tabbed layout

2025-08-25 04:01:25 +08:00 · 2018-08-19 23:17:07 +02:00
parent 1a74a34576
commit e8825585e0
17 changed files with 759 additions and 568 deletions
--- a/public/templates/conf/nginxconfig.io/drupal.conf.html
+++ b/public/templates/conf/nginxconfig.io/drupal.conf.html
@@ -0,0 +1,20 @@
+# Drupal: deny private files
+location ~ ^/sites/.*/private/ {
+	deny all;
+}
+
+# Drupal: deny php in files
+location ~ ^/sites/[^/]+/files/.*\.php$ {
+	deny all;
+}
+
+# Drupal: deny php in vendor
+location ~ /vendor/.*\.php$ {
+	deny all;
+}<span ng-if="isLimitReq()">
+
+# Drupal: throttle user functions
+location ~ ^/user/(?:login|register|password) {
+	limit_req zone=login burst=2 nodelay;
+	try_files $uri /index.php?$query_string;
+}</span>
--- a/public/templates/conf/nginxconfig.io/general.conf.html
+++ b/public/templates/conf/nginxconfig.io/general.conf.html
@@ -0,0 +1,57 @@
+# security headers
+add_header X-Frame-Options "SAMEORIGIN" always;
+add_header X-XSS-Protection "1; mode=block" always;
+add_header X-Content-Type-Options "nosniff" always;
+add_header Referrer-Policy "{{ data.referrer_policy }}" always;<!--
+
+✔ CSP --><span ng-if="isCSP()">
+add_header Content-Security-Policy "{{ data.content_security_policy }}" always;</span><!--
+
+✔ HSTS--><span ng-if="isHSTS()">
+add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;</span>
+
+# . files
+location ~ /\. {
+	deny all;
+}<span ng-if="data.expires_assets && data.expires_assets !== data.expires_media">
+
+# assets
+location ~* \.(?:{{ extensions.assets }})$ {
+	expires {{ data.expires_assets }};<!--
+
+	✘ accessLog --><span ng-if="isAccessLog()">
+	access_log off;</span>
+}</span><span ng-if="data.expires_media">
+
+# {{ data.expires_assets && data.expires_assets === data.expires_media ? 'assets, ' : '' }}media
+location ~* \.(?:{{ data.expires_assets && data.expires_assets === data.expires_media ? extensions.assets + '|' : '' }}{{ extensions.images }}|{{ extensions.audio }}|{{ extensions.video }})$ {
+	expires {{ data.expires_media }};<!--
+
+	✘ accessLog --><span ng-if="isAccessLog()">
+	access_log off;</span>
+}</span><span ng-if="data.expires_svg && data.expires_svg !== data.expires_fonts">
+
+# svg
+location ~* \.{{ extensions.svg }}$ {
+	add_header Access-Control-Allow-Origin "*";
+	expires {{ data.expires_svg }};<!--
+
+	✘ accessLog --><span ng-if="isAccessLog()">
+	access_log off;</span>
+}</span><span ng-if="data.expires_fonts">
+
+# {{ data.expires_svg && data.expires_svg === data.expires_fonts ? 'svg, ' : '' }}fonts
+location ~* \.(?:{{ data.expires_svg && data.expires_svg === data.expires_fonts ? extensions.svg + '|' : '' }}{{ extensions.fonts }})$ {
+	add_header Access-Control-Allow-Origin "*";
+	expires {{ data.expires_fonts }};<!--
+
+	✘ accessLog --><span ng-if="isAccessLog()">
+	access_log off;</span>
+}</span>
+<span ng-if="isGzip()">
+# gzip
+gzip on;
+gzip_vary on;
+gzip_proxied any;
+gzip_comp_level 6;
+gzip_types {{ gzipTypes }};</span>
--- a/public/templates/conf/nginxconfig.io/letsencrypt.conf.html
+++ b/public/templates/conf/nginxconfig.io/letsencrypt.conf.html
@@ -0,0 +1,4 @@
+# ACME-challenge
+location ^~ /.well-known/acme-challenge/ {
+	root /var/www/_letsencrypt;
+}
--- a/public/templates/conf/nginxconfig.io/php_fastcgi.conf.html
+++ b/public/templates/conf/nginxconfig.io/php_fastcgi.conf.html
@@ -0,0 +1,23 @@
+try_files $uri =404;
+
+# fastcgi
+fastcgi_pass				{{
+	data.php_connection === 'tcp' ? '127.0.0.1:9000' : (
+		data.php_connection === '5.x' ? 'unix:/var/run/php5-fpm.sock' : (
+			'unix:/var/run/php/php' + data.php_connection +'-fpm.sock'
+		)
+	)
+}};
+fastcgi_index				index.php;
+fastcgi_split_path_info		^(.+\.php)(/.+)$;
+fastcgi_param				SCRIPT_FILENAME $document_root$fastcgi_script_name;
+fastcgi_param				PHP_ADMIN_VALUE open_basedir=$base/:/usr/lib/php/:/tmp/;
+fastcgi_intercept_errors	off;
+
+fastcgi_buffer_size				128k;
+fastcgi_buffers					256 16k;
+fastcgi_busy_buffers_size		256k;
+fastcgi_temp_file_write_size	256k;
+
+# default fastcgi_params
+include fastcgi_params;
--- a/public/templates/conf/nginxconfig.io/wordpress.conf.html
+++ b/public/templates/conf/nginxconfig.io/wordpress.conf.html
@@ -0,0 +1,35 @@
+# WordPress: allow TinyMCE
+location = /wp-includes/js/tinymce/wp-tinymce.php {
+	include nginxconfig.io/php_fastcgi.conf;
+}
+
+# WordPress: deny wp-content, wp-includes php files
+location ~* ^/(?:wp-content|wp-includes)/.*\.php$ {
+	deny all;
+}
+
+# WordPress: deny wp-content/uploads nasty stuff
+location ~* ^/wp-content/uploads/.*\.(?:s?html?|php|js|swf)$ {
+	deny all;
+}
+
+# WordPress: deny wp-content/plugins nasty stuff
+location ~* ^/wp-content/plugins/.*\.(?!{{ extensions.assets }}|{{ extensions.fonts }}|{{ extensions.svg }}|{{ extensions.images }}|{{ extensions.audio }}|{{ extensions.video }}|{{ extensions.docs }}) {
+	deny all;
+}
+
+# WordPress: deny scripts and styles concat
+location ~* \/wp-admin\/load-(?:scripts|styles)\.php {
+	deny all;
+}
+
+# WordPress: deny general stuff
+location ~* ^/(?:xmlrpc\.php|wp-links-opml\.php|wp-config\.php|wp-config-sample\.php|wp-comments-post\.php|readme\.html|license\.txt)$ {
+	deny all;
+}<span ng-if="isLimitReq()">
+
+# WordPress: throttle wp-login.php
+location = /wp-login.php {
+	limit_req zone=login burst=2 nodelay;
+	include nginxconfig.io/php_fastcgi.conf;
+}</span>