Drupal Nginx + PhpBB - upweb

Apache, Nginx and other
Ответить
brahman
Site Admin
Сообщения: 57
Зарегистрирован: 30 май 2020, 13:42

Drupal Nginx + PhpBB - upweb

Сообщение brahman »

Old config from ispmanager

Код: Выделить всё

server {
	server_name upweb.me www.upweb.me;
	charset off;
	index index.php index.html;
	disable_symlinks if_not_owner from=$root_path;
	include /etc/nginx/vhosts-includes/*.conf;
	include /etc/nginx/vhosts-resources/upweb.me/*.conf;
	access_log /var/www/httpd-logs/upweb.me.access.log;
	error_log /var/www/httpd-logs/upweb.me.error.log notice;
	ssi on;
	return 301 https://$host:443$request_uri;
	set $root_path /var/www/upweb/data/www/upweb.me/web;
	root $root_path;
	location / {
		location ~ [^/]\.ph(p\d*|tml)$ {
			try_files /does_not_exists @php;
		}
	}
	listen 46.10.178.152:80 default_server;
	location @php {
		fastcgi_index index.php;
		fastcgi_param PHP_ADMIN_VALUE "sendmail_path = /usr/sbin/sendmail -t -i -f [email protected]";
		fastcgi_pass unix:/var/www/php-fpm/upweb.sock;
		fastcgi_split_path_info ^((?U).+\.ph(?:p\d*|tml))(/?.+)$;
		try_files $uri =404;
		include fastcgi_params;
	}
}
server {
	server_name upweb.me www.upweb.me;
	ssl_certificate "/var/www/httpd-cert/upweb/upweb.me_le2.crtca";
	ssl_certificate_key "/var/www/httpd-cert/upweb/upweb.me_le2.key";
	ssl_ciphers EECDH:+AES256:-3DES:RSA+AES:!NULL:!RC4;
	ssl_prefer_server_ciphers on;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	add_header Strict-Transport-Security "max-age=31536000;";
	ssl_dhparam /etc/ssl/certs/dhparam4096.pem;
	charset off;
	index index.php index.html;
	disable_symlinks if_not_owner from=$root_path;
	include /etc/nginx/vhosts-includes/*.conf;
	include /etc/nginx/vhosts-resources/upweb.me/*.conf;
	access_log /var/www/httpd-logs/upweb.me.access.log;
	error_log /var/www/httpd-logs/upweb.me.error.log notice;
	ssi on;
	set $root_path /var/www/upweb/data/www/upweb.me/web;
	root $root_path;
	location / {
		location ~ [^/]\.ph(p\d*|tml)$ {
			try_files /does_not_exists @php;
		}
	}
	listen 46.10.178.152:443 ssl default_server http2;
	location @php {
		fastcgi_index index.php;
		fastcgi_param PHP_ADMIN_VALUE "sendmail_path = /usr/sbin/sendmail -t -i -f [email protected]";
		fastcgi_pass unix:/var/www/php-fpm/upweb.sock;
		fastcgi_split_path_info ^((?U).+\.ph(?:p\d*|tml))(/?.+)$;
		try_files $uri =404;
		include fastcgi_params;
	}
}

brahman
Site Admin
Сообщения: 57
Зарегистрирован: 30 май 2020, 13:42

Re: Drupal Nginx upweb

Сообщение brahman »

Результат компиляции старого конфига и следующей инструкции https://www.nginx.com/resources/wiki/st ... es/drupal/
Также была добавлена секция для работы phpbb

Код: Выделить всё

server {
	server_name upweb.me www.upweb.me;
	charset off;
	index index.php index.html;
	disable_symlinks if_not_owner from=$root_path;
	include /etc/nginx/vhosts-includes/*.conf;
	include /etc/nginx/vhosts-resources/upweb.me/*.conf;
	access_log /var/www/httpd-logs/upweb.me.access.log;
	error_log /var/www/httpd-logs/upweb.me.error.log notice;
	ssi on;
	set $root_path /var/www/upweb/data/www/upweb.me/web;
	root $root_path;
	location / {
	    try_files $uri /index.php?$query_string;
	    location ~ [^/]\.ph(p\d*|tml)$ {
			try_files /does_not_exists @php;
		}
	}

    location = /favicon.ico {
        log_not_found off;
        access_log off;
    }

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    location ~ \..*/.*\.php$ {
        return 403;
    }

    location ~ ^/sites/.*/private/ {
        return 403;
    }

    # Block access to scripts in site files directory
    location ~ ^/sites/[^/]+/files/.*\.php$ {
        deny all;
    }

    # Allow "Well-Known URIs" as per RFC 5785
    location ~* ^/.well-known/ {
        allow all;
    }

    # Block access to "hidden" files and directories whose names begin with a
    # period. This includes directories used by version control systems such
    # as Subversion or Git to store control files.
    location ~ (^|/)\. {
        return 403;
    }

    location @rewrite {
        rewrite ^/(.*)$ /index.php?q=$1;
    }

    # Don't allow direct access to PHP files in the vendor directory.
    location ~ /vendor/.*\.php$ {
        deny all;
        return 404;
    }

    # Protect files and directories from prying eyes.
    location ~* \.(engine|inc|install|make|module|profile|po|sh|.*sql|theme|twig|tpl(\.php)?|xtmpl|yml)(~|\.sw[op]|\.bak|\.orig|\.save)?$|^(\.(?!well-known).*|Entries.*|Repository|Root|Tag|Template|composer\.(json|lock)|web\.config)$|^#.*#$|\.php(~|\.sw[op]|\.bak|\.orig|\.save)$ {
        deny all;
        return 404;
    }
	
	
	listen 46.10.178.152:80;
	location @php {
		fastcgi_index index.php;
		fastcgi_param PHP_ADMIN_VALUE "sendmail_path = /usr/sbin/sendmail -t -i -f [email protected]";
		fastcgi_param HTTP_PROXY "";
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        fastcgi_param QUERY_STRING $query_string;
        fastcgi_intercept_errors on;
		fastcgi_pass unix:/var/www/php-fpm/upweb.sock;
		fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
		try_files $fastcgi_script_name =404;
		include fastcgi_params;
	}
}


server {
	server_name upweb.me www.upweb.me;
	ssl_certificate "/var/www/httpd-cert/upweb/upweb.me_le2.crtca";
	ssl_certificate_key "/var/www/httpd-cert/upweb/upweb.me_le2.key";
	ssl_ciphers EECDH:+AES256:-3DES:RSA+AES:!NULL:!RC4;
	ssl_prefer_server_ciphers on;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	add_header Strict-Transport-Security "max-age=31536000;";
	ssl_dhparam /etc/ssl/certs/dhparam4096.pem;
	charset off;
	index index.php index.html;
	disable_symlinks if_not_owner from=$root_path;
	include /etc/nginx/vhosts-includes/*.conf;
	include /etc/nginx/vhosts-resources/upweb.me/*.conf;
	access_log /var/www/httpd-logs/upweb.me.access.log;
	error_log /var/www/httpd-logs/upweb.me.error.log notice;
	ssi on;
	set $root_path /var/www/upweb/data/www/upweb.me/web;
	root $root_path;
	location / {
	    try_files $uri /index.php?$query_string;
		location ~ [^/]\.ph(p\d*|tml)$ {
			try_files /does_not_exists @php;
		}
	}
	 location = /favicon.ico {
        log_not_found off;
        access_log off;
    }

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    location ~ \..*/.*\.php$ {
        return 403;
    }

    location ~ ^/sites/.*/private/ {
        return 403;
    }

    # Block access to scripts in site files directory
    location ~ ^/sites/[^/]+/files/.*\.php$ {
        deny all;
    }

    # Allow "Well-Known URIs" as per RFC 5785
    location ~* ^/.well-known/ {
        allow all;
    }

    # Block access to "hidden" files and directories whose names begin with a
    # period. This includes directories used by version control systems such
    # as Subversion or Git to store control files.
    location ~ (^|/)\. {
        return 403;
    }

    location @rewrite {
        rewrite ^/(.*)$ /index.php?q=$1;
    }

    # Don't allow direct access to PHP files in the vendor directory.
    location ~ /vendor/.*\.php$ {
        deny all;
        return 404;
    }

    # Protect files and directories from prying eyes.
    location ~* \.(engine|inc|install|make|module|profile|po|sh|.*sql|theme|twig|tpl(\.php)?|xtmpl|yml)(~|\.sw[op]|\.bak|\.orig|\.save)?$|^(\.(?!well-known).*|Entries.*|Repository|Root|Tag|Template|composer\.(json|lock)|web\.config)$|^#.*#$|\.php(~|\.sw[op]|\.bak|\.orig|\.save)$ {
        deny all;
        return 404;
    }
	
	
	listen 46.10.178.152:443 ssl http2;
	
		location @php {
		fastcgi_index index.php;
		fastcgi_param PHP_ADMIN_VALUE "sendmail_path = /usr/sbin/sendmail -t -i -f [email protected]";
		fastcgi_param HTTP_PROXY "";
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        fastcgi_param QUERY_STRING $query_string;
        fastcgi_intercept_errors on;
		fastcgi_pass unix:/var/www/php-fpm/upweb.sock;
		fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
		try_files $fastcgi_script_name =404;
		include fastcgi_params;
		
	}
# для phpbb, чтобы открывался в подкатегории /forum без index.php 
location /forum/ {
                try_files $uri /forum/index.php?$query_string;
                location ~ [^/]\.ph(p\d*|tml)$ {
			    try_files /does_not_exists @php;
		}
        }
# специально для phpbb        
location ~ ^/update.php {
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    fastcgi_pass unix:/var/www/php-fpm/upweb.sock;
    fastcgi_index update.php;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_intercept_errors on;
    include fastcgi_params;
  }
  }
  

brahman
Site Admin
Сообщения: 57
Зарегистрирован: 30 май 2020, 13:42

Re: Drupal Nginx + PhpBB - upweb

Сообщение brahman »

часть работающего вариант конфига для форума без косяков

Код: Выделить всё


location @rewriteapp {
		rewrite ^(.*)$ /forum/app.php/$1 last;
	}
		
location /forum/ {
		try_files $uri $uri/ @rewriteapp;

location ~ /(config\.php|common\.php|cache|files|images/avatars/upload|includes|(?<!ext/)phpbb|store|vendor) {
			deny all;
		}

location ~ \.php(/|$) {
		include fastcgi_params;
		fastcgi_param SCRIPT_FILENAME $request_filename;
		fastcgi_param HTTP_PROXY '';
		try_files $uri $uri/ /forum/app.php$is_args$args $document_root$fastcgi_script_name =404;
		fastcgi_pass unix:/var/www/php-fpm/upweb.sock;
		}
	}
	
часть для инсталляции, не проверял.

Код: Выделить всё

location /forum/install/ {
		try_files $uri $uri/ @rewrite_installapp;

		location ~ \.php(/|$) {
			include fastcgi.conf;
			fastcgi_param SCRIPT_FILENAME $request_filename;
			fastcgi_param HTTP_PROXY '';
			try_files $uri $uri/ /forum/install/app.php$is_args$args $document_root$fastcgi_script_name =404;
			fastcgi_pass unix:/run/php/php7.2-fpm.sock;
		}
	}

	location @rewrite_installapp {
		rewrite ^(.*)$ /forum/install/app.php/$1 last;
	}

}

brahman
Site Admin
Сообщения: 57
Зарегистрирован: 30 май 2020, 13:42

Re: Drupal Nginx + PhpBB - upweb

Сообщение brahman »

Код: Выделить всё

server {
	server_name upweb.me www.upweb.me;
	charset off;
	index index.php index.html;
	disable_symlinks if_not_owner from=$root_path;
	include /etc/nginx/vhosts-includes/*.conf;
	include /etc/nginx/vhosts-resources/upweb.me/*.conf;
	access_log /var/www/httpd-logs/upweb.me.access.log;
	error_log /var/www/httpd-logs/upweb.me.error.log notice;
	ssi on;
	set $root_path /var/www/upweb/data/www/upweb.me/web;
	root $root_path;
	location / {
	    try_files $uri /index.php?$query_string;
	    location ~ [^/]\.ph(p\d*|tml)$ {
			try_files /does_not_exists @php;
		}
	}

    location = /favicon.ico {
        log_not_found off;
        access_log off;
    }

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    location ~ \..*/.*\.php$ {
        return 403;
    }

    location ~ ^/sites/.*/private/ {
        return 403;
    }

    # Block access to scripts in site files directory
    location ~ ^/sites/[^/]+/files/.*\.php$ {
        deny all;
    }

    # Allow "Well-Known URIs" as per RFC 5785
    location ~* ^/.well-known/ {
        allow all;
    }

    # Block access to "hidden" files and directories whose names begin with a
    # period. This includes directories used by version control systems such
    # as Subversion or Git to store control files.
    location ~ (^|/)\. {
        return 403;
    }

    location @rewrite {
        rewrite ^/(.*)$ /index.php?q=$1;
    }

    # Don't allow direct access to PHP files in the vendor directory.
    location ~ /vendor/.*\.php$ {
        deny all;
        return 404;
    }

    # Protect files and directories from prying eyes.
    location ~* \.(engine|inc|install|make|module|profile|po|sh|.*sql|theme|twig|tpl(\.php)?|xtmpl|yml)(~|\.sw[op]|\.bak|\.orig|\.save)?$|^(\.(?!well-known).*|Entries.*|Repository|Root|Tag|Template|composer\.(json|lock)|web\.config)$|^#.*#$|\.php(~|\.sw[op]|\.bak|\.orig|\.save)$ {
        deny all;
        return 404;
    }
	
	
	listen 46.10.178.152:80;
	location @php {
		fastcgi_index index.php;
		fastcgi_param PHP_ADMIN_VALUE "sendmail_path = /usr/sbin/sendmail -t -i -f [email protected]";
		fastcgi_param HTTP_PROXY "";
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        fastcgi_param QUERY_STRING $query_string;
        fastcgi_intercept_errors on;
		fastcgi_pass unix:/var/www/php-fpm/upweb.sock;
		fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
		try_files $fastcgi_script_name =404;
		include fastcgi_params;
	}
}


server {
	server_name upweb.me www.upweb.me;
	ssl_certificate "/var/www/httpd-cert/upweb/upweb.me_le2.crtca";
	ssl_certificate_key "/var/www/httpd-cert/upweb/upweb.me_le2.key";
	ssl_ciphers EECDH:+AES256:-3DES:RSA+AES:!NULL:!RC4;
	ssl_prefer_server_ciphers on;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	add_header Strict-Transport-Security "max-age=31536000;";
	ssl_dhparam /etc/ssl/certs/dhparam4096.pem;
	charset off;
	index index.php index.html;
	disable_symlinks if_not_owner from=$root_path;
	include /etc/nginx/vhosts-includes/*.conf;
	include /etc/nginx/vhosts-resources/upweb.me/*.conf;
	access_log /var/www/httpd-logs/upweb.me.access.log;
	error_log /var/www/httpd-logs/upweb.me.error.log notice;
	ssi on;
	set $root_path /var/www/upweb/data/www/upweb.me/web;
	root $root_path;
	location / {
	    try_files $uri /index.php?$query_string;
		location ~ [^/]\.ph(p\d*|tml)$ {
			try_files /does_not_exists @php;
		}
	}
	 location = /favicon.ico {
        log_not_found off;
        access_log off;
    }

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    location ~ \..*/.*\.php$ {
        return 403;
    }

    location ~ ^/sites/.*/private/ {
        return 403;
    }

    # Block access to scripts in site files directory
    location ~ ^/sites/[^/]+/files/.*\.php$ {
        deny all;
    }

    # Allow "Well-Known URIs" as per RFC 5785
    location ~* ^/.well-known/ {
        allow all;
    }

    # Block access to "hidden" files and directories whose names begin with a
    # period. This includes directories used by version control systems such
    # as Subversion or Git to store control files.
    location ~ (^|/)\. {
        return 403;
    }

    location @rewrite {
        rewrite ^/(.*)$ /index.php?q=$1;
    }

    # Don't allow direct access to PHP files in the vendor directory.
    location ~ /vendor/.*\.php$ {
        deny all;
        return 404;
    }

    # Protect files and directories from prying eyes.
    location ~* \.(engine|inc|install|make|module|profile|po|sh|.*sql|theme|twig|tpl(\.php)?|xtmpl|yml)(~|\.sw[op]|\.bak|\.orig|\.save)?$|^(\.(?!well-known).*|Entries.*|Repository|Root|Tag|Template|composer\.(json|lock)|web\.config)$|^#.*#$|\.php(~|\.sw[op]|\.bak|\.orig|\.save)$ {
        deny all;
        return 404;
    }
	
	
	listen 46.10.178.152:443 ssl http2;
	
		location @php {
		fastcgi_index index.php;
		fastcgi_param PHP_ADMIN_VALUE "sendmail_path = /usr/sbin/sendmail -t -i -f [email protected]";
		fastcgi_param HTTP_PROXY "";
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        fastcgi_param QUERY_STRING $query_string;
        fastcgi_intercept_errors on;
		fastcgi_pass unix:/var/www/php-fpm/upweb.sock;
		fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
		try_files $fastcgi_script_name =404;
		include fastcgi_params;
		
	}

# специально для phpbb        

location @rewriteapp {
		rewrite ^(.*)$ /forum/app.php/$1 last;
	}

location @rewrite_installapp {
		rewrite ^(.*)$ /forum/install/app.php/$1 last;
	}

location /forum/ {
		try_files $uri $uri/ @rewriteapp;
    location ~ /(config\.php|common\.php|cache|files|images/avatars/upload|includes|(?<!ext/)phpbb|store|vendor) {
			deny all;
		}
    location ~ \.php(/|$) {
		include fastcgi_params;
		fastcgi_param SCRIPT_FILENAME $request_filename;
		fastcgi_param HTTP_PROXY '';
		try_files $uri $uri/ /forum/app.php$is_args$args $document_root$fastcgi_script_name =404;
		fastcgi_pass unix:/var/www/php-fpm/upweb.sock;
		}
	}

location /forum/install/ {
		try_files $uri $uri/ @rewrite_installapp;
		location ~ \.php(/|$) {
			include fastcgi_params;
			fastcgi_param SCRIPT_FILENAME $request_filename;
			fastcgi_param HTTP_PROXY '';
			try_files $uri $uri/ /forum/install/app.php$is_args$args $document_root$fastcgi_script_name =404;
			fastcgi_pass unix:/run/php/php7.2-fpm.sock;
		}
	}

}

Ответить