/data/siropu/am/invoice
location ~* ^/data/siropu/am/invoice/ { allow 127.0.0.1; deny all; }
# https://community.centminmod.com/posts/35394/
# /home/nginx/domains/pijanitvor.com/public/src

location /src/ {
  location ~ ^/src/(.+/)?(.+)\.(js)$ { allow all; expires 30d; }
  location ~ ^/src/(.+/)?(.+)\.(css)$ { allow all; expires 30d; }
  location ~ ^/src/(.+/)?(.+)\.(gif|jpe?g|png|webp|eot|svg|ttf|woff|woff)$ { allow all; expires 30d; }
  location ~ ^/src/(.+/)?(.+)\.(php|cgi|pl|php3|php4|php5|php6|phtml|shtml)$ { allow 127.0.0.1; deny all; }
}
     
  5. Mar 22, 2018 #5
    eva2000

    eva2000 Administrator Staff Member

    43,417
    9,856
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,223
    Local Time:
    9:26 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    xf2 vhost looks good @Sunka
    autoprotect.sh runs on a cronjob
    Code (Text):
    crontab -l
11 */23 * * * /usr/local/src/centminmod/tools/autoprotect.sh 2>/dev/null
0 */4 * * * /usr/bin/cminfo_updater 2>/dev/null

    so if you have latest 123.09beta01, you will have /usr/local/src/centminmod/tools/autoprotect.sh script which skips adding /src into autoprotect include file in your domain nginx vhost - well it should so if you manually re-run /usr/local/src/centminmod/tools/autoprotect.sh or wait till cronjob schedule runs, it should update your include file in nginx vhost

    if you disabled the autoprotect.sh cronjob then you wouldn't be able to auto update the include file in your nginx vhost.

    or just disable autoprotect.sh for /src directory - to manually bypass the directory from auto protection via a .autoprotect-bypass file - details below here and also on updated instructions on official site at Nginx Rewrites for Xenforo Friendly Urls - CentminMod.com LEMP Nginx web stack for CentOS

     
    • Like Like x 1
  6. Mar 22, 2018 #6
    Sunka

    Sunka Well-Known Member

    1,126
    311
    83
    Oct 31, 2015
    Pula, Croatia
    Ratings:
    +504
    Local Time:
    1:26 PM
    Nginx 1.17.9
    MariaDB 10.3.22
    Yes, I have it
    Code:
    # crontab -l
11 */23 * * * /usr/local/src/centminmod/tools/autoprotect.sh 2>/dev/null
0 */4 * * * /usr/bin/cminfo_updater 2>/dev/null
...
    also have it
    Code:
    [[email protected] tools]# ls -la
total 480
drwxr-xr-x  2 root root  4096 Mar 14 18:40 .
drwxr-xr-x 18 root root  4096 Mar 20 20:32 ..
-rwxr-xr-x  1 root root  2018 May  1  2017 addsudousers.sh
-rwxr-xr-x  1 root root 22574 Mar  7 03:43 auditd.sh
-rwxr-xr-x  1 root root  9283 Feb 22 20:30 autoprotect.sh
...
    I am still confused.
    I run manually script again, but it is same like before (after I add /src/ into domain.conf for xf2 friendly url).

    Is it OK that this is in my /usr/local/nginx/conf/autoprotect/pijanitvor.com/autoprotect-pijanitvor.com.conf file or not?

    Code:
    location /src/ {
  location ~ ^/src/(.+/)?(.+)\.(js)$ { allow all; expires 30d; }
  location ~ ^/src/(.+/)?(.+)\.(css)$ { allow all; expires 30d; }
  location ~ ^/src/(.+/)?(.+)\.(gif|jpe?g|png|webp|eot|svg|ttf|woff|woff)$ { allow all; expires 30d; }
  location ~ ^/src/(.+/)?(.+)\.(php|cgi|pl|php3|php4|php5|php6|phtml|shtml)$ { allow 127.0.0.1; deny all; }
}
    If, yes, OK
    If not, then I should comment it or delete it or something else?
     
  7. Mar 22, 2018 #7
    eva2000

    eva2000 Administrator Staff Member

    43,417
    9,856
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,223
    Local Time:
    9:26 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    it shouldn't still have /src in /usr/local/nginx/conf/autoprotect/pijanitvor.com/autoprotect-pijanitvor.com.conf

    you can use manual .autoprotect-bypass file placed /src directory and re-run /usr/local/src/centminmod/tools/autoprotect.sh to skip adding it

    to double check if /usr/local/src/centminmod/tools/autoprotect.sh is working can also run script in debug mode and post output to gist.github.com or pastebin.com
    Code (Text):
    bash -x /usr/local/src/centminmod/tools/autoprotect.sh
     
    • Like Like x 1
  8. Mar 22, 2018 #8
    Sunka

    Sunka Well-Known Member

    1,126
    311
    83
    Oct 31, 2015
    Pula, Croatia
    Ratings:
    +504
    Local Time:
    1:26 PM
    Nginx 1.17.9
    MariaDB 10.3.22
    So I have manually delete src part from file and than execute script again and see is it add again that into file or?

    autoprotect - Pastebin.com
     
  9. Mar 22, 2018 #9
    eva2000

    eva2000 Administrator Staff Member

    43,417
    9,856
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,223
    Local Time:
    9:26 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    everytime /usr/local/src/centminmod/tools/autoprotect.sh is run, the /usr/local/nginx/conf/autoprotect/pijanitvor.com/autoprotect-pijanitvor.com.conf include file is re-created from scratch so no manual removal in /usr/local/nginx/conf/autoprotect/pijanitvor.com/autoprotect-pijanitvor.com.conf

    from your debug run seems /src skipping wasn't done - does
    /home/nginx/domains/pijanitvor.com/library/XenForo directory exist on your server as it's part of the check .. but i guess xenforo 2 doesn't use /library anymore ?
     
  10. Mar 22, 2018 #10
    Sunka

    Sunka Well-Known Member

    1,126
    311
    83
    Oct 31, 2015
    Pula, Croatia
    Ratings:
    +504
    Local Time:
    1:26 PM
    Nginx 1.17.9
    MariaDB 10.3.22
    So what to do?
    It is there for some of legacy addons
     
  11. Mar 22, 2018 #11
    eva2000

    eva2000 Administrator Staff Member

    43,417
    9,856
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,223
    Local Time:
    9:26 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    • Like Like x 1
  12. Mar 22, 2018 #12
    Sunka

    Sunka Well-Known Member

    1,126
    311
    83
    Oct 31, 2015
    Pula, Croatia
    Ratings:
    +504
    Local Time:
    1:26 PM
    Nginx 1.17.9
    MariaDB 10.3.22
    Ah, just run
    Code:
    touch /home/nginx/domains/pijanitvor.com/public/src/.autoprotect-bypass

    Also, to solve those others:
    Code:
    # grep location /usr/local/nginx/conf/autoprotect/pijanitvor.com/autoprotect-pijanitvor.com.conf
# location /library/ {
location ~* ^/data/Siropu/invoices/ { allow 127.0.0.1; deny all; }
location ~* ^/data/siropu/am/invoice/ { allow 127.0.0.1; deny all; }
location /src/ {
  location ~ ^/src/(.+/)?(.+)\.(js)$ { allow all; expires 30d; }
  location ~ ^/src/(.+/)?(.+)\.(css)$ { allow all; expires 30d; }
  location ~ ^/src/(.+/)?(.+)\.(gif|jpe?g|png|webp|eot|svg|ttf|woff|woff)$ { allow all; expires 30d; }
  location ~ ^/src/(.+/)?(.+)\.(php|cgi|pl|php3|php4|php5|php6|phtml|shtml)$ { allow 127.0.0.1; deny all; }

    Should be:
    Code:
    touch /home/nginx/domains/pijanitvor.com/public/data/Siropu/invoices/.autoprotect-bypass
touch /home/nginx/domains/pijanitvor.com/public/data/siropu/am/invoice/.autoprotect-bypass

    So run all that three commands and rerun autoprotect script?

    Maybe would be better to complete disable this script? What do you think?
     
  13. Mar 22, 2018 #13
    eva2000

    eva2000 Administrator Staff Member

    43,417
    9,856
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,223
    Local Time:
    9:26 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    Yup that's correct steps to exclude those directories. As to totally disable autoprotect.sh up to you as it's there for security and to alert you to have closer look at your directories for web apps which have .htaccess deny all setups and thus reminds you to consciously setup equivalent nginx rules if needed.

    If on Centmin Mod 123.09beta01, you may have ran into the new tools/autoprotect.sh cronjob feature outlined at Beta Branch - autoprotect.sh - apache .htaccess check & migration to nginx deny all | Centmin Mod Community You uploaded scripts may have .htaccess deny from all type files in their directories which may need bypassing autoprotect. It's a security feature that no other nginx based stack has as far as I know :)

     
    • Informative Informative x 1
  14. Mar 22, 2018 #14
    eva2000

    eva2000 Administrator Staff Member

    43,417
    9,856
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,223
    Local Time:
    9:26 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    • Winner Winner x 1
  15. Mar 22, 2018 #15
    Sunka

    Sunka Well-Known Member

    1,126
    311
    83
    Oct 31, 2015
    Pula, Croatia
    Ratings:
    +504
    Local Time:
    1:26 PM
    Nginx 1.17.9
    MariaDB 10.3.22
    Nice.

    I already add .autoprotect-bypass files
    And after update centmin and rerun script, file output is just this:
    Code:
    # Xenforo bypass /home/nginx/domains/pijanitvor.com/public/install/data

# Xenforo bypass /home/nginx/domains/pijanitvor.com/public/install/templates

# Xenforo bypass /home/nginx/domains/pijanitvor.com/public/library
    Is it better that I remove .autoprotect-bypass file from scr folder or just leave it there?

    Also, to disable autoprotect script, in which conf file is that line
    Code:
    include /usr/local/nginx/conf/autoprotect/domain.com/autoprotect-domain.com.conf;
    which I need to comment out?
    There is not that line in my pijanitvor.com.ssl.conf file
     
  16. Mar 22, 2018 #16
    eva2000

    eva2000 Administrator Staff Member

    43,417
    9,856
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,223
    Local Time:
    9:26 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    leave it doesn't matter really now as both methods show those directories are bypassed from auto protection

    yes just comment it out if want to disable autoprotect for your vhost domain and if you setup HTTPS separately from centmin.sh menu option 2, then yes maybe that include file doesn't exist in yourdomain.com.ssl.conf include file
     
    • Like Like x 1
  17. Mar 22, 2018 #17
    Sunka

    Sunka Well-Known Member

    1,126
    311
    83
    Oct 31, 2015
    Pula, Croatia
    Ratings:
    +504
    Local Time:
    1:26 PM
    Nginx 1.17.9
    MariaDB 10.3.22
    I do not remember, but it is not here.
    So just disable cron should be enough?

    Code:
    # cat /usr/local/nginx/conf/conf.d/pijanitvor.com.ssl.conf
# Centmin Mod Getting Started Guide
# must read http://centminmod.com/getstarted.html
# For SPDY SSL Setup
# read http://centminmod.com/nginx_configure_https_ssl_spdy.html

# redirect from www to non-www  forced SSL
# uncomment, save file and restart Nginx to enable
# if unsure use return 302 before using return 301
 server {
   server_name pijanitvor.com www.pijanitvor.com;
    return 301 https://www.$server_name$request_uri;
 }

server {
  listen 443 ssl http2;
  server_name pijanitvor.com www.pijanitvor.com;

  ##  redirect https non-www to https www
      if ($host = 'pijanitvor.com' ) {
         return 301 https://www.pijanitvor.com$request_uri;
      }
 
  ssl_dhparam /usr/local/nginx/conf/ssl/pijanitvor.com/dhparam.pem;
  ssl_certificate      /usr/local/nginx/conf/ssl/pijanitvor.com/ssl-unified.crt;
  ssl_certificate_key  /usr/local/nginx/conf/ssl/pijanitvor.com/pijanitvor.com.key;
  include /usr/local/nginx/conf/ssl_include.conf;

  # mozilla recommended
  ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
  ssl_prefer_server_ciphers   on;
  #######################add_header Alternate-Protocol  443:npn-spdy/3;
  #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
  #add_header  X-Content-Type-Options "nosniff";
  #add_header X-Frame-Options DENY;
  #######################spdy_headers_comp 5;
  ssl_buffer_size 1400;
  ssl_session_tickets on;
 
  #enable ocsp stapling
  resolver 8.8.8.8 8.8.4.4 valid=10m;
  resolver_timeout 10s;
  ssl_stapling on;
  ssl_stapling_verify on;
  ssl_trusted_certificate /usr/local/nginx/conf/ssl/pijanitvor.com/ssl-trusted.crt; 

# ngx_pagespeed & ngx_pagespeed handler
#include /usr/local/nginx/conf/pagespeed.conf;
#include /usr/local/nginx/conf/pagespeedhandler.conf;
#include /usr/local/nginx/conf/pagespeedstatslog.conf;

  # limit_conn limit_per_ip 16;
  # ssi  on;

  access_log /home/nginx/domains/pijanitvor.com/log/access.log combined buffer=256k flush=60m;
  error_log /home/nginx/domains/pijanitvor.com/log/error.log;

  root /home/nginx/domains/pijanitvor.com/public;

  location / {
        index index.php index.html index.htm;
        try_files $uri $uri/ /index.php?$uri&$args;
        include /usr/local/nginx/conf/blockbots.conf;
    }

### ORIGINAL ###
location /internal_data/ {
        internal;
        allow 127.0.0.1;
        allow xxxxxxxxx;
        deny all;
    }
### START Xon addon za attachment ###
#    location ^~ /internal_data/ {
#               add_header Etag $upstream_http_etag;
#               add_header X-Frame-Options SAMEORIGIN;
#               add_header X-Content-Type-Options nosniff;
#               internal;
#        allow 127.0.0.1;
#        allow xxxxxxxxx;
#   }
### END Xon addon za attachment ###

    location /library/ {
        internal;
        allow 127.0.0.1;
        allow xxxxxxxxx;
        deny all;
    }
 
    location /install/data/ {
        internal;
        allow 127.0.0.1;
        allow xxxxxxxxx;
        deny all;
    }
 
      location /install/templates/ {
        internal;
        allow 127.0.0.1;
        allow xxxxxxxxx;
        deny all;
    }
 
      location /src/ {
        internal;
        allow 127.0.0.1;
        allow xxxxxxxxx;
        deny all;
    }

  # prevent access to ./directories and files
        location ~ (?:^|/)\. {
   deny all;
        } 


  include /usr/local/nginx/conf/staticfiles.conf;
  include /usr/local/nginx/conf/php.conf;
  include /usr/local/nginx/conf/drop.conf;
  #include /usr/local/nginx/conf/errorpage.conf;
  include /usr/local/nginx/conf/vts_server.conf;
}
     
  18. Mar 22, 2018 #18
    eva2000

    eva2000 Administrator Staff Member

    43,417
    9,856
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,223
    Local Time:
    9:26 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    yup
     
    • Like Like x 1
Previous Thread Next Thread
Loading...

.