diff options
| author | marvin-borner@live.com | 2018-04-16 21:09:05 +0200 |
|---|---|---|
| committer | marvin-borner@live.com | 2018-04-16 21:09:05 +0200 |
| commit | cf14306c2b3f82a81f8d56669a71633b4d4b5fce (patch) | |
| tree | 86700651aa180026e89a66064b0364b1e4346f3f /main/webserver-configs | |
| parent | 619b01b3615458c4ed78bfaeabb6b1a47cc8ad8b (diff) | |
Main merge to user management system - files are now at /main/public/
Diffstat (limited to 'main/webserver-configs')
| -rwxr-xr-x | main/webserver-configs/htaccess.txt | 185 | ||||
| -rwxr-xr-x | main/webserver-configs/nginx.conf | 127 | ||||
| -rwxr-xr-x | main/webserver-configs/web.config | 92 |
3 files changed, 404 insertions, 0 deletions
diff --git a/main/webserver-configs/htaccess.txt b/main/webserver-configs/htaccess.txt new file mode 100755 index 0000000..8abe84a --- /dev/null +++ b/main/webserver-configs/htaccess.txt @@ -0,0 +1,185 @@ +# Enable this line to temporarily disable the Apache rewrite cache. +#Header set Cache-Control "max-age=0, private, no-store, no-cache, must-revalidate" + +# Tell PHP that we are using Apache +SetEnv SERVER_TYPE Apache + +<IfModule mod_rewrite.c> + + # Tell PHP that the mod_rewrite module is ENABLED. + SetEnv HTTP_MOD_REWRITE On + + RewriteEngine On + + # Uncomment the next two lines to forward all HTTP to HTTPS + #RewriteCond %{HTTPS} !=on + #RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L] + + # Forward all www. to non-www. Remove this rule if you want both available. + RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC] + RewriteRule ^(.*)$ http://%1/$1 [R=301,L] + + # Remove trailing slash from any non-directory path (canonicalization) - GET requests only + RewriteCond %{REQUEST_FILENAME} !-d + RewriteCond %{REQUEST_METHOD} =GET + RewriteCond %{REQUEST_URI} (.+)/$ + RewriteRule ^ %1 [L,R=301] + + # Dynamically rewrite base directory (see http://stackoverflow.com/questions/31062479/301-redirect-urls-that-are-also-being-rewritten) + RewriteCond $0#%{REQUEST_URI} ^([^#]*)#(.*)\1$ + RewriteRule ^.*$ - [E=BASE:%2] + + # Forward any requested URLs that specifically contain index.php (see http://stackoverflow.com/questions/31062479/301-redirect-urls-that-are-also-being-rewritten) + RewriteCond %{THE_REQUEST} /index\.php [NC] + RewriteRule ^index\.php(?:/(.*))?$ %{ENV:BASE}$1 [L,R=301,NC,NE] + + # Send the URI to index.php (Slim routing) + RewriteCond %{REQUEST_FILENAME} !-f + RewriteRule ^ index.php [QSA,L] + +</IfModule> + +# Deny access to any php.ini files +<Files php.ini> + Order allow,deny + Deny from all +</Files> + +# Gzip Compression +<IfModule mod_deflate.c> + # Force compression for mangled headers. + # http://developer.yahoo.com/blogs/ydn/posts/2010/12/pushing-beyond-gzipping + <IfModule mod_setenvif.c> + <IfModule mod_headers.c> + SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding + RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding + </IfModule> + </IfModule> + + # Compress all output labeled with one of the following MIME-types + # (for Apache versions below 2.3.7, you don't need to enable `mod_filter` + # and can remove the `<IfModule mod_filter.c>` and `</IfModule>` lines + # as `AddOutputFilterByType` is still in the core directives). + + <IfModule mod_filter.c> + AddOutputFilterByType DEFLATE application/atom+xml \ + application/javascript \ + application/json \ + application/rss+xml \ + application/vnd.ms-fontobject \ + application/x-font-ttf \ + application/x-web-app-manifest+json \ + application/xhtml+xml \ + application/xml \ + font/opentype \ + image/svg+xml \ + image/x-icon \ + text/css \ + text/html \ + text/plain \ + text/x-component \ + text/xml + </IfModule> + +</IfModule> + +# ---------------------------------------------------------------------- +# | Expires headers - enable this if you want browsers to cache content | +# ---------------------------------------------------------------------- + +# Serve resources with far-future expires headers. +# +# (!) If you don't control versioning with filename-based +# cache busting, you should consider lowering the cache times +# to something like one week. +# +# https://httpd.apache.org/docs/current/mod/mod_expires.html + +#<IfModule mod_expires.c> +# +# ExpiresActive on +# ExpiresDefault "access plus 1 month" +# +# # CSS +# +# ExpiresByType text/css "access plus 1 hour" +# +# +# # Data interchange +# +# ExpiresByType application/atom+xml "access plus 1 hour" +# ExpiresByType application/rdf+xml "access plus 1 hour" +# ExpiresByType application/rss+xml "access plus 1 hour" +# +# ExpiresByType application/json "access plus 0 seconds" +# ExpiresByType application/ld+json "access plus 0 seconds" +# ExpiresByType application/schema+json "access plus 0 seconds" +# ExpiresByType application/vnd.geo+json "access plus 0 seconds" +# ExpiresByType application/xml "access plus 0 seconds" +# ExpiresByType text/xml "access plus 0 seconds" +# +# +# # Favicon (cannot be renamed!) and cursor images +# +# ExpiresByType image/vnd.microsoft.icon "access plus 1 week" +# ExpiresByType image/x-icon "access plus 1 week" +# +# # HTML +# +# ExpiresByType text/html "access plus 0 seconds" +# +# +# # JavaScript +# +# ExpiresByType application/javascript "access plus 1 hour" +# ExpiresByType application/x-javascript "access plus 1 hour" +# ExpiresByType text/javascript "access plus 1 hour" +# +# +# # Manifest files +# +# ExpiresByType application/manifest+json "access plus 1 week" +# ExpiresByType application/x-web-app-manifest+json "access plus 0 seconds" +# ExpiresByType text/cache-manifest "access plus 0 seconds" +# +# +# # Media files +# +# ExpiresByType audio/ogg "access plus 1 month" +# ExpiresByType image/bmp "access plus 1 month" +# ExpiresByType image/gif "access plus 1 month" +# ExpiresByType image/jpeg "access plus 1 month" +# ExpiresByType image/png "access plus 1 month" +# ExpiresByType image/svg+xml "access plus 1 month" +# ExpiresByType image/webp "access plus 1 month" +# ExpiresByType video/mp4 "access plus 1 month" +# ExpiresByType video/ogg "access plus 1 month" +# ExpiresByType video/webm "access plus 1 month" +# +# +# # Web fonts +# +# # Embedded OpenType (EOT) +# ExpiresByType application/vnd.ms-fontobject "access plus 1 month" +# ExpiresByType font/eot "access plus 1 month" +# +# # OpenType +# ExpiresByType font/opentype "access plus 1 month" +# +# # TrueType +# ExpiresByType application/x-font-ttf "access plus 1 month" +# +# # Web Open Font Format (WOFF) 1.0 +# ExpiresByType application/font-woff "access plus 1 month" +# ExpiresByType application/x-font-woff "access plus 1 month" +# ExpiresByType font/woff "access plus 1 month" +# +# # Web Open Font Format (WOFF) 2.0 +# ExpiresByType application/font-woff2 "access plus 1 month" +# +# +# # Other +# +# ExpiresByType text/x-cross-domain-policy "access plus 1 week" +# +#</IfModule> diff --git a/main/webserver-configs/nginx.conf b/main/webserver-configs/nginx.conf new file mode 100755 index 0000000..354c683 --- /dev/null +++ b/main/webserver-configs/nginx.conf @@ -0,0 +1,127 @@ +## UserFrosting sample nginx configuration file. +## See https://learn.userfrosting.com/going-live/vps-production-environment/application-setup#configure-the-webserver-nginx- + +## Redirect HTTP to HTTPS +## Enable this block once you've set up SSL. This will redirect all HTTP requests to HTTPS. +#server { +# listen 80; +# server_name example.com; +# return 301 https://$host$request_uri; +#} + +## Main server configuration +server { + ## Non-SSL configuration. Not recommended for production! + listen 80; + ## Defines the script/file to look for when a request is made to the index of your server name. + index index.php index.html index.htm; + + ## Begin - Server Info + ## Document root directory for your project. Should be set to the directory that contains your index.php. + root /usr/share/nginx/project/public; + server_name example.com; + ## End - Server Info + + ## SSL configuration + ## It is STRONGLY RECOMMENDED that you use SSL for all traffic to your UF site. + ## Otherwise, you are potentially leaking your users' sensitive info, including passwords! + ## See https://letsencrypt.org/ to find out how to get a free, trusted SSL cert for your site. + # + #listen 443 ssl http2; + #listen [::]:443 ssl http2; + ## Certificate paths (example for letsencrypt) + #ssl_certificate /etc/letsencrypt/live/<cert name>/fullchain.pem; + #ssl_certificate_key /etc/letsencrypt/live/<cert name>/privkey.pem; + ## Disable SSLv3(enabled by default since nginx 0.8.19) since it's less secure then TLS http://en.wikipedia.org/wiki/Secure_Sockets_Layer#SSL_3.0 + #ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ## Enable session resumption to enable low latency for repeat visitors. + #ssl_session_cache shared:SSL:50m; + #ssl_session_timeout 5m; + ## Enables server-side protection from BEAST attacks + #ssl_prefer_server_ciphers on; + ## Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits + #ssl_dhparam /etc/nginx/dhparam.pem; # google will tell you how to make this + ## Ciphers chosen for forward secrecy and compatibility + #ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; + ## Enable ocsp stapling (mechanism by which a site can convey certificate revocation information to visitors in a privacy-preserving, scalable manner) + #resolver 8.8.8.8; + #ssl_stapling on; + #ssl_trusted_certificate /etc/letsencrypt/live/<cert name>/fullchain.pem; # same as your ssl_certificate path + ## Config to enable HSTS(HTTP Strict Transport Security) https://developer.mozilla.org/en-US/docs/Security/HTTP_Strict_Transport_Security + #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;"; + ## End - SSL configuration + + access_log /var/log/nginx/access.log; + + add_header X-Frame-Options SAMEORIGIN; + add_header X-Content-Type-Options nosniff; + ## This header enables the Cross-site scripting (XSS) filter built into most recent web browsers. + add_header X-XSS-Protection "1; mode=block"; #optional + + ## Begin - Pagespeed + ## See https://learn.userfrosting.com/going-live/vps-production-environment/additional-recommendations + ## for information on compiling nginx with the Pagespeed module. + #pagespeed on; + #pagespeed FileCachePath /var/ngx_pagespeed_cache; + #pagespeed Disallow "*.svg*"; + ## Add additional filters here + #pagespeed EnableFilters prioritize_critical_css; + ## Ensure requests for pagespeed optimized resources go to the pagespeed + ## handler and no extraneous headers get set. + #location ~ "\.pagespeed\.([a-z]\.)?[a-z]{2}\.[^.]{10}\.[^.]+" { add_header "" ""; } + #location ~ "^/ngx_pagespeed_static/" { } + #location ~ "^/ngx_pagespeed_beacon" { } + ## End - Pagespeed + + ## Begin - Let's Encrypt + ## Allow URLs for certbot acme challenge + location ~ /.well-known { + allow all; + } + ## End - Let's Encrypt + + ## Begin - Handle PHP requests + location ~ \.(php)$ { + # Throw away any requests to execute PHP scripts in other directories + # See http://cnedelcu.blogspot.com/2010/05/nginx-php-via-fastcgi-important.html for why this is needed + location ~ \..*/.*\.php$ { + return 404; + } + # regex to split $uri to $fastcgi_script_name and $fastcgi_path + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_keep_conn on; + # For FPM (PHP 7) + fastcgi_pass unix:/run/php/php7.0-fpm.sock; + # For FPM (PHP 5.x) + #fastcgi_pass unix:/var/run/php5-fpm.sock; + # For traditional PHP FastCGI (php5-cgi or php7.0-cgi) + #fastcgi_pass 127.0.0.1:9000; + # For HHVM + #fastcgi_pass unix:/var/run/hhvm/hhvm.sock; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + } + ## End - Handle PHP requests + + ## Begin - Caching static files + location ~* \.(png|gif|jpg|jpeg|svg|ico|css|js|woff|ttf|otf|woff2|eot)$ { + include /etc/nginx/mime.types; + expires max; + + index index.php; + try_files $uri $uri/ /index.php?$query_string; + } + ## End - Caching static files + + ## Begin - Index + ## for subfolders, simply adjust: + ## `location /subfolder {` + ## and the rewrite to use `/subfolder/index.php` + location / { + include /etc/nginx/mime.types; + index index.php; + try_files $uri $uri/ /index.php?$query_string; + } + ## End - Index +} diff --git a/main/webserver-configs/web.config b/main/webserver-configs/web.config new file mode 100755 index 0000000..96b3a00 --- /dev/null +++ b/main/webserver-configs/web.config @@ -0,0 +1,92 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- Unlike apache and *ngix, IIS will likely require additional configuration that cannot be safely defined, or defined at all in a web.config file. + If odd behaviour occurs: + 1. Ensure web.config settings are being applied, as IIS can be configured to ignore specific web.config settings. + 2. If there is an IIS error page, try the suggested solutions. + 3. See if anyone on the web has encountered the same issue, and try the suggested solutions. + 4. And as a last resort, ask in the UserFrosting chat support channel. http://chat.userfrosting.com --> +<configuration> + <system.webServer> + <!-- Most default installs of PHP in IIS only accept GET and POST HTTP verbs. + If using the account functionality of UserFrosting, additional HTTP verbs will need to be added to the PHP handler. + Specifically, PUT and DELETE are required. + Sample PHP handler definition follows. + <handlers> + <add name="PHP_via_FastCGI" path="*.php" verb="GET,POST,PUT,DELETE" modules="FastCgiModule" scriptProcessor="path/to/php/directory/php-cgi.exe" resourceType="Either" /> + </handlers>--> + <rewrite> + <!-- Rules to clean url, and ensure requests are handled by PHP when appropriate. --> + <rules> + <!-- Clear any inherited rules --> + <clear /> + <!-- Dynamically rewrite base directory to remove index.php from url. --> + <rule name="Remove .../index.php/... from url"> + <match url="^index\.php/(.*)$" /> + <action type="Redirect" redirectType="Permanent" url="{R:1}" /> + </rule> + <!-- Remove trailing slash from any non-directory path (canonicalization) - GET requests only. --> + <rule name="Remove trailing slash"> + <match url="(.*)/$" /> + <conditions> + <add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" /> + </conditions> + <action type="Redirect" redirectType="Permanent" url="{R:1}" /> + </rule> + <!-- Send the URI to index.php (Slim routing) if url maps to neither a directory, or file. --> + <rule name="Rewrite to index.php" stopProcessing="true"> + <match url=".*" /> + <conditions> + <add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" /> + <add input="{REQUEST_FILEDIR}" matchType="IsDirectory" negate="true" /> + </conditions> + <action type="Rewrite" url="index.php" /> + </rule> + </rules> + </rewrite> + <!-- Set index.php as default document, and clear inherited defaults. --> + <defaultDocument enabled="true"> + <files> + <clear /> + <add value="index.php" /> + </files> + </defaultDocument> + <!-- Whitelist specific static file types --> + <staticContent> + <!-- Clear inherited rules --> + <clear /> + <!-- Set content expiration time (31 days for every static file listed) --> + <!--<clientCache cacheControlMode="UseMaxAge" cacheControlMaxAge="31.00:00:00" />--> + <!-- Atom feeds --> + <mimeMap fileExtension=".atom" mimeType="application/atom+xml" /> + <mimeMap fileExtension=".xml" mimeType="application/atom+xml, application/rss+xml, application/xhtml+xml, application/xml, text/xml" /> + <!-- JS --> + <mimeMap fileExtension=".js" mimeType="application/js" /> + <!-- JSON --> + <mimeMap fileExtension=".json" mimeType="application/json" /> + <!-- EOT font --> + <mimeMap fileExtension=".eot" mimeType="application/vnd.ms-fontobject" /> + <!-- TTF fonts --> + <mimeMap fileExtension=".ttf" mimeType="application/x-font-ttf" /> + <!-- Web App Manifest --> + <mimeMap fileExtension=".webapp" mimeType="application/x-web-app-manifest+json" /> + <!-- XHTML --> + <mimeMap fileExtension=".xhtml" mimeType="application/xhtml+xml" /> + <mimeMap fileExtension=".xht" mimeType="application/xhtml+xml" /> + <mimeMap fileExtension=".html" mimeType="application/xhtml+xml" /> + <mimeMap fileExtension=".htm" mimeType="application/xhtml+xml" /> + <!-- Images --> + <mimeMap fileExtension=".svg" mimeType="image/svg+xml" /> + <mimeMap fileExtension=".png" mimeType="image/png" /> + <mimeMap fileExtension=".ico" mimeType="image/x-icon" /> + <!-- WOFF/2 fonts --> + <mimeMap fileExtension=".woff" mimeType="application/x-font-woff" /> + <mimeMap fileExtension=".woff2" mimeType="font/woff2" /> + <!-- CSS --> + <mimeMap fileExtension=".css" mimeType="text/css" /> + <!-- Plain text --> + <mimeMap fileExtension=".txt" mimeType="text/plain" /> + <!-- HTML Component --> + <mimeMap fileExtension=".htc" mimeType="text/x-component" /> + </staticContent> + </system.webServer> +</configuration>
\ No newline at end of file |