From 11bc45278b1c256b61f4296785d139bc18605651 Mon Sep 17 00:00:00 2001 From: casjay Date: Thu, 1 May 2025 14:57:26 -0400 Subject: [PATCH] =?UTF-8?q?=F0=9F=97=83=EF=B8=8F=20Committing=20everything?= =?UTF-8?q?=20that=20changed=20=F0=9F=97=83=EF=B8=8F?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit rootfs/tmp/etc/nginx/vhosts.d/template --- rootfs/tmp/etc/nginx/vhosts.d/template | 156 ++++++++++--------------- 1 file changed, 61 insertions(+), 95 deletions(-) diff --git a/rootfs/tmp/etc/nginx/vhosts.d/template b/rootfs/tmp/etc/nginx/vhosts.d/template index 6ec2dcc..7251c01 100644 --- a/rootfs/tmp/etc/nginx/vhosts.d/template +++ b/rootfs/tmp/etc/nginx/vhosts.d/template @@ -4,100 +4,66 @@ #Reverse Proxy #See /etc/nginx/conf.d/default.conf for proxy servers server { - server_name REPLACE_ONION_SITE; - listen REPLACE_ONION_PORT; - keepalive_timeout 75 75; - access_log /data/logs/nginx/access.REPLACE_ONION_SITE.log; - error_log /data/logs/nginx/error.REPLACE_ONION_SITE.log info; - index index.php index.html index.cgi index.pl index.aspx index.txt index.json index.unknown.php index.default.php; - add_header X-Frame-Options "SAMEORIGIN" always; - add_header X-XSS-Protection "1; mode=block" always; - add_header X-Content-Type-Options "nosniff" always; - add_header Referrer-Policy "no-referrer-when-downgrade" always; - add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; - add_header Content-Security-Policy "script-src 'self' 'unsafe-inline' 'unsafe-eval' *; frame-src 'self' *; object-src 'self'" always; - root REPLACE_ONION_WWW_DIR; + server_name REPLACE_ONION_SITE; + listen REPLACE_ONION_PORT; + keepalive_timeout 75 75; + access_log /data/logs/nginx/access.REPLACE_ONION_SITE.log; + error_log /data/logs/nginx/error.REPLACE_ONION_SITE.log info; + add_header X-Frame-Options "SAMEORIGIN" always; + add_header X-XSS-Protection "1; mode=block" always; + add_header X-Content-Type-Options "nosniff" always; + add_header Referrer-Policy "no-referrer-when-downgrade" always; + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; + add_header Content-Security-Policy "script-src 'self' 'unsafe-inline' 'unsafe-eval' *; frame-src 'self' *; object-src 'self'" always; + root REPLACE_ONION_WWW_DIR; + index index.php index.html index.cgi index.pl index.aspx index.txt index.json index.unknown.php index.default.php; - location / { - root REPLACE_ONION_WWW_DIR; - } - - location ^~ /favicon.ico { - alias REPLACE_SERVER_WWW_DIR/favicon.ico; - allow all; - log_not_found off; - access_log off; - } - location ^~ /robots.txt { - default_type "text/plain"; - alias REPLACE_SERVER_WWW_DIR/robots.txt; - allow all; - log_not_found off; - access_log off; - } - location ^~ /.well-known { - default_type "text/plain"; - alias REPLACE_SERVER_WWW_DIR/.well-known; - allow all; - log_not_found on; - access_log off; - - location ^~ /.well-known/security.txt { - default_type "text/plain"; - alias REPLACE_SERVER_WWW_DIR/security.txt; - allow all; - log_not_found off; - access_log off; - } - location ^~ /health { - default_type "text/plain"; - allow all; - access_log off; - return 200 'ok'; - - location ^~ /health/txt { - default_type "text/plain"; - allow all; - access_log off; - return 200 'ok'; - } - - location ^~ /health/json { - default_type "application/json"; - allow all; - access_log off; - return 200 '{"status":"OK"}'; - - location ^~ /health/status { - stub_status; - - location ~ [^/]\.php(/|$) { - fastcgi_split_path_info ^(.+?\.php)(/.*)$; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - fastcgi_param HTTP_PROXY ""; - fastcgi_pass 127.0.0.1:9000; - fastcgi_index index.php; - fastcgi_param QUERY_STRING $query_string; - fastcgi_param REQUEST_METHOD $request_method; - fastcgi_param CONTENT_TYPE $content_type; - fastcgi_param CONTENT_LENGTH $content_length; - fastcgi_param SCRIPT_NAME $fastcgi_script_name; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_param REQUEST_URI $request_uri; - fastcgi_param DOCUMENT_URI $document_uri; - fastcgi_param DOCUMENT_ROOT $document_root; - fastcgi_param SERVER_PROTOCOL $server_protocol; - fastcgi_param REQUEST_SCHEME $scheme; - fastcgi_param HTTPS $https if_not_empty; - fastcgi_param GATEWAY_INTERFACE CGI/1.1; - fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; - fastcgi_param REMOTE_ADDR $remote_addr; - fastcgi_param REMOTE_PORT $remote_port; - fastcgi_param SERVER_ADDR $server_addr; - fastcgi_param SERVER_PORT $server_port; - fastcgi_param SERVER_NAME $server_name; - fastcgi_param REDIRECT_STATUS 200; - } + location / { + root REPLACE_ONION_WWW_DIR; + } + location ^~ /favicon.ico { + alias REPLACE_SERVER_WWW_DIR/favicon.ico; + allow all; + access_log off; + log_not_found off; + } + location ^~ /robots.txt { + default_type "text/plain"; + alias REPLACE_SERVER_WWW_DIR/robots.txt; + allow all; + access_log off; + log_not_found off; + } + location ^~ /.well-known { + default_type "text/plain"; + alias REPLACE_SERVER_WWW_DIR/.well-known; + allow all; + access_log off; + log_not_found on; + } + location ^~ /.well-known/security.txt { + default_type "text/plain"; + alias REPLACE_SERVER_WWW_DIR/security.txt; + allow all; + access_log off; + log_not_found off; + } + location ^~ /health { + default_type "text/plain"; + allow all; + access_log off; + return 200 'ok'; + } + location ^~ /health/txt { + default_type "text/plain"; + allow all; + access_log off; + return 200 'ok'; + } + location ^~ /health/json { + default_type "application/json"; + allow all; + access_log off; + return 200 '{"status":"OK"}'; + } }