mirror of
https://github.com/casjaysdevdocker/wordpress
synced 2025-09-18 21:57:48 -04:00
🗃️ Committing everything that changed 🗃️
This commit is contained in:
casjay
102
config/nginx.conf
Normal file
102
config/nginx.conf
Normal file
@@ -0,0 +1,102 @@
|
||||
daemon off;
|
||||
|
||||
error_log stderr notice;
|
||||
pid /var/run/nginx/nginx.pid;
|
||||
env DB_HOST;
|
||||
env DB_NAME;
|
||||
env DB_USER;
|
||||
env DB_PASS;
|
||||
|
||||
worker_processes 1;
|
||||
events {
|
||||
worker_connections 1024;
|
||||
}
|
||||
|
||||
http {
|
||||
sendfile on;
|
||||
include /etc/nginx/mime.types;
|
||||
include /etc/nginx/fastcgi.conf;
|
||||
default_type application/octet-stream;
|
||||
access_log stdout;
|
||||
tcp_nopush on;
|
||||
client_body_temp_path /tmp/nginx/body 1 2;
|
||||
fastcgi_temp_path /tmp/nginx/fastcgi_temp 1 2;
|
||||
|
||||
log_format blocked '$time_local: Blocked request from $http_x_real_ip $request';
|
||||
|
||||
log_format specialLog '$http_x_real_ip - $remote_user [$time_local] '
|
||||
'"$request" $status $body_bytes_sent '
|
||||
'"$http_referer" "$http_user_agent"';
|
||||
|
||||
client_max_body_size 512M;
|
||||
|
||||
server {
|
||||
|
||||
listen 80;
|
||||
|
||||
root /usr/html;
|
||||
index index.php index.html index.htm;
|
||||
access_log stdout;
|
||||
error_log stderr notice;
|
||||
|
||||
disable_symlinks off;
|
||||
|
||||
location = /robots.txt {
|
||||
allow all;
|
||||
log_not_found off;
|
||||
access_log off;
|
||||
}
|
||||
|
||||
location / {
|
||||
try_files $uri $uri/ /index.php?$args;
|
||||
}
|
||||
|
||||
location ~* /(?:uploads|files)/.*\.php$ {
|
||||
deny all;
|
||||
}
|
||||
|
||||
location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ {
|
||||
access_log off;
|
||||
log_not_found off;
|
||||
expires 360d;
|
||||
}
|
||||
|
||||
location ~ [^/]\.php(/|$) {
|
||||
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
|
||||
if (!-f $document_root$fastcgi_script_name) {
|
||||
return 404;
|
||||
}
|
||||
fastcgi_pass unix:/var/run/php-fpm.sock;
|
||||
fastcgi_index index.php;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
include fastcgi_params;
|
||||
}
|
||||
|
||||
## Block SQL injections
|
||||
location ~* union.*select.*\( { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
|
||||
location ~* union.*all.*select.* { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
|
||||
location ~* concat.*\( { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
|
||||
|
||||
## Block common exploits
|
||||
location ~* (<|%3C).*script.*(>|%3E) { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
|
||||
location ~* base64_(en|de)code\(.*\) { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
|
||||
location ~* (%24&x) { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
|
||||
location ~* (%0|%A|%B|%C|%D|%E|%F|127\.0) { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
|
||||
location ~* \.\.\/ { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
|
||||
location ~* ~$ { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
|
||||
location ~* proc/self/environ { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
|
||||
location ~* /\.(htaccess|htpasswd|svn) { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
|
||||
|
||||
## Block file injections
|
||||
location ~* [a-zA-Z0-9_]=(\.\.//?)+ { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
|
||||
location ~* [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
|
||||
|
||||
## wordpress security
|
||||
location ~* wp-config.php { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
|
||||
location ~* wp-admin/includes { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
|
||||
location ~* wp-app\.log { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
|
||||
location ~* (licence|readme|license)\.(html|txt) { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
34
config/php-fpm.conf
Normal file
34
config/php-fpm.conf
Normal file
@@ -0,0 +1,34 @@
|
||||
error_log = /usr/logs/php8/php-fpm.log
|
||||
log_level = warning
|
||||
|
||||
[www]
|
||||
user = nginx
|
||||
group = nginx
|
||||
listen = /var/run/php-fpm.sock
|
||||
listen.owner = nginx
|
||||
listen.group = nginx
|
||||
pm = ondemand
|
||||
|
||||
; Total RAM dedicated to the web server / Max child process size
|
||||
pm.max_children = 75
|
||||
|
||||
pm.process_idle_timeout = 10s
|
||||
pm.max_requests = 500
|
||||
chdir = /usr/html
|
||||
php_flag[display_errors] = on
|
||||
php_admin_value[memory_limit] = 128M
|
||||
php_admin_value[upload_max_filesize] = 32M
|
||||
php_admin_value[post_max_size] = 32M
|
||||
php_admin_value[output_buffering] = 0
|
||||
php_admin_value[openssl.cafile] = /etc/ssl/certs/ca-certificates.crt
|
||||
php_admin_value[openssl.capath] = /etc/ssl/certs
|
||||
php_admin_value[max_input_nesting_level] = 256
|
||||
php_admin_value[max_input_vars] = 10000
|
||||
|
||||
catch_workers_output = yes
|
||||
|
||||
; Database variables passed via -e argument on Docker
|
||||
env["DB_HOST"] = "$DB_HOST"
|
||||
env["DB_USER"] = "$DB_USER"
|
||||
env["DB_PASS"] = "$DB_PASS"
|
||||
env["DB_NAME"] = "$DB_NAME"
|
||||
Reference in New Issue
Block a user