From 7622a8b03027442383ecd35b133a2905c8f52336 Mon Sep 17 00:00:00 2001
From: Jen Lampton <jen@jeneration.com>
Date: Sat, 20 Jul 2019 16:29:15 -0700
Subject: [PATCH] Issue #102: Provide a Preset for Backdrop CMS sites.

---
 .../conf/nginxconfig.io/backdropcms.conf.html | 73 +++++++++++++++++++
 1 file changed, 73 insertions(+)
 create mode 100644 public/templates/conf/nginxconfig.io/backdropcms.conf.html

diff --git a/public/templates/conf/nginxconfig.io/backdropcms.conf.html b/public/templates/conf/nginxconfig.io/backdropcms.conf.html
new file mode 100644
index 0000000..a92aaa7
--- /dev/null
+++ b/public/templates/conf/nginxconfig.io/backdropcms.conf.html
@@ -0,0 +1,73 @@
+##########################
+# Standard configuration:
+##########################
+
+# Backdrop CMS: Deny access to all text files.
+location ~ \..*/.*\.(txt|log|htaccess)$ {
+    deny all;
+}
+
+# Backdrop CMS: Deny access to php in the files directory.
+location ~ ^/files/.*\.php$ {
+  deny all;
+}
+
+# Backdrop CMS: Deny access to json in the files directory.
+location ~ ^/files/.*\.json$ {
+  deny all;
+}
+
+# Backdrop CMS: Deny access to settings.php and non-root PHP files.
+location ~ \..*/.*\.php$ {
+  return 403;
+}
+
+# Backdrop CMS: Deny access to .htaccess files.
+location ~ /\.ht {
+    deny all;
+}
+
+# Backdrop CMS: set a high cache lifetime on static assets.
+location ~* ^/(sites/|files/|misc/).*\.(js|css|png|jpg|jpeg|gif|ico)(\?[a-zA-Z0-9]+)?$ {
+  expires max;
+}
+
+# Backdrop CMS: Allow image styles to be handled by the CMS.
+location ^~ /files/styles/ {
+    try_files $uri @rewrite;
+}
+
+location @rewrite {
+  rewrite ^/(.*)$ /index.php?q=$1;
+}
+
+
+############################
+# Multi-Site configuration:
+############################
+
+# Backdrop CMS: Deny private files directory for sub-sites.
+location ~ ^/sites/[^/]+/private/ {
+	deny all;
+}
+
+# Backdrop CMS: Deny php in files directory for sub-sites.
+location ~ ^/sites/[^/]+/files/.*\.php$ {
+	deny all;
+}
+
+# Backdrop CMS: Deny json in files directory for sub-sites.
+location ~ ^/sites/[^/]+/files/.*\.json$ {
+  deny all;
+}
+
+# Backdrop CMS: Allow image styles to be handled by the CMS for sub-sites.
+location ~ ^/sites/[^/]+/files/styles/ {
+    try_files $uri @rewrite;
+}<span ng-if="isLimitReq()">
+
+# Backdrop CMS: throttle user functions.
+location ~ ^/user/(?:login|register|password) {
+	limit_req zone=login burst=2 nodelay;
+	try_files $uri /index.php?$query_string;
+}</span>