MattIPv4
5 years ago
parent
742b0c8999
commit
adf4752e1c
@ -0,0 +1,34 @@
|
||||
export default (domains, global) => {
|
||||
const config = {};
|
||||
|
||||
config['# Drupal: deny private files'] = '';
|
||||
config['location ~ ^/sites/.*/private/'] = {
|
||||
deny: 'all',
|
||||
};
|
||||
|
||||
config['# Drupal: deny php in files'] = '';
|
||||
config['location ~ ^/sites/[^/]+/files/.*\\.php$'] = {
|
||||
deny: 'all',
|
||||
};
|
||||
|
||||
config['# Drupal: deny php in vendor'] = '';
|
||||
config['location ~ /vendor/.*\\.php$'] = {
|
||||
deny: 'all',
|
||||
};
|
||||
|
||||
config['# Drupal: handle private files'] = '';
|
||||
config['location ~ ^(/[a-z\\-]+)?/system/files/'] = {
|
||||
try_files: '$uri /index.php?$query_string',
|
||||
};
|
||||
|
||||
if (global.security.limitReq.computed) {
|
||||
config['# Drupal: throttle user functions'] = '';
|
||||
config['location ~ ^/user/(?:login|register|password)'] = {
|
||||
limit_req: 'zone=login burst=2 nodelay',
|
||||
try_files: '$uri /index.php?$query_string',
|
||||
};
|
||||
}
|
||||
|
||||
// Done!
|
||||
return config;
|
||||
};
|
||||
@ -0,0 +1,103 @@
|
||||
import { gzipTypes, extensions } from '../util/types_extensions';
|
||||
|
||||
export default (domains, global) => {
|
||||
const config = {};
|
||||
|
||||
config['# favicon.ico'] = '';
|
||||
config['location = /favicon.ico'] = {
|
||||
log_not_found: 'off',
|
||||
};
|
||||
if (global.logging.accessLog.computed) config['location = /favicon.ico'].access_log = 'off';
|
||||
|
||||
config['# robots.txt'] = '';
|
||||
config['location = /robots.txt'] = {
|
||||
log_not_found: 'off',
|
||||
};
|
||||
if (global.logging.accessLog.computed) config['location = /robots.txt'].access_log = 'off';
|
||||
|
||||
if (domains.every(d => d.routing.root.computed)) {
|
||||
if (global.performance.assetsExpiration.computed === global.performance.mediaExpiration.computed) {
|
||||
if (global.performance.assetsExpiration.computed) {
|
||||
// Assets & media combined
|
||||
config['# assets, media'] = '';
|
||||
const loc = `location ~* \\.(?:${extensions.assets}|${extensions.images}|${extensions.audio}|${extensions.video})$`;
|
||||
config[loc] = {
|
||||
expires: global.performance.assetsExpiration.computed,
|
||||
};
|
||||
if (global.logging.accessLog.computed) config[loc].access_log = 'off';
|
||||
}
|
||||
} else {
|
||||
// Assets & media separately
|
||||
if (global.performance.assetsExpiration.computed) {
|
||||
config['# assets'] = '';
|
||||
const loc = `location ~* \\.(?:${extensions.assets})$`;
|
||||
config[loc] = {
|
||||
expires: global.performance.assetsExpiration.computed,
|
||||
};
|
||||
if (global.logging.accessLog.computed) config[loc].access_log = 'off';
|
||||
}
|
||||
|
||||
if (global.performance.mediaExpiration.computed) {
|
||||
config['# media'] = '';
|
||||
const loc = `location ~* \\.(?:${extensions.images}|${extensions.audio}|${extensions.video})$`;
|
||||
config[loc] = {
|
||||
expires: global.performance.mediaExpiration.computed,
|
||||
};
|
||||
if (global.logging.accessLog.computed) config[loc].access_log = 'off';
|
||||
}
|
||||
}
|
||||
|
||||
if (global.performance.svgExpiration.computed === global.performance.fontsExpiration.computed) {
|
||||
if (global.performance.svgExpiration.computed) {
|
||||
// SVG & fonts combined
|
||||
config['# svg, fonts'] = '';
|
||||
const loc = `location ~* \\.(?:${extensions.svg}|${extensions.fonts})$`;
|
||||
config[loc] = {
|
||||
add_header: 'Access-Control-Allow-Origin "*"',
|
||||
expires: global.performance.svgExpiration.computed,
|
||||
};
|
||||
if (global.logging.accessLog.computed) config[loc].access_log = 'off';
|
||||
}
|
||||
} else {
|
||||
// SVG & fonts separately
|
||||
if (global.performance.svgExpiration.computed) {
|
||||
config['# svg'] = '';
|
||||
const loc = `location ~* \\.${extensions.svg}$`;
|
||||
config[loc] = {
|
||||
add_header: 'Access-Control-Allow-Origin "*"',
|
||||
expires: global.performance.svgExpiration.computed,
|
||||
};
|
||||
if (global.logging.accessLog.computed) config[loc].access_log = 'off';
|
||||
}
|
||||
|
||||
if (global.performance.fontsExpiration.computed) {
|
||||
config['# fonts'] = '';
|
||||
const loc = `location ~* \\.${extensions.fonts}$`;
|
||||
config[loc] = {
|
||||
add_header: 'Access-Control-Allow-Origin "*"',
|
||||
expires: global.performance.fontsExpiration.computed,
|
||||
};
|
||||
if (global.logging.accessLog.computed) config[loc].access_log = 'off';
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (global.performance.gzipCompression.computed) {
|
||||
config['# gzip'] = '';
|
||||
config.gzip = 'on';
|
||||
config.gzip_vary = 'on';
|
||||
config.gzip_proxied = 'any';
|
||||
config.gzip_comp_level = 6;
|
||||
config.gzip_types = gzipTypes;
|
||||
}
|
||||
|
||||
if (global.performance.brotliCompression.computed) {
|
||||
config['# brotli'] = '';
|
||||
config.brotli = 'on';
|
||||
config.brotli_comp_level = 6;
|
||||
config.brotli_types = gzipTypes;
|
||||
}
|
||||
|
||||
// Done!
|
||||
return config;
|
||||
};
|
||||
@ -0,0 +1,11 @@
|
||||
export default (domains, global) => {
|
||||
const config = {};
|
||||
|
||||
config['# ACME-challenge'] = '';
|
||||
config['location ^~ /.well-known/acme-challenge/'] = {
|
||||
root: global.https.letsEncryptRoot.computed.replace(/\/+$/, ''),
|
||||
};
|
||||
|
||||
// Done!
|
||||
return config;
|
||||
};
|
||||
@ -0,0 +1,65 @@
|
||||
export default () => {
|
||||
const config = {};
|
||||
|
||||
config['# Magento: setup'] = '';
|
||||
config['location ^~ /setup'] = {
|
||||
root: '$base',
|
||||
|
||||
'# allow index.php': '',
|
||||
'location ~ ^/setup/index.php': {
|
||||
include: 'nginxconfig.io/php_fastcgi.conf',
|
||||
},
|
||||
|
||||
'# deny everything except pub': '',
|
||||
'location ~ ^/setup/(?!pub/).': {
|
||||
deny: 'all',
|
||||
},
|
||||
};
|
||||
|
||||
config['# Magento: update'] = '';
|
||||
config['location ^~ /update'] = {
|
||||
root: '$base',
|
||||
|
||||
'# allow index.php': '',
|
||||
'location ~ ^/update/index.php': {
|
||||
include: 'nginxconfig.io/php_fastcgi.conf',
|
||||
},
|
||||
|
||||
'# deny everything except pub': '',
|
||||
'location ~ ^/update/(?!pub/).': {
|
||||
deny: 'all',
|
||||
},
|
||||
};
|
||||
|
||||
config['# Magento: media files'] = '';
|
||||
config['location ^~ /media/'] = {
|
||||
try_files: '$uri $uri/ /get.php?$args',
|
||||
|
||||
'location ~* .(?:ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$': {
|
||||
expires: '+1y',
|
||||
add_header: 'Cache-Control "public"',
|
||||
try_files: '$uri $uri/ /get.php?$args',
|
||||
},
|
||||
|
||||
'location ~* .(?:zip|gz|gzip|bz2|csv|xml)$': {
|
||||
expires: 'off',
|
||||
add_header: 'Cache-Control "no-store"',
|
||||
try_files: '$uri $uri/ /get.php?$args',
|
||||
},
|
||||
|
||||
'location ~ ^/media/theme_customization/.*.xml': {
|
||||
deny: 'all',
|
||||
},
|
||||
|
||||
'location ~ ^/media/(?:customer|downloadable|import)/': {
|
||||
deny: 'all',
|
||||
},
|
||||
};
|
||||
|
||||
// TODO: static route
|
||||
// TODO: static files
|
||||
// TODO: deny cron
|
||||
|
||||
// Done!
|
||||
return config;
|
||||
};
|
||||
@ -0,0 +1,14 @@
|
||||
export const gzipTypes = 'text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml';
|
||||
|
||||
export const extensions = {
|
||||
assets: 'css(\\.map)?|js(\\.map)?',
|
||||
fonts: 'ttf|ttc|otf|eot|woff2?',
|
||||
svg: 'svgz?',
|
||||
images: 'jpe?g|png|gif|ico|cur|heic|webp|tiff?',
|
||||
audio: 'mp3|m4a|aac|ogg|midi?|wav',
|
||||
video: 'mp4|mov|webm|mpe?g|avi|ogv|flv|wmv',
|
||||
docs: 'pdf|' +
|
||||
'docx?|dotx?|docm|dotm|' +
|
||||
'xlsx?|xltx?|xlsm|xltm|' +
|
||||
'pptx?|potx?|pptm|potm|ppsx?',
|
||||
};
|
||||
Loading…
Reference in new issue