mirror of
https://github.com/digitalocean/nginxconfig.io.git
synced 2025-08-09 05:38:16 +08:00
cdn support, regex fixes
This commit is contained in:
Szekeres Bálint
@@ -8,31 +8,31 @@ add_header Cache-Control "no-transform" always;
|
||||
# . files
|
||||
location ~ /\.(?!well-known).* {
|
||||
deny all;
|
||||
}<span ng-if="data.expires.css_js !== '' && data.expires.css_js !== data.expires.media">
|
||||
}<span ng-if="data.expires.assets !== '' && data.expires.assets !== data.expires.media">
|
||||
|
||||
# css/js
|
||||
location ~* \.(css|js)$ {
|
||||
expires {{ data.expires.css_js }};<span ng-if="data.access_log !== ''">
|
||||
# assets
|
||||
location ~* \.(?:{{ extensions.assets }})$ {
|
||||
expires {{ data.expires.assets }};<span ng-if="data.access_log !== ''">
|
||||
access_log off;</span>
|
||||
}</span><span ng-if="data.expires.media !== ''">
|
||||
|
||||
# {{ data.expires.css_js !== '' && data.expires.css_js === data.expires.media ? 'css/js, ' : '' }}media
|
||||
location ~* \.({{ data.expires.css_js !== '' && data.expires.css_js === data.expires.media ? 'css|js|' : '' }}jpe?g|gif|png|heic|ico|cur|mp4|mov|ogg|ogv|webm|htc)$ {
|
||||
# {{ data.expires.assets !== '' && data.expires.assets === data.expires.media ? 'assets, ' : '' }}media
|
||||
location ~* \.(?:{{ data.expires.assets !== '' && data.expires.assets === data.expires.media ? extensions.assets + '|' : '' }}{{ extensions.images }}|{{ extensions.audio }}|{{ extensions.video }})$ {
|
||||
expires {{ data.expires.media }};<span ng-if="data.access_log !== ''">
|
||||
access_log off;</span>
|
||||
}</span><span ng-if="data.expires.svg !== '' && data.expires.svg !== data.expires.font">
|
||||
}</span><span ng-if="data.expires.svg !== '' && data.expires.svg !== data.expires.fonts">
|
||||
|
||||
# svg
|
||||
location ~* \.svg$ {
|
||||
location ~* \.{{ extensions.svg }}$ {
|
||||
add_header Access-Control-Allow-Origin "*";
|
||||
expires {{ data.expires.svg }};<span ng-if="data.access_log !== ''">
|
||||
access_log off;</span>
|
||||
}</span><span ng-if="data.expires.font !== ''">
|
||||
}</span><span ng-if="data.expires.fonts !== ''">
|
||||
|
||||
# {{ data.expires.svg !== '' && data.expires.svg === data.expires.font ? 'svg, ' : '' }}fonts
|
||||
location ~* \.({{ data.expires.svg !== '' && data.expires.svg === data.expires.font ? 'svg|' : '' }}ttf|ttc|otf|eot|woff|woff2)$ {
|
||||
# {{ data.expires.svg !== '' && data.expires.svg === data.expires.fonts ? 'svg, ' : '' }}fonts
|
||||
location ~* \.(?:{{ data.expires.svg !== '' && data.expires.svg === data.expires.fonts ? extensions.svg + '|' : '' }}{{ extensions.fonts }})$ {
|
||||
add_header Access-Control-Allow-Origin "*";
|
||||
expires {{ data.expires.font }};<span ng-if="data.access_log !== ''">
|
||||
expires {{ data.expires.fonts }};<span ng-if="data.access_log !== ''">
|
||||
access_log off;</span>
|
||||
}</span>
|
||||
<span ng-if="data.gzip">
|
||||
|
||||
@@ -4,22 +4,22 @@ location = /wp-includes/js/tinymce/wp-tinymce.php {
|
||||
}
|
||||
|
||||
# wp-content, wp-includes php files
|
||||
location ~* ^/(wp-content|wp-includes)/.*\.php$ {
|
||||
location ~* ^/(?:wp-content|wp-includes)/.*\.php$ {
|
||||
deny all;
|
||||
}
|
||||
|
||||
# wp-content/uploads nasty stuff
|
||||
location ~* ^/wp-content/uploads/.*\.(html|htm|shtml|php|js|swf|css)$ {
|
||||
location ~* ^/wp-content/uploads/.*\.(?:s?html?|php|js|swf)$ {
|
||||
deny all;
|
||||
}
|
||||
|
||||
# wp-content/plugins nasty stuff
|
||||
location ~* ^/wp-content/plugins/.*\.(?!jpe?g|gif|png|svg|heic|js|css) {
|
||||
location ~* ^/wp-content/plugins/.*\.(?!{{ extensions.assets }}|{{ extensions.fonts }}|{{ extensions.svg }}|{{ extensions.images }}|{{ extensions.audio }}|{{ extensions.video }}|{{ extensions.docs }}) {
|
||||
deny all;
|
||||
}
|
||||
|
||||
# WordPress stuff
|
||||
location ~* ^/(xmlrpc\.php|wp-config\.php|wp-config-sample\.php|wp-comments-post\.php|readme\.html|license\.txt)$ {
|
||||
location ~* ^/(?:xmlrpc\.php|wp-config\.php|wp-config-sample\.php|wp-comments-post\.php|readme\.html|license\.txt)$ {
|
||||
deny all;
|
||||
}<span ng-if="data.limit_req">
|
||||
|
||||
|
||||
@@ -1,11 +1,12 @@
|
||||
<span ng-if="data.https"># certbot certonly --non-interactive --text --email {{ data.email }} --agree-tos --force-renew --webroot --webroot-path /var/www/_letsencrypt --domain {{ data.domain }} --domain www.{{ data.domain }}
|
||||
<span ng-if="data.https"># certbot certonly --non-interactive --text --email {{ data.email }} --agree-tos --force-renew --webroot --webroot-path /var/www/_letsencrypt --domain {{ data.domain }} --domain www.{{ data.domain }}{{ data.cdn ? ' --domain cdn.' + data.domain : '' }}
|
||||
server {
|
||||
listen 443 ssl{{ data.http2 ? ' http2' : '' }};
|
||||
listen [::]:443 ssl{{ data.http2 ? ' http2' : '' }};
|
||||
|
||||
server_name {{ !data.non_www ? 'www.' : '' }}{{ data.domain }};
|
||||
server_name {{ !data.non_www ? 'www.' : '' }}{{ data.domain }};<span ng-if="data.php !== 'off'">
|
||||
set $base /var/www/{{ data.domain }};
|
||||
root $base/{{ data.document_root }};
|
||||
root $base{{ data.document_root }};</span><span ng-if="data.php === 'off'">
|
||||
root /var/www/{{ data.domain }}{{ data.document_root }};</span>
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/{{ data.domain }}/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/{{ data.domain }}/privkey.pem;
|
||||
@@ -25,9 +26,36 @@ server {
|
||||
<ng-include src="'templates/_letsencrypt.conf.html'" onload="refreshHighlighting()"></ng-include>
|
||||
|
||||
include _ssl.conf;</span>
|
||||
}
|
||||
}<span ng-if="data.cdn">
|
||||
|
||||
# https {{ !data.non_www ? 'domain, ' : '' }}subdomains redirect
|
||||
# CDN
|
||||
server {
|
||||
listen 443 ssl{{ data.http2 ? ' http2' : '' }};
|
||||
listen [::]:443 ssl{{ data.http2 ? ' http2' : '' }};
|
||||
|
||||
server_name cdn.{{ data.domain }};
|
||||
root /var/www/{{ data.domain }}{{ data.document_root }};<span ng-if="data.access_log !== ''">
|
||||
|
||||
access_log off;</span>
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/{{ data.domain }}/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/{{ data.domain }}/privkey.pem;
|
||||
ssl_trusted_certificate /etc/letsencrypt/live/{{ data.domain }}/fullchain.pem;
|
||||
|
||||
include _ssl.conf;
|
||||
|
||||
location ~* \.(?:{{ extensions.assets }}|{{ extensions.fonts }}|{{ extensions.svg }}|{{ extensions.images }}|{{ extensions.audio }}|{{ extensions.video }}|{{ extensions.docs }})$ {
|
||||
add_header Access-Control-Allow-Origin "*";
|
||||
add_header Cache-Control "public";
|
||||
expires 30d;
|
||||
}
|
||||
|
||||
location / {
|
||||
deny all
|
||||
}
|
||||
}</span>
|
||||
|
||||
# HTTPS {{ !data.non_www ? 'domain, ' : '' }}subdomains redirect
|
||||
server {
|
||||
listen 443 ssl{{ data.http2 ? ' http2' : '' }};
|
||||
listen [::]:443 ssl{{ data.http2 ? ' http2' : '' }};
|
||||
@@ -43,10 +71,10 @@ server {
|
||||
return 301 https://{{ !data.non_www ? 'www.' : '' }}{{ data.domain }}$request_uri;
|
||||
}
|
||||
|
||||
# http redirect
|
||||
# HTTP redirect
|
||||
server {
|
||||
listen [::]:80;
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
||||
server_name {{ data.domain }} *.{{ data.domain }};
|
||||
<span ng-if="data.file_structure === 'separated'">
|
||||
@@ -55,12 +83,13 @@ server {
|
||||
|
||||
return 301 https://{{ !data.non_www ? 'www.' : '' }}{{ data.domain }}$request_uri;
|
||||
}</span><span ng-if="!data.https">server {
|
||||
listen [::]:80;
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
||||
server_name {{ !data.non_www ? 'www.' : '' }}{{ data.domain }};
|
||||
server_name {{ !data.non_www ? 'www.' : '' }}{{ data.domain }};<span ng-if="data.php !== 'off'">
|
||||
set $base /var/www/{{ data.domain }};
|
||||
root $base/{{ data.document_root }};
|
||||
root $base{{ data.document_root }};</span><span ng-if="data.php === 'off'">
|
||||
root /var/www/{{ data.domain }}{{ data.document_root }};</span>
|
||||
<span ng-if="data.file_structure === 'separated'">
|
||||
include _general.conf;<span ng-if="data.php !== 'off' && data.wordpress">
|
||||
include _wordpress.conf;</span><span ng-if="data.php !== 'off'">
|
||||
@@ -70,7 +99,28 @@ server {
|
||||
<ng-include src="'templates/_wordpress.conf.html'" onload="refreshHighlighting()"></ng-include></span><span ng-if="data.php !== 'off'">
|
||||
|
||||
<ng-include src="'templates/_php.conf.html'" onload="refreshHighlighting()"></ng-include></span></span>
|
||||
}
|
||||
}<span ng-if="data.cdn">
|
||||
|
||||
# CDN
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
||||
server_name cdn.{{ data.domain }};
|
||||
root /var/www/{{ data.domain }}{{ data.document_root }};<span ng-if="data.access_log !== ''">
|
||||
|
||||
access_log off;</span>
|
||||
|
||||
location ~* \.(?:{{ extensions.assets }}|{{ extensions.fonts }}|{{ extensions.svg }}|{{ extensions.images }}|{{ extensions.audio }}|{{ extensions.video }}|{{ extensions.docs }})$ {
|
||||
add_header Access-Control-Allow-Origin "*";
|
||||
add_header Cache-Control "public";
|
||||
expires 30d;
|
||||
}
|
||||
|
||||
location / {
|
||||
deny all
|
||||
}
|
||||
}</span>
|
||||
|
||||
# {{ !data.non_www ? 'domain, ' : '' }}subdomains redirect
|
||||
server {
|
||||
|
||||
Reference in New Issue
Block a user