Browse Source

adding #20

release/0.1
Björn 4 years ago
parent
commit
a12feebf93
7 changed files with 80 additions and 4 deletions
  1. +16
    -1
      app/Commands/NginxVhostsCommand.php
  2. +6
    -0
      resources/nginx/snippts/deny.conf
  3. +11
    -0
      resources/nginx/snippts/expires.conf
  4. +16
    -0
      resources/nginx/snippts/secure-headers.conf
  5. +15
    -0
      resources/nginx/snippts/ssl-params.conf
  6. +10
    -0
      resources/nginx/templates/flight.blade.php
  7. +6
    -3
      resources/nginx/templates/wordpress.blade.php

+ 16
- 1
app/Commands/NginxVhostsCommand.php View File

@ -108,6 +108,8 @@ class NginxVhostsCommand extends Command
'redirect_www' => true 'redirect_www' => true
]; ];
exec('find /lib/systemd/system/ -name "php[0-9\.]*-fpm.service"', $files);
// create checkbox for ssl // create checkbox for ssl
$checkboxSSL = new CheckboxItem('ssl', function(CliMenu $menu) use (&$configuration) { $checkboxSSL = new CheckboxItem('ssl', function(CliMenu $menu) use (&$configuration) {
$configuration['ssl'] = $menu->getSelectedItem()->getChecked(); $configuration['ssl'] = $menu->getSelectedItem()->getChecked();
@ -152,6 +154,18 @@ class NginxVhostsCommand extends Command
$menu->getSelectedItem()->setText('index: '.$result->fetch()); $menu->getSelectedItem()->setText('index: '.$result->fetch());
$menu->redraw(); $menu->redraw();
}) })
->addLineBreak('-');
foreach($files as $index => $file) {
$file = str_replace('/lib/systemd/system/', '', $file);
$file = str_replace('.service', '', $file);
$builder->addRadioItem($file, function(CliMenu $menu) use (&$configuration) {
$configuration['php_fpm'] = $menu->getSelectedItem()->getText();
});
}
$builder
->addLineBreak('-') ->addLineBreak('-')
// options // options
@ -169,7 +183,8 @@ class NginxVhostsCommand extends Command
$validator = v::key('domain', v::domain(false)) $validator = v::key('domain', v::domain(false))
->key('root', v::directory()) ->key('root', v::directory())
->key('index', v::file());
->key('index', v::file())
->key('php_fpm', v::notEmpty());
try { try {
$validator->assert($data); $validator->assert($data);


+ 6
- 0
resources/nginx/snippts/deny.conf View File

@ -0,0 +1,6 @@
# deny hidden files
location ~ /\. {
access_log off;
log_not_found off;
deny all;
}

+ 11
- 0
resources/nginx/snippts/expires.conf View File

@ -0,0 +1,11 @@
location ~* \.(?:manifest|appcache|html?|xml|json)$ {
access_log off;
log_not_found off;
expires -1;
}
location ~* \.(?:rss|atom)$ {
access_log off;
log_not_found off;
expires 1h;
}

+ 16
- 0
resources/nginx/snippts/secure-headers.conf View File

@ -0,0 +1,16 @@
# X-Frame-Options is an HTTP header that allows sites control over how your site may be framed within an iframe
# https://infosec.mozilla.org/guidelines/web_security#x-frame-options
add_header X-Frame-Options DENY;
# send referrer, but only on requests to the same origin
# https://infosec.mozilla.org/guidelines/web_security#referrer-policy
add_header Referrer-Policy same-origin;
# This header enables the Cross-site scripting (XSS) filter
# https://infosec.mozilla.org/guidelines/web_security#x-xss-protection
add_header X-XSS-Protection "1; mode=block";
# when serving user-supplied content, include a X-Content-Type-Options: nosniff header along with the Content-Type: header,
# to disable content-type sniffing on some browsers.
# https://infosec.mozilla.org/guidelines/web_security#x-content-type-options
add_header X-Content-Type-Options nosniff;

+ 15
- 0
resources/nginx/snippts/ssl-params.conf View File

@ -0,0 +1,15 @@
# from https://cipherli.st/
# and https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA HIGH !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";
ssl_ecdh_curve secp384r1;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
ssl_dhparam /etc/ssl/certs/dhparam.pem;

+ 10
- 0
resources/nginx/templates/flight.blade.php View File

@ -8,4 +8,14 @@
location / { location / {
try_files $uri $uri/ /index.php; try_files $uri $uri/ /index.php;
} }
# php-fpm configuration.
location ~ \.php(/|$) {
fastcgi_split_path_info ^(.+\.php)(.*)$;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $realpath_root;
include /etc/nginx/fastcgi_params;
}
@endsection @endsection

+ 6
- 3
resources/nginx/templates/wordpress.blade.php View File

@ -1,7 +1,7 @@
@extends($ssl ? 'layouts.ssl' : 'layouts.no-ssl') @extends($ssl ? 'layouts.ssl' : 'layouts.no-ssl')
@section('server') @section('server')
root {{ $root }}; root {{ $root }};
index {{ $index }}; index {{ $index }};
@ -21,9 +21,10 @@
access_log off; access_log off;
} }
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
location ~* \.(js|css|png|jpg|jpeg|gif|ico|woff|eot|ttf|svg|mp4|webm)$ {
expires max; expires max;
log_not_found off; log_not_found off;
access_log off;
} }
location ~ /\. { location ~ /\. {
@ -34,10 +35,12 @@
deny all; deny all;
} }
find /lib/systemd/system/ -name 'php[0-9\.]*-fpm.service'php7.2-fpm
# php-fpm configuration. # php-fpm configuration.
location ~ \.php(/|$) { location ~ \.php(/|$) {
fastcgi_split_path_info ^(.+\.php)(.*)$; fastcgi_split_path_info ^(.+\.php)(.*)$;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
fastcgi_pass unix:/var/run/php/{{ $phpFpmVersion }}.sock;
fastcgi_index index.php; fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $realpath_root; fastcgi_param DOCUMENT_ROOT $realpath_root;


Loading…
Cancel
Save