diff --git a/public/index.html b/public/index.html index f92515d..4de2e35 100644 --- a/public/index.html +++ b/public/index.html @@ -293,7 +293,7 @@
-
+
diff --git a/public/templates/commands.html b/public/templates/commands.html index eee5b50..12e703c 100644 --- a/public/templates/commands.html +++ b/public/templates/commands.html @@ -1,10 +1,29 @@ -# HTTPS: create Diffie-Hellman keys +# HTTPS: create Diffie-Hellman keys openssl dhparam -dsaparam -out /etc/nginx/dhparam.pem 2048 -# HTTPS: create ACME-challenge common directory +# HTTPS: create ACME-challenge common directory sudo -u {{ data.user }} sh -c "mkdir -p /var/www/_letsencrypt" -# HTTPS: certbot (obtain certificates)
# disable before first run: ssl_certificate, ssl_certificate_key, ssl_trusted_certificate -certbot certonly --webroot -d {{ domain() }} -d www.{{ domain() }} -d cdn.{{ domain() }} --email {{ data.email ? data.email : 'hello@' + domain() }} -w /var/www/_letsencrypt -n --agree-tos --force-renewal +# HTTPS: certbot (obtain certificates)
# disable before first run: ssl_certificate, ssl_certificate_key, ssl_trusted_certificate +certbot certonly --webroot -d {{ domain() }} -d www.{{ domain() }} -d cdn.{{ domain() }} --email {{ data.email ? data.email : 'hello@' + domain() }} -w /var/www/_letsencrypt -n --agree-tos --force-renewal + +# WordPress: add to wp-config.php (CVE-2018-6389) +define('CONCATENATE_SCRIPTS', false); diff --git a/public/templates/conf/_wordpress.conf.html b/public/templates/conf/_wordpress.conf.html index a29ac04..dc00feb 100644 --- a/public/templates/conf/_wordpress.conf.html +++ b/public/templates/conf/_wordpress.conf.html @@ -18,6 +18,11 @@ location ~* ^/wp-content/plugins/.*\.(?!{{ extensions.assets }}|{{ extensions.fo deny all; } +# disable scripts and styles concat +location ~* \/wp-admin\/load-(?:scripts|styles)\.php { + deny all; +} + # WordPress stuff location ~* ^/(?:xmlrpc\.php|wp-links-opml\.php|wp-config\.php|wp-config-sample\.php|wp-comments-post\.php|readme\.html|license\.txt)$ { deny all;