From 7958b495c94ee3213c3ecf32d71e17015546ba4f Mon Sep 17 00:00:00 2001 From: Phinitnan Chanasabaeng Date: Wed, 18 Jul 2018 10:40:35 +0700 Subject: [PATCH 01/62] Updated and Fixed error on updating Letsencrypt cert with NGINX's drupal template. --- .../templates/web/nginx/php5-fpm/drupal6.stpl | 52 +++++++--------- .../templates/web/nginx/php5-fpm/drupal6.tpl | 49 +++++++-------- .../templates/web/nginx/php5-fpm/drupal7.stpl | 58 ++++++++---------- .../templates/web/nginx/php5-fpm/drupal7.tpl | 59 ++++++++---------- .../templates/web/nginx/php5-fpm/drupal8.stpl | 59 ++++++++---------- .../templates/web/nginx/php5-fpm/drupal8.tpl | 60 ++++++++----------- .../templates/web/nginx/php5-fpm/drupal6.stpl | 52 +++++++--------- .../templates/web/nginx/php5-fpm/drupal6.tpl | 49 +++++++-------- .../templates/web/nginx/php5-fpm/drupal7.stpl | 58 ++++++++---------- .../templates/web/nginx/php5-fpm/drupal7.tpl | 59 ++++++++---------- .../templates/web/nginx/php5-fpm/drupal8.stpl | 59 ++++++++---------- .../templates/web/nginx/php5-fpm/drupal8.tpl | 60 ++++++++----------- .../templates/web/nginx/php-fpm/drupal6.stpl | 52 +++++++--------- .../9/templates/web/nginx/php-fpm/drupal6.tpl | 49 +++++++-------- .../templates/web/nginx/php-fpm/drupal7.stpl | 58 ++++++++---------- .../9/templates/web/nginx/php-fpm/drupal7.tpl | 59 ++++++++---------- .../templates/web/nginx/php-fpm/drupal8.stpl | 59 ++++++++---------- .../9/templates/web/nginx/php-fpm/drupal8.tpl | 60 ++++++++----------- .../templates/web/nginx/php-fpm/drupal6.stpl | 52 +++++++--------- .../5/templates/web/nginx/php-fpm/drupal6.tpl | 49 +++++++-------- .../templates/web/nginx/php-fpm/drupal7.stpl | 58 ++++++++---------- .../5/templates/web/nginx/php-fpm/drupal7.tpl | 59 ++++++++---------- .../templates/web/nginx/php-fpm/drupal8.stpl | 59 ++++++++---------- .../5/templates/web/nginx/php-fpm/drupal8.tpl | 60 ++++++++----------- .../templates/web/nginx/php-fpm/drupal6.stpl | 52 +++++++--------- .../6/templates/web/nginx/php-fpm/drupal6.tpl | 49 +++++++-------- .../templates/web/nginx/php-fpm/drupal7.stpl | 58 ++++++++---------- .../6/templates/web/nginx/php-fpm/drupal7.tpl | 59 ++++++++---------- .../templates/web/nginx/php-fpm/drupal8.stpl | 59 ++++++++---------- .../6/templates/web/nginx/php-fpm/drupal8.tpl | 60 ++++++++----------- .../templates/web/nginx/php-fpm/drupal6.stpl | 52 +++++++--------- .../7/templates/web/nginx/php-fpm/drupal6.tpl | 49 +++++++-------- .../templates/web/nginx/php-fpm/drupal7.stpl | 58 ++++++++---------- .../7/templates/web/nginx/php-fpm/drupal7.tpl | 59 ++++++++---------- .../templates/web/nginx/php-fpm/drupal8.stpl | 59 ++++++++---------- .../7/templates/web/nginx/php-fpm/drupal8.tpl | 60 ++++++++----------- .../templates/web/nginx/php-fpm/drupal6.stpl | 52 +++++++--------- .../templates/web/nginx/php-fpm/drupal6.tpl | 49 +++++++-------- .../templates/web/nginx/php-fpm/drupal7.stpl | 58 ++++++++---------- .../templates/web/nginx/php-fpm/drupal7.tpl | 59 ++++++++---------- .../templates/web/nginx/php-fpm/drupal8.stpl | 59 ++++++++---------- .../templates/web/nginx/php-fpm/drupal8.tpl | 60 ++++++++----------- .../templates/web/nginx/php-fpm/drupal6.stpl | 52 +++++++--------- .../templates/web/nginx/php-fpm/drupal6.tpl | 49 +++++++-------- .../templates/web/nginx/php-fpm/drupal7.stpl | 58 ++++++++---------- .../templates/web/nginx/php-fpm/drupal7.tpl | 59 ++++++++---------- .../templates/web/nginx/php-fpm/drupal8.stpl | 59 ++++++++---------- .../templates/web/nginx/php-fpm/drupal8.tpl | 60 ++++++++----------- .../templates/web/nginx/php-fpm/drupal6.stpl | 52 +++++++--------- .../templates/web/nginx/php-fpm/drupal6.tpl | 49 +++++++-------- .../templates/web/nginx/php-fpm/drupal7.stpl | 58 ++++++++---------- .../templates/web/nginx/php-fpm/drupal7.tpl | 59 ++++++++---------- .../templates/web/nginx/php-fpm/drupal8.stpl | 59 ++++++++---------- .../templates/web/nginx/php-fpm/drupal8.tpl | 60 ++++++++----------- .../templates/web/nginx/php-fpm/drupal6.stpl | 52 +++++++--------- .../templates/web/nginx/php-fpm/drupal6.tpl | 49 +++++++-------- .../templates/web/nginx/php-fpm/drupal7.stpl | 58 ++++++++---------- .../templates/web/nginx/php-fpm/drupal7.tpl | 59 ++++++++---------- .../templates/web/nginx/php-fpm/drupal8.stpl | 59 ++++++++---------- .../templates/web/nginx/php-fpm/drupal8.tpl | 60 ++++++++----------- .../templates/web/nginx/php-fpm/drupal6.stpl | 52 +++++++--------- .../templates/web/nginx/php-fpm/drupal6.tpl | 49 +++++++-------- .../templates/web/nginx/php-fpm/drupal7.stpl | 58 ++++++++---------- .../templates/web/nginx/php-fpm/drupal7.tpl | 59 ++++++++---------- .../templates/web/nginx/php-fpm/drupal8.stpl | 59 ++++++++---------- .../templates/web/nginx/php-fpm/drupal8.tpl | 60 ++++++++----------- .../templates/web/nginx/php-fpm/drupal6.stpl | 52 +++++++--------- .../templates/web/nginx/php-fpm/drupal6.tpl | 49 +++++++-------- .../templates/web/nginx/php-fpm/drupal7.stpl | 58 ++++++++---------- .../templates/web/nginx/php-fpm/drupal7.tpl | 59 ++++++++---------- .../templates/web/nginx/php-fpm/drupal8.stpl | 59 ++++++++---------- .../templates/web/nginx/php-fpm/drupal8.tpl | 60 ++++++++----------- .../templates/web/nginx/php-fpm/drupal6.stpl | 52 +++++++--------- .../templates/web/nginx/php-fpm/drupal6.tpl | 49 +++++++-------- .../templates/web/nginx/php-fpm/drupal7.stpl | 58 ++++++++---------- .../templates/web/nginx/php-fpm/drupal7.tpl | 59 ++++++++---------- .../templates/web/nginx/php-fpm/drupal8.stpl | 59 ++++++++---------- .../templates/web/nginx/php-fpm/drupal8.tpl | 60 ++++++++----------- .../templates/web/nginx/php-fpm/drupal6.stpl | 52 +++++++--------- .../templates/web/nginx/php-fpm/drupal6.tpl | 49 +++++++-------- .../templates/web/nginx/php-fpm/drupal7.stpl | 58 ++++++++---------- .../templates/web/nginx/php-fpm/drupal7.tpl | 59 ++++++++---------- .../templates/web/nginx/php-fpm/drupal8.stpl | 59 ++++++++---------- .../templates/web/nginx/php-fpm/drupal8.tpl | 60 ++++++++----------- .../templates/web/nginx/php-fpm/drupal6.stpl | 52 +++++++--------- .../templates/web/nginx/php-fpm/drupal6.tpl | 49 +++++++-------- .../templates/web/nginx/php-fpm/drupal7.stpl | 58 ++++++++---------- .../templates/web/nginx/php-fpm/drupal7.tpl | 59 ++++++++---------- .../templates/web/nginx/php-fpm/drupal8.stpl | 59 ++++++++---------- .../templates/web/nginx/php-fpm/drupal8.tpl | 60 ++++++++----------- .../templates/web/nginx/php-fpm/drupal6.stpl | 52 +++++++--------- .../templates/web/nginx/php-fpm/drupal6.tpl | 49 +++++++-------- .../templates/web/nginx/php-fpm/drupal7.stpl | 58 ++++++++---------- .../templates/web/nginx/php-fpm/drupal7.tpl | 59 ++++++++---------- .../templates/web/nginx/php-fpm/drupal8.stpl | 59 ++++++++---------- .../templates/web/nginx/php-fpm/drupal8.tpl | 60 ++++++++----------- .../templates/web/nginx/php-fpm/drupal6.stpl | 52 +++++++--------- .../templates/web/nginx/php-fpm/drupal6.tpl | 49 +++++++-------- .../templates/web/nginx/php-fpm/drupal7.stpl | 58 ++++++++---------- .../templates/web/nginx/php-fpm/drupal7.tpl | 59 ++++++++---------- .../templates/web/nginx/php-fpm/drupal8.stpl | 59 ++++++++---------- .../templates/web/nginx/php-fpm/drupal8.tpl | 60 ++++++++----------- .../templates/web/nginx/php-fpm/drupal6.stpl | 52 +++++++--------- .../templates/web/nginx/php-fpm/drupal6.tpl | 49 +++++++-------- .../templates/web/nginx/php-fpm/drupal7.stpl | 58 ++++++++---------- .../templates/web/nginx/php-fpm/drupal7.tpl | 59 ++++++++---------- .../templates/web/nginx/php-fpm/drupal8.stpl | 59 ++++++++---------- .../templates/web/nginx/php-fpm/drupal8.tpl | 60 ++++++++----------- .../templates/web/nginx/php-fpm/drupal6.stpl | 52 +++++++--------- .../templates/web/nginx/php-fpm/drupal6.tpl | 49 +++++++-------- .../templates/web/nginx/php-fpm/drupal7.stpl | 58 ++++++++---------- .../templates/web/nginx/php-fpm/drupal7.tpl | 59 ++++++++---------- .../templates/web/nginx/php-fpm/drupal8.stpl | 59 ++++++++---------- .../templates/web/nginx/php-fpm/drupal8.tpl | 60 ++++++++----------- 114 files changed, 2812 insertions(+), 3591 deletions(-) diff --git a/install/debian/7/templates/web/nginx/php5-fpm/drupal6.stpl b/install/debian/7/templates/web/nginx/php5-fpm/drupal6.stpl index 91a70936..0af7ce84 100644 --- a/install/debian/7/templates/web/nginx/php5-fpm/drupal6.stpl +++ b/install/debian/7/templates/web/nginx/php5-fpm/drupal6.stpl @@ -31,48 +31,42 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } } location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } - location ~ ^/sites/.*/files/styles/ { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; } error_page 403 /error/404.html; diff --git a/install/debian/7/templates/web/nginx/php5-fpm/drupal6.tpl b/install/debian/7/templates/web/nginx/php5-fpm/drupal6.tpl index ac32dcd9..d1096bff 100644 --- a/install/debian/7/templates/web/nginx/php5-fpm/drupal6.tpl +++ b/install/debian/7/templates/web/nginx/php5-fpm/drupal6.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,48 +27,42 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } location / { try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } } location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } - location ~ ^/sites/.*/files/styles/ { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; } error_page 403 /error/404.html; diff --git a/install/debian/7/templates/web/nginx/php5-fpm/drupal7.stpl b/install/debian/7/templates/web/nginx/php5-fpm/drupal7.stpl index 3b9dabf5..030ea952 100644 --- a/install/debian/7/templates/web/nginx/php5-fpm/drupal7.stpl +++ b/install/debian/7/templates/web/nginx/php5-fpm/drupal7.stpl @@ -31,50 +31,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/debian/7/templates/web/nginx/php5-fpm/drupal7.tpl b/install/debian/7/templates/web/nginx/php5-fpm/drupal7.tpl index 1b979475..c9729795 100644 --- a/install/debian/7/templates/web/nginx/php5-fpm/drupal7.tpl +++ b/install/debian/7/templates/web/nginx/php5-fpm/drupal7.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,50 +27,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } - + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/debian/7/templates/web/nginx/php5-fpm/drupal8.stpl b/install/debian/7/templates/web/nginx/php5-fpm/drupal8.stpl index 50d85b68..030ea952 100644 --- a/install/debian/7/templates/web/nginx/php5-fpm/drupal8.stpl +++ b/install/debian/7/templates/web/nginx/php5-fpm/drupal8.stpl @@ -31,51 +31,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$)|^/update.php { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/debian/7/templates/web/nginx/php5-fpm/drupal8.tpl b/install/debian/7/templates/web/nginx/php5-fpm/drupal8.tpl index 71b538bf..c9729795 100644 --- a/install/debian/7/templates/web/nginx/php5-fpm/drupal8.tpl +++ b/install/debian/7/templates/web/nginx/php5-fpm/drupal8.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,51 +27,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } - + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$)|^/update.php { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/debian/8/templates/web/nginx/php5-fpm/drupal6.stpl b/install/debian/8/templates/web/nginx/php5-fpm/drupal6.stpl index 91a70936..0af7ce84 100644 --- a/install/debian/8/templates/web/nginx/php5-fpm/drupal6.stpl +++ b/install/debian/8/templates/web/nginx/php5-fpm/drupal6.stpl @@ -31,48 +31,42 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } } location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } - location ~ ^/sites/.*/files/styles/ { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; } error_page 403 /error/404.html; diff --git a/install/debian/8/templates/web/nginx/php5-fpm/drupal6.tpl b/install/debian/8/templates/web/nginx/php5-fpm/drupal6.tpl index ac32dcd9..d1096bff 100644 --- a/install/debian/8/templates/web/nginx/php5-fpm/drupal6.tpl +++ b/install/debian/8/templates/web/nginx/php5-fpm/drupal6.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,48 +27,42 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } location / { try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } } location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } - location ~ ^/sites/.*/files/styles/ { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; } error_page 403 /error/404.html; diff --git a/install/debian/8/templates/web/nginx/php5-fpm/drupal7.stpl b/install/debian/8/templates/web/nginx/php5-fpm/drupal7.stpl index 3b9dabf5..030ea952 100644 --- a/install/debian/8/templates/web/nginx/php5-fpm/drupal7.stpl +++ b/install/debian/8/templates/web/nginx/php5-fpm/drupal7.stpl @@ -31,50 +31,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/debian/8/templates/web/nginx/php5-fpm/drupal7.tpl b/install/debian/8/templates/web/nginx/php5-fpm/drupal7.tpl index 1b979475..c9729795 100644 --- a/install/debian/8/templates/web/nginx/php5-fpm/drupal7.tpl +++ b/install/debian/8/templates/web/nginx/php5-fpm/drupal7.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,50 +27,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } - + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/debian/8/templates/web/nginx/php5-fpm/drupal8.stpl b/install/debian/8/templates/web/nginx/php5-fpm/drupal8.stpl index 50d85b68..030ea952 100644 --- a/install/debian/8/templates/web/nginx/php5-fpm/drupal8.stpl +++ b/install/debian/8/templates/web/nginx/php5-fpm/drupal8.stpl @@ -31,51 +31,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$)|^/update.php { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/debian/8/templates/web/nginx/php5-fpm/drupal8.tpl b/install/debian/8/templates/web/nginx/php5-fpm/drupal8.tpl index 71b538bf..c9729795 100644 --- a/install/debian/8/templates/web/nginx/php5-fpm/drupal8.tpl +++ b/install/debian/8/templates/web/nginx/php5-fpm/drupal8.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,51 +27,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } - + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$)|^/update.php { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/debian/9/templates/web/nginx/php-fpm/drupal6.stpl b/install/debian/9/templates/web/nginx/php-fpm/drupal6.stpl index 91a70936..0af7ce84 100644 --- a/install/debian/9/templates/web/nginx/php-fpm/drupal6.stpl +++ b/install/debian/9/templates/web/nginx/php-fpm/drupal6.stpl @@ -31,48 +31,42 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } } location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } - location ~ ^/sites/.*/files/styles/ { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; } error_page 403 /error/404.html; diff --git a/install/debian/9/templates/web/nginx/php-fpm/drupal6.tpl b/install/debian/9/templates/web/nginx/php-fpm/drupal6.tpl index ac32dcd9..d1096bff 100644 --- a/install/debian/9/templates/web/nginx/php-fpm/drupal6.tpl +++ b/install/debian/9/templates/web/nginx/php-fpm/drupal6.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,48 +27,42 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } location / { try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } } location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } - location ~ ^/sites/.*/files/styles/ { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; } error_page 403 /error/404.html; diff --git a/install/debian/9/templates/web/nginx/php-fpm/drupal7.stpl b/install/debian/9/templates/web/nginx/php-fpm/drupal7.stpl index 3b9dabf5..030ea952 100644 --- a/install/debian/9/templates/web/nginx/php-fpm/drupal7.stpl +++ b/install/debian/9/templates/web/nginx/php-fpm/drupal7.stpl @@ -31,50 +31,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/debian/9/templates/web/nginx/php-fpm/drupal7.tpl b/install/debian/9/templates/web/nginx/php-fpm/drupal7.tpl index 1b979475..c9729795 100644 --- a/install/debian/9/templates/web/nginx/php-fpm/drupal7.tpl +++ b/install/debian/9/templates/web/nginx/php-fpm/drupal7.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,50 +27,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } - + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/debian/9/templates/web/nginx/php-fpm/drupal8.stpl b/install/debian/9/templates/web/nginx/php-fpm/drupal8.stpl index 50d85b68..030ea952 100644 --- a/install/debian/9/templates/web/nginx/php-fpm/drupal8.stpl +++ b/install/debian/9/templates/web/nginx/php-fpm/drupal8.stpl @@ -31,51 +31,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$)|^/update.php { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/debian/9/templates/web/nginx/php-fpm/drupal8.tpl b/install/debian/9/templates/web/nginx/php-fpm/drupal8.tpl index 71b538bf..c9729795 100644 --- a/install/debian/9/templates/web/nginx/php-fpm/drupal8.tpl +++ b/install/debian/9/templates/web/nginx/php-fpm/drupal8.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,51 +27,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } - + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$)|^/update.php { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/rhel/5/templates/web/nginx/php-fpm/drupal6.stpl b/install/rhel/5/templates/web/nginx/php-fpm/drupal6.stpl index 91a70936..0af7ce84 100644 --- a/install/rhel/5/templates/web/nginx/php-fpm/drupal6.stpl +++ b/install/rhel/5/templates/web/nginx/php-fpm/drupal6.stpl @@ -31,48 +31,42 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } } location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } - location ~ ^/sites/.*/files/styles/ { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; } error_page 403 /error/404.html; diff --git a/install/rhel/5/templates/web/nginx/php-fpm/drupal6.tpl b/install/rhel/5/templates/web/nginx/php-fpm/drupal6.tpl index ac32dcd9..d1096bff 100644 --- a/install/rhel/5/templates/web/nginx/php-fpm/drupal6.tpl +++ b/install/rhel/5/templates/web/nginx/php-fpm/drupal6.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,48 +27,42 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } location / { try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } } location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } - location ~ ^/sites/.*/files/styles/ { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; } error_page 403 /error/404.html; diff --git a/install/rhel/5/templates/web/nginx/php-fpm/drupal7.stpl b/install/rhel/5/templates/web/nginx/php-fpm/drupal7.stpl index 3b9dabf5..030ea952 100644 --- a/install/rhel/5/templates/web/nginx/php-fpm/drupal7.stpl +++ b/install/rhel/5/templates/web/nginx/php-fpm/drupal7.stpl @@ -31,50 +31,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/rhel/5/templates/web/nginx/php-fpm/drupal7.tpl b/install/rhel/5/templates/web/nginx/php-fpm/drupal7.tpl index 1b979475..c9729795 100644 --- a/install/rhel/5/templates/web/nginx/php-fpm/drupal7.tpl +++ b/install/rhel/5/templates/web/nginx/php-fpm/drupal7.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,50 +27,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } - + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/rhel/5/templates/web/nginx/php-fpm/drupal8.stpl b/install/rhel/5/templates/web/nginx/php-fpm/drupal8.stpl index 50d85b68..030ea952 100644 --- a/install/rhel/5/templates/web/nginx/php-fpm/drupal8.stpl +++ b/install/rhel/5/templates/web/nginx/php-fpm/drupal8.stpl @@ -31,51 +31,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$)|^/update.php { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/rhel/5/templates/web/nginx/php-fpm/drupal8.tpl b/install/rhel/5/templates/web/nginx/php-fpm/drupal8.tpl index 71b538bf..c9729795 100644 --- a/install/rhel/5/templates/web/nginx/php-fpm/drupal8.tpl +++ b/install/rhel/5/templates/web/nginx/php-fpm/drupal8.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,51 +27,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } - + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$)|^/update.php { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/rhel/6/templates/web/nginx/php-fpm/drupal6.stpl b/install/rhel/6/templates/web/nginx/php-fpm/drupal6.stpl index 91a70936..0af7ce84 100644 --- a/install/rhel/6/templates/web/nginx/php-fpm/drupal6.stpl +++ b/install/rhel/6/templates/web/nginx/php-fpm/drupal6.stpl @@ -31,48 +31,42 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } } location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } - location ~ ^/sites/.*/files/styles/ { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; } error_page 403 /error/404.html; diff --git a/install/rhel/6/templates/web/nginx/php-fpm/drupal6.tpl b/install/rhel/6/templates/web/nginx/php-fpm/drupal6.tpl index ac32dcd9..d1096bff 100644 --- a/install/rhel/6/templates/web/nginx/php-fpm/drupal6.tpl +++ b/install/rhel/6/templates/web/nginx/php-fpm/drupal6.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,48 +27,42 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } location / { try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } } location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } - location ~ ^/sites/.*/files/styles/ { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; } error_page 403 /error/404.html; diff --git a/install/rhel/6/templates/web/nginx/php-fpm/drupal7.stpl b/install/rhel/6/templates/web/nginx/php-fpm/drupal7.stpl index 3b9dabf5..030ea952 100644 --- a/install/rhel/6/templates/web/nginx/php-fpm/drupal7.stpl +++ b/install/rhel/6/templates/web/nginx/php-fpm/drupal7.stpl @@ -31,50 +31,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/rhel/6/templates/web/nginx/php-fpm/drupal7.tpl b/install/rhel/6/templates/web/nginx/php-fpm/drupal7.tpl index 1b979475..c9729795 100644 --- a/install/rhel/6/templates/web/nginx/php-fpm/drupal7.tpl +++ b/install/rhel/6/templates/web/nginx/php-fpm/drupal7.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,50 +27,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } - + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/rhel/6/templates/web/nginx/php-fpm/drupal8.stpl b/install/rhel/6/templates/web/nginx/php-fpm/drupal8.stpl index 50d85b68..030ea952 100644 --- a/install/rhel/6/templates/web/nginx/php-fpm/drupal8.stpl +++ b/install/rhel/6/templates/web/nginx/php-fpm/drupal8.stpl @@ -31,51 +31,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$)|^/update.php { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/rhel/6/templates/web/nginx/php-fpm/drupal8.tpl b/install/rhel/6/templates/web/nginx/php-fpm/drupal8.tpl index 71b538bf..c9729795 100644 --- a/install/rhel/6/templates/web/nginx/php-fpm/drupal8.tpl +++ b/install/rhel/6/templates/web/nginx/php-fpm/drupal8.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,51 +27,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } - + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$)|^/update.php { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/rhel/7/templates/web/nginx/php-fpm/drupal6.stpl b/install/rhel/7/templates/web/nginx/php-fpm/drupal6.stpl index 91a70936..0af7ce84 100644 --- a/install/rhel/7/templates/web/nginx/php-fpm/drupal6.stpl +++ b/install/rhel/7/templates/web/nginx/php-fpm/drupal6.stpl @@ -31,48 +31,42 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } } location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } - location ~ ^/sites/.*/files/styles/ { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; } error_page 403 /error/404.html; diff --git a/install/rhel/7/templates/web/nginx/php-fpm/drupal6.tpl b/install/rhel/7/templates/web/nginx/php-fpm/drupal6.tpl index ac32dcd9..d1096bff 100644 --- a/install/rhel/7/templates/web/nginx/php-fpm/drupal6.tpl +++ b/install/rhel/7/templates/web/nginx/php-fpm/drupal6.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,48 +27,42 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } location / { try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } } location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } - location ~ ^/sites/.*/files/styles/ { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; } error_page 403 /error/404.html; diff --git a/install/rhel/7/templates/web/nginx/php-fpm/drupal7.stpl b/install/rhel/7/templates/web/nginx/php-fpm/drupal7.stpl index 3b9dabf5..030ea952 100644 --- a/install/rhel/7/templates/web/nginx/php-fpm/drupal7.stpl +++ b/install/rhel/7/templates/web/nginx/php-fpm/drupal7.stpl @@ -31,50 +31,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/rhel/7/templates/web/nginx/php-fpm/drupal7.tpl b/install/rhel/7/templates/web/nginx/php-fpm/drupal7.tpl index 1b979475..c9729795 100644 --- a/install/rhel/7/templates/web/nginx/php-fpm/drupal7.tpl +++ b/install/rhel/7/templates/web/nginx/php-fpm/drupal7.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,50 +27,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } - + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/rhel/7/templates/web/nginx/php-fpm/drupal8.stpl b/install/rhel/7/templates/web/nginx/php-fpm/drupal8.stpl index 50d85b68..030ea952 100644 --- a/install/rhel/7/templates/web/nginx/php-fpm/drupal8.stpl +++ b/install/rhel/7/templates/web/nginx/php-fpm/drupal8.stpl @@ -31,51 +31,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$)|^/update.php { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/rhel/7/templates/web/nginx/php-fpm/drupal8.tpl b/install/rhel/7/templates/web/nginx/php-fpm/drupal8.tpl index 71b538bf..c9729795 100644 --- a/install/rhel/7/templates/web/nginx/php-fpm/drupal8.tpl +++ b/install/rhel/7/templates/web/nginx/php-fpm/drupal8.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,51 +27,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } - + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$)|^/update.php { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal6.stpl b/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal6.stpl index 91a70936..0af7ce84 100644 --- a/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal6.stpl +++ b/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal6.stpl @@ -31,48 +31,42 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } } location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } - location ~ ^/sites/.*/files/styles/ { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; } error_page 403 /error/404.html; diff --git a/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal6.tpl b/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal6.tpl index ac32dcd9..d1096bff 100644 --- a/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal6.tpl +++ b/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal6.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,48 +27,42 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } location / { try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } } location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } - location ~ ^/sites/.*/files/styles/ { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; } error_page 403 /error/404.html; diff --git a/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal7.stpl b/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal7.stpl index 3b9dabf5..030ea952 100644 --- a/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal7.stpl +++ b/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal7.stpl @@ -31,50 +31,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal7.tpl b/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal7.tpl index 1b979475..c9729795 100644 --- a/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal7.tpl +++ b/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal7.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,50 +27,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } - + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal8.stpl b/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal8.stpl index 50d85b68..030ea952 100644 --- a/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal8.stpl +++ b/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal8.stpl @@ -31,51 +31,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$)|^/update.php { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal8.tpl b/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal8.tpl index 71b538bf..c9729795 100644 --- a/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal8.tpl +++ b/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal8.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,51 +27,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } - + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$)|^/update.php { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal6.stpl b/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal6.stpl index 91a70936..0af7ce84 100644 --- a/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal6.stpl +++ b/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal6.stpl @@ -31,48 +31,42 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } } location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } - location ~ ^/sites/.*/files/styles/ { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; } error_page 403 /error/404.html; diff --git a/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal6.tpl b/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal6.tpl index ac32dcd9..d1096bff 100644 --- a/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal6.tpl +++ b/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal6.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,48 +27,42 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } location / { try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } } location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } - location ~ ^/sites/.*/files/styles/ { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; } error_page 403 /error/404.html; diff --git a/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal7.stpl b/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal7.stpl index 3b9dabf5..030ea952 100644 --- a/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal7.stpl +++ b/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal7.stpl @@ -31,50 +31,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal7.tpl b/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal7.tpl index 1b979475..c9729795 100644 --- a/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal7.tpl +++ b/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal7.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,50 +27,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } - + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal8.stpl b/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal8.stpl index 50d85b68..030ea952 100644 --- a/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal8.stpl +++ b/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal8.stpl @@ -31,51 +31,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$)|^/update.php { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal8.tpl b/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal8.tpl index 71b538bf..c9729795 100644 --- a/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal8.tpl +++ b/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal8.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,51 +27,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } - + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$)|^/update.php { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal6.stpl b/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal6.stpl index 91a70936..0af7ce84 100644 --- a/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal6.stpl +++ b/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal6.stpl @@ -31,48 +31,42 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } } location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } - location ~ ^/sites/.*/files/styles/ { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; } error_page 403 /error/404.html; diff --git a/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal6.tpl b/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal6.tpl index ac32dcd9..d1096bff 100644 --- a/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal6.tpl +++ b/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal6.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,48 +27,42 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } location / { try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } } location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } - location ~ ^/sites/.*/files/styles/ { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; } error_page 403 /error/404.html; diff --git a/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal7.stpl b/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal7.stpl index 3b9dabf5..030ea952 100644 --- a/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal7.stpl +++ b/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal7.stpl @@ -31,50 +31,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal7.tpl b/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal7.tpl index 1b979475..c9729795 100644 --- a/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal7.tpl +++ b/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal7.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,50 +27,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } - + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal8.stpl b/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal8.stpl index 50d85b68..030ea952 100644 --- a/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal8.stpl +++ b/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal8.stpl @@ -31,51 +31,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$)|^/update.php { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal8.tpl b/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal8.tpl index 71b538bf..c9729795 100644 --- a/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal8.tpl +++ b/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal8.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,51 +27,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } - + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$)|^/update.php { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal6.stpl b/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal6.stpl index 91a70936..0af7ce84 100644 --- a/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal6.stpl +++ b/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal6.stpl @@ -31,48 +31,42 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } } location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } - location ~ ^/sites/.*/files/styles/ { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; } error_page 403 /error/404.html; diff --git a/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal6.tpl b/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal6.tpl index ac32dcd9..d1096bff 100644 --- a/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal6.tpl +++ b/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal6.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,48 +27,42 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } location / { try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } } location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } - location ~ ^/sites/.*/files/styles/ { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; } error_page 403 /error/404.html; diff --git a/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal7.stpl b/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal7.stpl index 3b9dabf5..030ea952 100644 --- a/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal7.stpl +++ b/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal7.stpl @@ -31,50 +31,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal7.tpl b/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal7.tpl index 1b979475..c9729795 100644 --- a/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal7.tpl +++ b/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal7.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,50 +27,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } - + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal8.stpl b/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal8.stpl index 50d85b68..030ea952 100644 --- a/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal8.stpl +++ b/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal8.stpl @@ -31,51 +31,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$)|^/update.php { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal8.tpl b/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal8.tpl index 71b538bf..c9729795 100644 --- a/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal8.tpl +++ b/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal8.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,51 +27,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } - + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$)|^/update.php { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal6.stpl b/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal6.stpl index 91a70936..0af7ce84 100644 --- a/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal6.stpl +++ b/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal6.stpl @@ -31,48 +31,42 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } } location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } - location ~ ^/sites/.*/files/styles/ { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; } error_page 403 /error/404.html; diff --git a/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal6.tpl b/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal6.tpl index ac32dcd9..d1096bff 100644 --- a/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal6.tpl +++ b/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal6.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,48 +27,42 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } location / { try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } } location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } - location ~ ^/sites/.*/files/styles/ { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; } error_page 403 /error/404.html; diff --git a/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal7.stpl b/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal7.stpl index 3b9dabf5..030ea952 100644 --- a/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal7.stpl +++ b/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal7.stpl @@ -31,50 +31,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal7.tpl b/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal7.tpl index 1b979475..c9729795 100644 --- a/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal7.tpl +++ b/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal7.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,50 +27,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } - + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal8.stpl b/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal8.stpl index 50d85b68..030ea952 100644 --- a/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal8.stpl +++ b/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal8.stpl @@ -31,51 +31,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$)|^/update.php { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal8.tpl b/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal8.tpl index 71b538bf..c9729795 100644 --- a/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal8.tpl +++ b/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal8.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,51 +27,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } - + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$)|^/update.php { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal6.stpl b/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal6.stpl index 91a70936..0af7ce84 100644 --- a/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal6.stpl +++ b/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal6.stpl @@ -31,48 +31,42 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } } location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } - location ~ ^/sites/.*/files/styles/ { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; } error_page 403 /error/404.html; diff --git a/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal6.tpl b/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal6.tpl index ac32dcd9..d1096bff 100644 --- a/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal6.tpl +++ b/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal6.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,48 +27,42 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } location / { try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } } location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } - location ~ ^/sites/.*/files/styles/ { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; } error_page 403 /error/404.html; diff --git a/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal7.stpl b/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal7.stpl index 3b9dabf5..030ea952 100644 --- a/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal7.stpl +++ b/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal7.stpl @@ -31,50 +31,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal7.tpl b/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal7.tpl index 1b979475..c9729795 100644 --- a/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal7.tpl +++ b/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal7.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,50 +27,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } - + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal8.stpl b/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal8.stpl index 50d85b68..030ea952 100644 --- a/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal8.stpl +++ b/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal8.stpl @@ -31,51 +31,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$)|^/update.php { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal8.tpl b/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal8.tpl index 71b538bf..c9729795 100644 --- a/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal8.tpl +++ b/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal8.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,51 +27,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } - + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$)|^/update.php { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal6.stpl b/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal6.stpl index 91a70936..0af7ce84 100644 --- a/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal6.stpl +++ b/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal6.stpl @@ -31,48 +31,42 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } } location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } - location ~ ^/sites/.*/files/styles/ { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; } error_page 403 /error/404.html; diff --git a/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal6.tpl b/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal6.tpl index ac32dcd9..d1096bff 100644 --- a/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal6.tpl +++ b/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal6.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,48 +27,42 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } location / { try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } } location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } - location ~ ^/sites/.*/files/styles/ { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; } error_page 403 /error/404.html; diff --git a/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal7.stpl b/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal7.stpl index 3b9dabf5..030ea952 100644 --- a/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal7.stpl +++ b/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal7.stpl @@ -31,50 +31,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal7.tpl b/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal7.tpl index 1b979475..c9729795 100644 --- a/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal7.tpl +++ b/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal7.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,50 +27,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } - + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal8.stpl b/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal8.stpl index 50d85b68..030ea952 100644 --- a/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal8.stpl +++ b/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal8.stpl @@ -31,51 +31,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$)|^/update.php { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal8.tpl b/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal8.tpl index 71b538bf..c9729795 100644 --- a/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal8.tpl +++ b/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal8.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,51 +27,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } - + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$)|^/update.php { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal6.stpl b/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal6.stpl index 91a70936..0af7ce84 100644 --- a/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal6.stpl +++ b/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal6.stpl @@ -31,48 +31,42 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } } location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } - location ~ ^/sites/.*/files/styles/ { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; } error_page 403 /error/404.html; diff --git a/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal6.tpl b/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal6.tpl index ac32dcd9..d1096bff 100644 --- a/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal6.tpl +++ b/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal6.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,48 +27,42 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } location / { try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } } location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } - location ~ ^/sites/.*/files/styles/ { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; } error_page 403 /error/404.html; diff --git a/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal7.stpl b/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal7.stpl index 3b9dabf5..030ea952 100644 --- a/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal7.stpl +++ b/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal7.stpl @@ -31,50 +31,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal7.tpl b/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal7.tpl index 1b979475..c9729795 100644 --- a/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal7.tpl +++ b/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal7.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,50 +27,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } - + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal8.stpl b/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal8.stpl index 50d85b68..030ea952 100644 --- a/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal8.stpl +++ b/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal8.stpl @@ -31,51 +31,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$)|^/update.php { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal8.tpl b/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal8.tpl index 71b538bf..c9729795 100644 --- a/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal8.tpl +++ b/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal8.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,51 +27,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } - + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$)|^/update.php { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal6.stpl b/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal6.stpl index 91a70936..0af7ce84 100644 --- a/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal6.stpl +++ b/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal6.stpl @@ -31,48 +31,42 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } } location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } - location ~ ^/sites/.*/files/styles/ { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; } error_page 403 /error/404.html; diff --git a/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal6.tpl b/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal6.tpl index ac32dcd9..d1096bff 100644 --- a/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal6.tpl +++ b/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal6.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,48 +27,42 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } location / { try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } } location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } - location ~ ^/sites/.*/files/styles/ { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; } error_page 403 /error/404.html; diff --git a/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal7.stpl b/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal7.stpl index 3b9dabf5..030ea952 100644 --- a/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal7.stpl +++ b/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal7.stpl @@ -31,50 +31,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal7.tpl b/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal7.tpl index 1b979475..c9729795 100644 --- a/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal7.tpl +++ b/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal7.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,50 +27,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } - + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal8.stpl b/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal8.stpl index 50d85b68..030ea952 100644 --- a/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal8.stpl +++ b/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal8.stpl @@ -31,51 +31,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$)|^/update.php { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal8.tpl b/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal8.tpl index 71b538bf..c9729795 100644 --- a/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal8.tpl +++ b/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal8.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,51 +27,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } - + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$)|^/update.php { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal6.stpl b/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal6.stpl index 91a70936..0af7ce84 100644 --- a/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal6.stpl +++ b/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal6.stpl @@ -31,48 +31,42 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } } location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } - location ~ ^/sites/.*/files/styles/ { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; } error_page 403 /error/404.html; diff --git a/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal6.tpl b/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal6.tpl index ac32dcd9..d1096bff 100644 --- a/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal6.tpl +++ b/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal6.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,48 +27,42 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } location / { try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } } location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } - location ~ ^/sites/.*/files/styles/ { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; } error_page 403 /error/404.html; diff --git a/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal7.stpl b/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal7.stpl index 3b9dabf5..030ea952 100644 --- a/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal7.stpl +++ b/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal7.stpl @@ -31,50 +31,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal7.tpl b/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal7.tpl index 1b979475..c9729795 100644 --- a/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal7.tpl +++ b/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal7.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,50 +27,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } - + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal8.stpl b/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal8.stpl index 50d85b68..030ea952 100644 --- a/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal8.stpl +++ b/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal8.stpl @@ -31,51 +31,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$)|^/update.php { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal8.tpl b/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal8.tpl index 71b538bf..c9729795 100644 --- a/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal8.tpl +++ b/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal8.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,51 +27,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } - + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$)|^/update.php { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal6.stpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal6.stpl index 91a70936..0af7ce84 100644 --- a/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal6.stpl +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal6.stpl @@ -31,48 +31,42 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } } location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } - location ~ ^/sites/.*/files/styles/ { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; } error_page 403 /error/404.html; diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal6.tpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal6.tpl index ac32dcd9..d1096bff 100644 --- a/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal6.tpl +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal6.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,48 +27,42 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } location / { try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } } location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } - location ~ ^/sites/.*/files/styles/ { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; } error_page 403 /error/404.html; diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal7.stpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal7.stpl index 3b9dabf5..030ea952 100644 --- a/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal7.stpl +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal7.stpl @@ -31,50 +31,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal7.tpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal7.tpl index 1b979475..c9729795 100644 --- a/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal7.tpl +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal7.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,50 +27,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } - + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal8.stpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal8.stpl index 50d85b68..030ea952 100644 --- a/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal8.stpl +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal8.stpl @@ -31,51 +31,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$)|^/update.php { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal8.tpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal8.tpl index 71b538bf..c9729795 100644 --- a/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal8.tpl +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal8.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,51 +27,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } - + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$)|^/update.php { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal6.stpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal6.stpl index 91a70936..0af7ce84 100644 --- a/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal6.stpl +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal6.stpl @@ -31,48 +31,42 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } } location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } - location ~ ^/sites/.*/files/styles/ { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; } error_page 403 /error/404.html; diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal6.tpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal6.tpl index ac32dcd9..d1096bff 100644 --- a/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal6.tpl +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal6.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,48 +27,42 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } location / { try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } } location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } - location ~ ^/sites/.*/files/styles/ { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; } error_page 403 /error/404.html; diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal7.stpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal7.stpl index 3b9dabf5..030ea952 100644 --- a/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal7.stpl +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal7.stpl @@ -31,50 +31,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal7.tpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal7.tpl index 1b979475..c9729795 100644 --- a/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal7.tpl +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal7.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,50 +27,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } - + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal8.stpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal8.stpl index 50d85b68..030ea952 100644 --- a/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal8.stpl +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal8.stpl @@ -31,51 +31,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$)|^/update.php { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal8.tpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal8.tpl index 71b538bf..c9729795 100644 --- a/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal8.tpl +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal8.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,51 +27,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } - + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$)|^/update.php { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal6.stpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal6.stpl index 91a70936..0af7ce84 100644 --- a/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal6.stpl +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal6.stpl @@ -31,48 +31,42 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } } location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } - location ~ ^/sites/.*/files/styles/ { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; } error_page 403 /error/404.html; diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal6.tpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal6.tpl index ac32dcd9..d1096bff 100644 --- a/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal6.tpl +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal6.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,48 +27,42 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } location / { try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } } location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } - location ~ ^/sites/.*/files/styles/ { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; } error_page 403 /error/404.html; diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal7.stpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal7.stpl index 3b9dabf5..030ea952 100644 --- a/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal7.stpl +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal7.stpl @@ -31,50 +31,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal7.tpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal7.tpl index 1b979475..c9729795 100644 --- a/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal7.tpl +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal7.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,50 +27,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } - + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal8.stpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal8.stpl index 50d85b68..030ea952 100644 --- a/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal8.stpl +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal8.stpl @@ -31,51 +31,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$)|^/update.php { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal8.tpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal8.tpl index 71b538bf..c9729795 100644 --- a/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal8.tpl +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal8.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,51 +27,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } - + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$)|^/update.php { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; From 4a27e61d60ea6e781a1b0985c2ccf7bf58c1031f Mon Sep 17 00:00:00 2001 From: Luiz Junior Date: Tue, 31 Jul 2018 10:32:47 -0300 Subject: [PATCH 02/62] Fix Dovecot Connection Fix dovecot Connection --- install/ubuntu/16.04/dovecot/dovecot.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install/ubuntu/16.04/dovecot/dovecot.conf b/install/ubuntu/16.04/dovecot/dovecot.conf index 311a3351..55c3672f 100644 --- a/install/ubuntu/16.04/dovecot/dovecot.conf +++ b/install/ubuntu/16.04/dovecot/dovecot.conf @@ -3,7 +3,7 @@ listen = *, :: base_dir = /var/run/dovecot/ !include conf.d/*.conf -namespace { +namespace inbox{ type = private separator = / prefix = From 47a22f4a254aac61bb3c91c4ac7dd0eaf493f1b6 Mon Sep 17 00:00:00 2001 From: Luiz Junior Date: Tue, 31 Jul 2018 10:46:54 -0300 Subject: [PATCH 03/62] Fix dovecot namespace inbox { --- install/ubuntu/16.04/dovecot/dovecot.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install/ubuntu/16.04/dovecot/dovecot.conf b/install/ubuntu/16.04/dovecot/dovecot.conf index 55c3672f..163460ba 100644 --- a/install/ubuntu/16.04/dovecot/dovecot.conf +++ b/install/ubuntu/16.04/dovecot/dovecot.conf @@ -3,7 +3,7 @@ listen = *, :: base_dir = /var/run/dovecot/ !include conf.d/*.conf -namespace inbox{ +namespace inbox { type = private separator = / prefix = From 1c315de8d7924362ee6b96a9767d1f1536caa78d Mon Sep 17 00:00:00 2001 From: Serghey Rodin Date: Fri, 3 Aug 2018 18:34:13 +0300 Subject: [PATCH 04/62] fix for ubuntu 14.04 --- install/vst-install-ubuntu.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/install/vst-install-ubuntu.sh b/install/vst-install-ubuntu.sh index ef4b7079..a17517e3 100755 --- a/install/vst-install-ubuntu.sh +++ b/install/vst-install-ubuntu.sh @@ -33,9 +33,9 @@ software="apache2 apache2.2-common apache2-suexec-custom apache2-utils # Fix for old releases if [[ ${release:0:2} -lt 16 ]]; then - software=$(echo "$software" |sed -e "s/php /php5 /") - software=$(echo "$software" |sed -e "s/php-/php5-/") - software=$(echo "$software" |sed -e "s/mod-php/mod-php5/") + software=$(echo "$software" |sed -e "s/php /php5 /g") + software=$(echo "$software" |sed -e "s/vesta-php5 /vesta-php /g") + software=$(echo "$software" |sed -e "s/php-/php5-/g") fi # Defining help function From 8bb89d2eb684f5ad8c7c85a0eab44c3b4eb493b3 Mon Sep 17 00:00:00 2001 From: Phinitnan Chanasabaeng Date: Mon, 6 Aug 2018 10:35:41 +0700 Subject: [PATCH 05/62] Updated Thai translation --- web/inc/i18n/th.php | 459 ++++++++++++++++++++++---------------------- 1 file changed, 230 insertions(+), 229 deletions(-) diff --git a/web/inc/i18n/th.php b/web/inc/i18n/th.php index 96f23bb5..07beb85e 100644 --- a/web/inc/i18n/th.php +++ b/web/inc/i18n/th.php @@ -3,6 +3,7 @@ * Vesta language file * Language: Thai ( Thailand ) * thatphon05@gmail.com + * phinitnan_c@xtony.us */ $LANG['th'] = array( @@ -11,10 +12,10 @@ $LANG['th'] = array( 'IP' => 'IP', 'Graphs' => 'กราฟ', 'Statistics' => 'สถิติ', - 'Log' => 'Log', - 'Server' => 'เซิฟเวอร์', + 'Log' => 'บันทึกเหตุการณ์', + 'Server' => 'เซิร์ฟเวอร์', 'Services' => 'บริการ', - 'Firewall' => 'ไฟร์วอลล์', + 'Firewall' => 'Firewall', 'Updates' => 'อัพเดท', 'Log in' => 'เข้าสู่ระบบ', 'Log out' => 'ออกจากระบบ', @@ -22,47 +23,47 @@ $LANG['th'] = array( 'USER' => 'ผู้ใช้', 'WEB' => 'เว็บ', 'DNS' => 'DNS', - 'MAIL' => 'เมล์', + 'MAIL' => 'เมล', 'DB' => 'ฐานข้อมูล', 'CRON' => 'CRON', 'BACKUP' => 'สำรองข้อมูล', 'LOGIN' => 'เข้าสู่ระบบ', - 'RESET PASSWORD' => 'รีเซ็ตรหัสผ่าน', + 'RESET PASSWORD' => 'ตั้งรหัสผ่านใหม่', 'SEARCH' => 'ค้นหา', 'PACKAGE' => 'แพ็กเกจ', 'RRD' => 'RRD', - 'STATS' => 'STATS', - 'LOG' => 'ล็อก', + 'STATS' => 'สถิติ', + 'LOG' => 'บันทึกเหตุการณ์', 'UPDATES' => 'อัพเดท', - 'FIREWALL' => 'ไฟร์วอลล์', - 'SERVER' => 'เซิฟเวอร์', + 'FIREWALL' => 'FIREWALL', + 'SERVER' => 'เซิร์ฟเวอร์', 'MEMORY' => 'หน่วยความจำ', - 'DISK' => 'พื้นที่จัดเก็บข้อมูล', + 'DISK' => 'พื้นที่เก็บข้อมูล', 'NETWORK' => 'เครือข่าย', - 'Web Log Manager' => 'ตัวจัดการ Web Log', + 'Web Log Manager' => 'ตัวจัดการบันทึกเหตุการณ์เว็บ', 'no notifications' => 'ไม่มีการแจ้งเตือน', 'Add User' => 'เพิ่มผู้ใช้', 'Add Domain' => 'เพิ่มโดเมน', - 'Add Web Domain' => 'เพิ่ม Web Domain', - 'Add DNS Domain' => 'เพิ่ม DNS Domain', - 'Add DNS Record' => 'เพิ่ม DNS Record', - 'Add Mail Domain' => 'เพิ่ม Mail Domain', - 'Add Mail Account' => 'เพิ่มบัญชีเมล์', + 'Add Web Domain' => 'เพิ่มโดเมนสำหรับเว็บ', + 'Add DNS Domain' => 'เพิ่มโดเมนสำหรับ DNS', + 'Add DNS Record' => 'เพิ่มรายการ DNS', + 'Add Mail Domain' => 'เพิ่มโดเมนสำหรับเมล', + 'Add Mail Account' => 'เพิ่มบัญชีเมล', 'Add Database' => 'เพิ่มฐานข้อมูล', - 'Add Cron Job' => 'เพิ่ม Cron Job', - 'Create Backup' => 'สร้างการสำรองข้อมูล', - 'Configure' => 'ปรับแต่ง', + 'Add Cron Job' => 'เพิ่มงาน CRON', + 'Create Backup' => 'สร้างข้อมูลสำรอง', + 'Configure' => 'ตั้งค่า', 'Restore All' => 'คืนค่าทั้งหมด', 'Add Package' => 'เพิ่มแพ็กเกจ', - 'Add IP' => 'เพิ่ม IP Address', - 'Add Rule' => 'เพิ่ม Rule', - 'Ban IP Address' => 'แบน IP Address', + 'Add IP' => 'เพิ่ม IP', + 'Add Rule' => 'เพิ่มกฎ', + 'Ban IP Address' => 'แบนหมายเลข IP', 'Search' => 'ค้นหา', - 'Add one more FTP Account' => 'เพิ่มอีกบัญชี', - 'Overall Statistics' => 'สถิติโดยรวม', + 'Add one more FTP Account' => 'เพิ่ม FTP อีกหนึ่งบัญชี', + 'Overall Statistics' => 'สถิติภาพรวม', 'Daily' => 'รายวัน', 'Weekly' => 'รายสัปดาห์', 'Monthly' => 'รายเดือน', @@ -73,28 +74,28 @@ $LANG['th'] = array( 'Submit' => 'ส่งข้อมูล', 'toggle all' => 'เลือกทั้งหมด', - 'apply to selected' => 'นำไปใช้กับที่เลือก', - 'rebuild' => 'สร้างใหม่', - 'rebuild web' => 'สร้างเว็บใหม่', - 'rebuild dns' => 'สร้าง DNS ใหม่', - 'rebuild mail' => 'สร้างเมล์ใหม่', - 'rebuild db' => 'สร้างฐานข้อมูลใหม่', - 'rebuild cron' => 'สร้าง Cron ใหม่', + 'apply to selected' => 'นำไปใช้กับรายการที่เลือก', + 'rebuild' => 'ใช้การตั้งค่าล่าสุด', + 'rebuild web' => 'ใช้การตั้งค่าเว็บล่าสุด', + 'rebuild dns' => 'ใช้การตั้งค่า DNS ล่าสุด', + 'rebuild mail' => 'ใช้การตั้งค่าเมลล่าสุด', + 'rebuild db' => 'ใช้การตั้งค่าฐานข้อมูลล่าสุด', + 'rebuild cron' => 'ใช้การตั้งค่า CRON ล่าสุด', 'update counters' => 'อัพเดทตัวนับ', 'suspend' => 'ระงับการใช้งาน', - 'unsuspend' => 'เปิดใช้งาน', + 'unsuspend' => 'ยกเลิกระงับการใช้งาน', 'delete' => 'ลบ', - 'show per user' => 'แสดงต่อผู้ใช้', - 'login as' => 'เข้าสู่ระบบด้วย', + 'show per user' => 'แสดงผลต่อผู้ใช้', + 'login as' => 'เข้าสู่ระบบในนาม', 'logout' => 'ออกจากระบบ', 'edit' => 'แก้ไข', 'open webstats' => 'เปิดสถิติเว็บ', - 'view logs' => 'ดู Logs', - 'list records' => 'รายการ %s records', - 'add record' => 'เพิ่ม Record', - 'list accounts' => 'รายการ %s บัญชี', + 'view logs' => 'ดูบันทึกเหตุการณ์', + 'list records' => 'แสดงรายการ', + 'add record' => 'เพิ่มรายการ', + 'list accounts' => 'แสดงบัญชี', 'add account' => 'เพิ่มบัญชี', - 'open webmail' => 'เปิด Webmail', + 'open webmail' => 'เปิดเว็บเมล', 'list fail2ban' => 'รายการ fail2ban', 'open %s' => 'เปิด %s', 'download' => 'ดาวน์โหลด', @@ -106,48 +107,48 @@ $LANG['th'] = array( 'update' => 'อัพเดท', 'generate' => 'สร้าง', 'Generate CSR' => 'สร้าง CSR', - 'reread IP' => 'อ่าน IP ใหม่', + 'reread IP' => 'อ่าน IP ซ้ำ', 'enable autoupdate' => 'เปิดการอัพเดทอัตโนมัติ', 'disable autoupdate' => 'ปิดการอัพเดทอัตโนมัติ', - 'turn on notifications' => 'เปิดใช้งานการแจ้งเตือน', - 'turn off notifications' => 'ปิดใช้งานการแจ้งเตือน', + 'turn on notifications' => 'เปิดการแจ้งเตือน', + 'turn off notifications' => 'ปิดการแจ้งเตือน', 'configure' => 'ปรับแต่ง', 'Adding User' => 'เพิ่มผู้ใช้', 'Editing User' => 'แก้ไขผู้ใช้', 'Adding Domain' => 'เพิ่มโดเมน', 'Editing Domain' => 'แก้ไขโดเมน', - 'Adding DNS Domain' => 'เพิ่ม DNS Domain', - 'Editing DNS Domain' => 'แก้ไข DNS Domain', - 'Adding DNS Record' => 'เพิ่ม DNS Record', - 'Editing DNS Record' => 'แก้ไข DNS Record', - 'Adding Mail Domain' => 'เพิ่ม Mail Domain', - 'Editing Mail Domain' => 'แก้ไข Mail Domain', - 'Adding Mail Account' => 'เพิ่มบัญชีเมล์', - 'Editing Mail Account' => 'แก้ไขบัญชีเมล์', + 'Adding DNS Domain' => 'เพิ่ม DNS สำหรับโดเมน', + 'Editing DNS Domain' => 'แก้ไข DNS สำหรับโดเมน', + 'Adding DNS Record' => 'เพิ่มรายการ DNS', + 'Editing DNS Record' => 'แก้ไขรายการ DNS', + 'Adding Mail Domain' => 'เพิ่มโดเมนสำหรับเมล', + 'Editing Mail Domain' => 'แก้ไขโดเมนสำหรับเมล', + 'Adding Mail Account' => 'เพิ่มบัญชีเมล', + 'Editing Mail Account' => 'แก้ไขบัญชีเมล', 'Adding database' => 'เพิ่มฐานข้อมูล', - 'Editing Cron Job' => 'แก้ไข Cron Job', - 'Adding Cron Job' => 'เพิ่ม Cron Job', + 'Editing Cron Job' => 'แก้ไขงาน CRON', + 'Adding Cron Job' => 'เพิ่มงาน CRON', 'Editing Database' => 'แก้ไขฐานข้อมูล', 'Adding Package' => 'เพิ่มแพ็กเกจ', 'Editing Package' => 'แก้ไขแพ็กเกจ', - 'Adding IP address' => 'เพิ่ม IP address', - 'Editing IP Address' => 'แก้ไข IP Address', + 'Adding IP address' => 'เพิ่มที่อยู่ IP', + 'Editing IP Address' => 'แก้ไขที่อยู่ IP', 'Editing Backup Exclusions' => 'แก้ไขการยกเว้นสำรองข้อมูล', 'Generating CSR' => 'สร้าง CSR', 'Listing' => 'รายการ', - 'Search Results' => 'ผลลัพธ์ของการค้นหา', - 'Adding Firewall Rule' => 'การเพิ่ม Firewall Rule', - 'Editing Firewall Rule' => 'การแก้ไข Firewall Rule', - 'Adding IP Address to Banlist' => 'การแบน IP Address', + 'Search Results' => 'ผลลัพธ์การค้นหา', + 'Adding Firewall Rule' => 'การเพิ่มกฎ Firewall', + 'Editing Firewall Rule' => 'การแก้ไขกฎ Firewall', + 'Adding IP Address to Banlist' => 'เพิ่มที่อยู่ IP ในรายการแบน', 'active' => 'เปิดใช้งาน', 'spnd' => 'ระงับการใช้งาน', 'suspended' => 'ระงับการใช้งานแล้ว', 'running' => 'กำลังทำงาน', 'stopped' => 'หยุดทำงานแล้ว', - 'outdated' => 'ตกรุ่น', - 'updated' => 'อัพเดท', + 'outdated' => 'ตกรุ่นแล้ว', + 'updated' => 'อัพเดทแล้ว', 'yes' => 'ใช่', 'no' => 'ไม่ใช่', @@ -164,37 +165,37 @@ $LANG['th'] = array( 'minutes' => 'นาที', 'month' => 'เดือน', 'package' => 'แพ็กเกจ', - 'Bandwidth' => 'แบนด์วิดธ์', + 'Bandwidth' => 'ปริมาณรับส่งข้อมูล', 'Disk' => 'พื้นที่จัดเก็บข้อมูล', 'Web' => 'เว็บ', - 'Mail' => 'เมล์', + 'Mail' => 'เมล', 'Databases' => 'ฐานข้อมูล', 'User Directories' => 'ไดเร็กทอรี่ของผู้ใช้', - 'Template' => 'Template', - 'Web Template' => 'Web Template', - 'Backend Template' => 'Backend Template', - 'Proxy Template' =>'Proxy Template', - 'DNS Template' => 'DNS Template', - 'Web Domains' => 'Web Domains', - 'SSL Domains' => 'SSL Domains', - 'Web Aliases' => 'Web Aliases', - 'per domain' => 'ต่อ Domain', - 'DNS Domains' => 'DNS Domains', - 'DNS domains' => 'DNS domains', - 'DNS records' => 'DNS records', + 'Template' => 'ตัวแบบ', + 'Web Template' => 'ตัวแบบเว็บ', + 'Backend Template' => 'ตัวเแบบ Backend', + 'Proxy Template' =>'ตัวแบบ Proxy', + 'DNS Template' => 'ตัวแบบ DNS', + 'Web Domains' => 'โดเมนสำหรับเว็บ', + 'SSL Domains' => 'โดเมนสำหรับ SSL', + 'Web Aliases' => 'ชื่อแทนเว็บ', + 'per domain' => 'ต่อโดเมน', + 'DNS Domains' => 'โดเมนสำหรับ DNS', + 'DNS domains' => 'โดเมนสำหรับ DNS', + 'DNS records' => 'รายการ DNS', 'Name Servers' => 'Name Servers', - 'Mail Domains' => 'Mail Domains', - 'Mail Accounts' => 'บัญชีเมล์', - 'Cron Jobs' => 'Cron Jobs', - 'SSH Access' => 'การเข้าถึง SSH', - 'IP Address' => 'IP Address', - 'IP Addresses' => 'IP Addresses', + 'Mail Domains' => 'โดเมนสำหรับเมล', + 'Mail Accounts' => 'บัญชีเมล', + 'Cron Jobs' => 'งาน CRON', + 'SSH Access' => 'การเข้าใช้ SSH', + 'IP Address' => 'ที่อยู่ IP', + 'IP Addresses' => 'ที่อยู่ IP', 'Backups' => 'สำรองข้อมูล', 'Backup System' => 'ระบบสำรองข้อมูล', 'backup exclusions' => 'ยกเว้นการสำรองข้อมูล', - 'template' => 'template', + 'template' => 'ตัวแบบ', 'SSL Support' => 'สนับสนุน SSL', - 'SSL Home Directory' => 'หน้าแรกของ SSL', + 'SSL Home Directory' => 'ไดเร็กทอรี่หลักของ SSL', 'Lets Encrypt Support' => 'สนับสนุน Lets Encrypt', 'Lets Encrypt' => 'Lets Encrypt', 'Your certificate will be automatically issued in 5 minutes' => 'ใบรับรองของคุณจะได้รับการออกโดยอัตโนมัติภายใน 5 นาที', @@ -206,17 +207,17 @@ $LANG['th'] = array( 'SOA' => 'SOA', 'TTL' => 'TTL', 'Expire' => 'หมดอายุ', - 'Records' => 'Records', + 'Records' => 'รายการ', 'Serial' => 'Serial', - 'Catchall email' => 'Catchall email', - 'AntiVirus Support' => 'สนับสนุน AntiVirus', - 'AntiSpam Support' => 'สนับสนุน AntiSpam', + 'Catchall email' => 'อีเมล Catchall', + 'AntiVirus Support' => 'สนับสนุนการป้องกันไวรัส', + 'AntiSpam Support' => 'สนับสนุนการป้องกันเมลขยะ', 'DKIM Support' => 'สนับสนุน DKIM', 'Accounts' => 'บัญชี', 'Quota' => 'โควตา', 'Autoreply' => 'ตอบกลับอัตโนมัติ', 'Forward to' => 'ส่งต่อไปยัง', - 'Do not store forwarded mail' => 'อย่าเก็บเมล์ที่ส่งต่อไว้', + 'Do not store forwarded mail' => 'ไม่เก็บเมลที่ส่งต่อแล้วไว้', 'IMAP hostname' => 'IMAP hostname', 'IMAP port' => 'IMAP port', 'IMAP security' => 'IMAP security', @@ -240,7 +241,7 @@ $LANG['th'] = array( 'Run Time' => 'เวลาทำงาน', 'Backup Size' => 'ขนาดสำรองข้อมูล', 'SYS' => 'SYS', - 'Domains' => 'Domains', + 'Domains' => 'โดเมน', 'Status' => 'สถานะ', 'shared' => 'shared', 'dedicated' => 'dedicated', @@ -253,72 +254,72 @@ $LANG['th'] = array( 'NGINX Usage' => 'การใช้ NGINX', 'MySQL Usage on localhost' => 'การใช้ MySQL บน localhost', 'PostgreSQL Usage on localhost' => 'การใช้ PostgreSQL บน localhost', - 'Bandwidth Usage eth0' => 'การใช้ แบนด์วิดธ์ ของ eth0', - 'Bandwidth Usage eth1' => 'การใช้ แบนด์วิดธ์ ของ eth1', + 'Bandwidth Usage eth0' => 'ขนาดการรับส่งข้อมูลของ eth0', + 'Bandwidth Usage eth1' => 'ขนาดการรับส่งข้อมูลของ eth1', 'Exim Usage' => 'การใช้ Exim', 'FTP Usage' => 'การใช้ FTP', 'SSH Usage' => 'การใช้ SSH', 'reverse proxy' => 'reverse proxy', - 'web server' => 'web server', - 'dns server' => 'dns server', - 'mail server' => 'mail server', - 'pop/imap server' => 'pop/imap server', - 'email antivirus' => 'email antivirus', - 'email antispam' => 'email antispam', - 'database server' => 'database server', - 'ftp server' => 'ftp server', + 'web server' => 'เซิร์ฟเวอร์เว็บ', + 'dns server' => 'เซิร์ฟเวอร์ dns', + 'mail server' => 'เซิร์ฟเวอร์เมล', + 'pop/imap server' => 'เซิร์ฟเวอร์ pop/imap', + 'email antivirus' => 'การป้องกันไวรัสอีเมล', + 'email antispam' => 'การป้องกันอีเมลขยะ', + 'database server' => 'เซิร์ฟเวอร์ฐานข้อมูล', + 'ftp server' => 'เซิร์ฟเวอร์ ftp', 'job scheduler' => 'job scheduler', 'firewall' => 'firewall', - 'brute-force monitor' => 'ตรวจสอบการ brute-force', + 'brute-force monitor' => 'ดักจับ brute-force', 'CPU' => 'CPU', 'Memory' => 'หน่วยความจำ', - 'Uptime' => 'เวลาทำงาน', + 'Uptime' => 'ระบบทำงานมาแล้ว', 'core package' => 'แพ็กเกจหลัก', - 'php interpreter' => 'ตัวแปลคำสั่ง php', + 'php interpreter' => 'ตัวแปลภาษา php', 'internal web server' => 'เว็บเซิร์ฟเวอร์ภายใน', 'Version' => 'เวอร์ชั่น', - 'Release' => 'เวอร์ชั่นการปล่อย', + 'Release' => 'ลำดับที่', 'Architecture' => 'สถาปัตยกรรม', 'Object' => 'วัตถุ', 'Username' => 'ชื่อผู้ใช้', 'Password' => 'รหัสผ่าน', - 'Email' => 'อีเมล์', + 'Email' => 'อีเมล', 'Package' => 'แพ็กเกจ', 'Language' => 'ภาษา', 'First Name' => 'ชื่อ', 'Last Name' => 'นามสกุล', 'Send login credentials to email address' => 'ชื่ออีเมล์สำหรับส่งข้อมูลการเข้าสู่ระบบ', - 'Default Template' => 'Template มาตรฐาน', - 'Default Name Servers' => 'Name Servers มาตรฐาน', + 'Default Template' => 'ตัวแบบเริ่มต้น', + 'Default Name Servers' => 'Name Servers เริ่มต้น', 'Domain' => 'โดเมน', 'DNS Support' => 'สนับสนุน DNS', - 'Mail Support' => 'สนับสนุนเมล์', + 'Mail Support' => 'สนับสนุนเมล', 'Advanced options' => 'ตัวเลือกขั้นสูง', 'Basic options' => 'ตัวเลือกพื้นฐาน', - 'Aliases' => 'Aliases', + 'Aliases' => 'ชื่อแทน', 'SSL Certificate' => 'SSL Certificate', 'SSL Key' => 'SSL Key', 'SSL Certificate Authority / Intermediate' => 'SSL Certificate Authority / Intermediate', 'SSL CSR' => 'SSL CSR', 'optional' => 'ทางเลือกเพิ่มเติม', 'internal' => 'ภายใน', - 'Statistics Authorization' => 'การตรวจสอบสถิติ', - 'Statistics Auth' => 'รับรองความถูกต้องของสถิติ', + 'Statistics Authorization' => 'กำหนดสิทธิการเข้าดูสถิติ', + 'Statistics Auth' => 'ลงทะเบียนเข้าดูสถิติ', 'Account' => 'บัญชี', - 'Prefix will be automaticaly added to username' => 'คำนำหน้า %s จะถูกเพิ่มลงในชื่อผู้ใช้โดยอัตโนมัติ', - 'Send FTP credentials to email' => 'ชื่ออีเมล์สำหรับส่งข้อมูล FTP', + 'Prefix will be automaticaly added to username' => 'จะมีการใส่คำนำหน้าลงในชื่อผู้ใช้โดยอัตโนมัติ', + 'Send FTP credentials to email' => 'ชื่ออีเมล์สำหรับส่งรหัสผ่าน FTP', 'Expiration Date' => 'วันหมดอายุ', 'YYYY-MM-DD' => 'ปี-เดือน-วัน', 'Name servers' => 'Name servers', - 'Record' => 'Record', + 'Record' => 'รายการ', 'IP or Value' => 'IP หรือ ค่า', 'Priority' => 'ลำดับความสำคัญ', - 'Record Number' => 'ตัวเลข record', + 'Record Number' => 'หมายเลขรายการ', 'in megabytes' => 'หน่วย megabytes', 'Message' => 'ข้อความ', 'use local-part' => 'ใช้ส่วนภายใน', 'one or more email addresses' => 'อย่างน้อย 1 ที่อยู่อีเมล์', - 'Prefix will be automaticaly added to database name and database user' => 'คำนำหน้า %s จะถูกเพิ่มชื่อในฐานข้อมูลและฐานข้อมูลผู้ใช้โดยอัตโนมัติ', + 'Prefix will be automaticaly added to database name and database user' => 'จะมีการเพิ่มคำนำหน้าชื่อฐานข้อมูลและชื่อผู้ใช้ฐานข้อมูลโดยอัตโนมัติ', 'Database' => 'ฐานข้อมูล', 'Type' => 'ชนิด', 'Minute' => 'นาที', @@ -327,35 +328,35 @@ $LANG['th'] = array( 'Netmask' => 'Netmask', 'Interface' => 'Interface', 'Shared' => 'แชร์', - 'Assigned user' => 'กำหนดผู้ใช้แล้ว', - 'Assigned domain' => 'โดเมนที่กำหนด', + 'Assigned user' => 'ผู้ใช้ที่กำหนดไว้', + 'Assigned domain' => 'โดเมนที่กำหนดไว้', 'NAT IP association' => 'NAT IP association', 'shell' => 'shell', - 'web domains' => 'web domains', - 'web aliases' => 'web aliases', - 'dns records' => 'dns records', - 'mail domains' => 'mail domains', - 'mail accounts' => 'บัญชีเมล์', + 'web domains' => 'โดเมนสำหรับเว็บ', + 'web aliases' => 'ชื่อแทนเว็บ', + 'dns records' => 'รายการ dns', + 'mail domains' => 'โดเมนสำหรับเมล', + 'mail accounts' => 'บัญชีเมล', 'accounts' => 'บัญชี', 'databases' => 'ฐานข้อมูล', - 'cron jobs' => 'cron jobs', + 'cron jobs' => 'งาน cron', 'backups' => 'สำรองข้อมูล', 'quota' => 'โควต้า', - 'day of week' => 'วันในสัปดาห์', - 'cmd' => 'cmd', + 'day of week' => 'วันของสัปดาห์', + 'cmd' => 'คำสั่ง', 'users' => 'ผู้ใช้', 'domains' => 'โดนเมน', - 'aliases' => 'aliases', - 'records' => 'records', - 'jobs' => 'jobs', + 'aliases' => 'ชื่อแทน', + 'records' => 'รายการ', + 'jobs' => 'งาน', 'username' => 'ชื่อผู้ใช้', 'password' => 'รหัสผ่าน', 'type' => 'ชนิด', 'charset' => 'charset', 'domain' => 'โดเมน', 'ip' => 'ip', - 'ip address' => 'ip address', - 'IP address' => 'IP address', + 'ip address' => 'ที่อยู่ ip', + 'IP address' => 'ที่อยู่ IP', 'netmask' => 'netmask', 'interface' => 'interface', 'assigned user' => 'กำหนดผู้ใช้แล้ว', @@ -368,11 +369,11 @@ $LANG['th'] = array( 'account' => 'บัญชี', 'ssl certificate' => 'ssl certificate', 'ssl key' => 'ssl key', - 'stats user password' => 'stats user password', - 'stats username' => 'stats username', - 'stats password' => 'stats password', - 'ftp user password' => 'FTP ชื่อผู้ใช้ รหัสผ่าน', - 'ftp user' => 'ผู้ใช้ FTP', + 'stats user password' => 'รหัสผ่านของผู้ใช้สถิติ', + 'stats username' => 'ชื่อผู้ใช้สถิติ', + 'stats password' => 'รหัสผ่านสถิติ', + 'ftp user password' => 'รหัสผ่านของผู้ใช้สำหรับ ftp', + 'ftp user' => 'ผู้ใช้ ftp', 'Last 70 lines of %s.%s.log' => '70 บรรทัดสุดท้ายของ %s.%s.log', 'AccessLog' => 'AccessLog', 'ErrorLog' => 'ErrorLog', @@ -383,13 +384,13 @@ $LANG['th'] = array( 'State / Province' => 'ถนน / แขวง', 'City / Locality' => 'เมือง / ท้องถิ่น', 'Organization' => 'องค์กร', - 'Action' => 'การกระทำ', + 'Action' => 'ดำเนินการ', 'Protocol' => 'โปรโตคอล', 'Port' => 'Port', 'Comment' => 'หมายเหตุ', 'Banlist' => 'รายชื่อที่โดนแบน', 'ranges are acceptable' => 'ช่วงที่ยอมรับได้', - 'CIDR format is supported' => 'การสนับสนุน CIDR', + 'CIDR format is supported' => 'สนับสนุนรูปแบบ CIDR', 'ACCEPT' => 'ยอมรับ', 'DROP' => 'บล็อค', 'TCP' => 'TCP', @@ -400,12 +401,12 @@ $LANG['th'] = array( 'VESTA' => 'VESTA', 'Add one more Name Server' => 'เพิ่ม Name Server อีก', - 'web domain' => 'web domain', - 'dns domain' => 'dns domain', - 'dns record' => 'dns record', - 'mail domain' => 'mail domain', + 'web domain' => 'โดเมนสำหรับเว็บ', + 'dns domain' => 'โดเมนสำหรบ dns', + 'dns record' => 'รายการ dns', + 'mail domain' => 'โดเมนสำหรับเมล', 'mail account' => 'บัญชีเมล์', - 'cron job' => 'cron job', + 'cron job' => 'งาน cron', 'cron' => 'cron', 'user dir' => 'ไดเร็กทอรี่ของผู้ใช้', @@ -415,91 +416,91 @@ $LANG['th'] = array( '%s accounts' => '%s บัญชี', '1 domain' => '1 โดเมน', '%s domains' => '%s โดเมน', - '1 record' => '1 record', - '%s records' => '%s records', - '1 mail account' => '1 บัญชีเมล์', - '%s mail accounts' => '%s บัญชีเมล์', + '1 record' => '1 รายการ', + '%s records' => '%s รายการ', + '1 mail account' => '1 บัญชีเมล', + '%s mail accounts' => '%s บัญชีเมล', '1 database' => '1 ฐานข้อมูล', '%s databases' => '%s ฐานข้อมูล', - '1 cron job' => '1 cron job', - '%s cron jobs' => '%s cron jobs', - '1 archive' => '1 เก็บถาวร', - '%s archives' => '%s เก็บถาวร', + '1 cron job' => '1 งาน cron', + '%s cron jobs' => '%s งาน cron', + '1 archive' => '1 ข้อมูลสำรอง', + '%s archives' => '%s ข้อมูลสำรอง', '1 item' => '1 รายการ', '%s items' => '%s รายการ', '1 package' => '1 แพ็กเกจ', - '%s packages' => '%s packages', - '1 IP address' => '1 IP address', - '%s IP addresses' => '%s IP addresses', + '%s packages' => '%s แพ็กเกจ', + '1 IP address' => '1 ที่อยู่ IP', + '%s IP addresses' => '%s ที่อยู่ IP', '1 month' => '1 เดือน', '%s months' => '%s เดือน', - '1 log record' => '1 log record', - '%s log records' => '%s log record', + '1 log record' => '1 บันทึกเหตุการณ์', + '%s log records' => '%s บันทึกเหตุการณ์', '1 object' => '1 วัตถุ', '%s objects' => '%s วัตถุ', 'no exclusions' => 'ไม่มีการยกเว้น', - '1 rule' => '1 rule', - '%s rules' => '%s rules', + '1 rule' => '1 กฎ', + '%s rules' => '%s กฎ', 'There are no currently banned IP' => 'ไม่มี IP ที่ถูกแบน', - 'USER_CREATED_OK' => 'สร้างผู้ใช้ %s สำเร็จแล้ว', - 'WEB_DOMAIN_CREATED_OK' => 'สร้างโดนเมน %s สำเร็จแล้ว', - 'DNS_DOMAIN_CREATED_OK' => 'สร้าง DNS domain %s สำเร็จแล้ว', - 'DNS_RECORD_CREATED_OK' => 'สร้าง Record %s.%s ได้ถูกสร้างสำเร็จแล้ว', - 'MAIL_DOMAIN_CREATED_OK' => 'สร้าง Mail domain %s สำเร็จแล้ว', - 'MAIL_ACCOUNT_CREATED_OK' => 'สร้างบัญชีเมล์ %s@%s สำเร็จแล้ว', - 'DATABASE_CREATED_OK' => 'สร้างฐานข้อมูล %s สำเร็จแล้ว', - 'CRON_CREATED_OK' => 'สร้าง Cron job ได้ถูกสร้างแล้ว', - 'IP_CREATED_OK' => 'สร้าง IP address %s สำเร็จแล้ว', - 'PACKAGE_CREATED_OK' => 'สร้างแพ็กเกจ %s สำเร็จแล้ว', - 'SSL_GENERATED_OK' => 'สร้างใบรับรองสำเร็จแล้ว', - 'RULE_CREATED_OK' => 'สร้าง Rule สำเร็จแล้ว', - 'BANLIST_CREATED_OK' => 'สร้าง IP address สำเร็จแล้ว', + 'USER_CREATED_OK' => 'สร้างผู้ใช้ %s แล้ว', + 'WEB_DOMAIN_CREATED_OK' => 'สร้างโดเมน %s แล้ว', + 'DNS_DOMAIN_CREATED_OK' => 'สร้างโดเมนสำหรับ DNS %s แล้ว', + 'DNS_RECORD_CREATED_OK' => 'สร้างรายการ %s.%s แล้ว', + 'MAIL_DOMAIN_CREATED_OK' => 'สร้างโดเมนสำหรับเมล %s แล้ว', + 'MAIL_ACCOUNT_CREATED_OK' => 'สร้างบัญชีเมล %s@%s แล้ว', + 'DATABASE_CREATED_OK' => 'สร้างฐานข้อมูล %s แล้ว', + 'CRON_CREATED_OK' => 'สร้างงาน Cron แล้ว', + 'IP_CREATED_OK' => 'สร้างที่อยู่ IP %s แล้ว', + 'PACKAGE_CREATED_OK' => 'สร้างแพ็กเกจ %s แล้ว', + 'SSL_GENERATED_OK' => 'สร้าง SSL Certificate แล้ว', + 'RULE_CREATED_OK' => 'สร้างกฎแล้ว', + 'BANLIST_CREATED_OK' => 'สร้างรายการแบนหมายเลข IP แล้ว', 'Autoupdate has been successfully enabled' => 'เปิดใช้งานการอัพเดทอัตโนมัติสำเร็จแล้ว', 'Autoupdate has been successfully disabled' => 'ปิดใช้งานการอัพเดทอัตโนมัติสำเร็จแล้ว', - 'Cronjob email reporting has been successfully enabled' => 'การรายงานทางอีเมลของ Cronjob ได้รับการเปิดใช้งานเรียบร้อยแล้ว', - 'Cronjob email reporting has been successfully disabled' => 'การรายงานทางอีเมลของ Cronjob ได้รับการปิดใช้งานเรียบร้อยแล้ว', + 'Cronjob email reporting has been successfully enabled' => 'เปิดการรายงานทางอีเมลของ Cronjob แล้ว', + 'Cronjob email reporting has been successfully disabled' => 'ปิดการรายงานทางอีเมลของ Cronjob แล้ว', 'Changes has been saved.' => 'บันทึกการเปลี่ยนแปลงแล้ว', 'Confirmation' => 'การยืนยัน', - 'DELETE_USER_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ลบผู้ใช้ %s?', - 'SUSPEND_USER_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ระงับผู้ใช้ %s?', - 'UNSUSPEND_USER_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ เปิดการใช้งานผู้ใช้ %s?', - 'DELETE_DOMAIN_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ลบโดเมน %s?', - 'SUSPEND_DOMAIN_CONFIRMATION' => 'แน่ใจหรือไม่ว่าคุณต้องการ ระงับโดเมน %s?', - 'UNSUSPEND_DOMAIN_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ เปิดการใช้งานโดเมน %s?', - 'DELETE_RECORD_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ลบ Record %s?', - 'SUSPEND_RECORD_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ระงับ Record %s?', - 'UNSUSPEND_RECORD_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ เปิดการใช้งาน Record %s?', - 'DELETE_MAIL_ACCOUNT_CONFIRMATION' => 'คุณแน่ใจหรือว่าต้องการ ลบเมล์ %s?', - 'SUSPEND_MAIL_ACCOUNT_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ระงับเมล์ %s?', - 'UNSUSPEND_MAIL_ACCOUNT_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ เปิดการใช้งานเมล์ %s?', - 'DELETE_DATABASE_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ลบฐานข้อมูล %s?', - 'SUSPEND_DATABASE_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ระงับฐานข้อมูล %s?', - 'UNSUSPEND_DATABASE_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ เปิดการใช้งานฐานข้อมูล %s?', - 'DELETE_CRON_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ลบ cron job?', - 'SUSPEND_CRON_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ระงับ cron job?', - 'UNSUSPEND_CRON_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ เปิดการใช้งาน cron job?', - 'DELETE_BACKUP_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ลบการสำรองข้อมูล %s?', - 'DELETE_EXCLUSION_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ลบ %s ในการยกเว้น?', - 'DELETE_PACKAGE_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ลบแพ็กเกจ %s?', - 'DELETE_IP_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ลบ IP address %s?', - 'DELETE_RULE_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ลบ rule #%s?', - 'SUSPEND_RULE_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ระงับ rule #%s?', - 'UNSUSPEND_RULE_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ เปิดการใช้งาน rule #%s?', - 'LEAVE_PAGE_CONFIRMATION' => 'ออกจากหน้านี้?', - 'RESTART_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการเริ่มต้นใหม่ %s?', + 'DELETE_USER_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ลบผู้ใช้ %s', + 'SUSPEND_USER_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ระงับผู้ใช้ %s', + 'UNSUSPEND_USER_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ เปิดการใช้งานผู้ใช้ %s', + 'DELETE_DOMAIN_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ลบโดเมน %s', + 'SUSPEND_DOMAIN_CONFIRMATION' => 'แน่ใจหรือไม่ว่าคุณต้องการ ระงับโดเมน %s', + 'UNSUSPEND_DOMAIN_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ เปิดการใช้งานโดเมน %s', + 'DELETE_RECORD_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ลบรายการ %s', + 'SUSPEND_RECORD_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ระงับรายการ %s', + 'UNSUSPEND_RECORD_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ เปิดการใช้งานรายการ %s', + 'DELETE_MAIL_ACCOUNT_CONFIRMATION' => 'คุณแน่ใจหรือว่าต้องการ ลบเมล %s', + 'SUSPEND_MAIL_ACCOUNT_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ระงับเมล %s', + 'UNSUSPEND_MAIL_ACCOUNT_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ เปิดการใช้งานเมล %s', + 'DELETE_DATABASE_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ลบฐานข้อมูล %s', + 'SUSPEND_DATABASE_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ระงับฐานข้อมูล %s', + 'UNSUSPEND_DATABASE_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ เปิดการใช้งานฐานข้อมูล %s', + 'DELETE_CRON_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ลบงาน cron', + 'SUSPEND_CRON_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ระงับงาน cron', + 'UNSUSPEND_CRON_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ เปิดการใช้งาน cron', + 'DELETE_BACKUP_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ลบการสำรองข้อมูล %s', + 'DELETE_EXCLUSION_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ลบ %s ในการยกเว้น', + 'DELETE_PACKAGE_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ลบแพ็กเกจ %s', + 'DELETE_IP_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ลบที่อยู่ IP %s', + 'DELETE_RULE_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ลบกฎ #%s', + 'SUSPEND_RULE_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ระงับกฎ #%s', + 'UNSUSPEND_RULE_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ เปิดการใช้งานกฎ #%s', + 'LEAVE_PAGE_CONFIRMATION' => 'ออกจากหน้านี้', + 'RESTART_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการเริ่มต้นใหม่ %s', 'Welcome' => 'ยินดีต้อนรับ', 'LOGGED_IN_AS' => 'เข้าสู่ระบบในฐานะผู้ใช้ %s', 'Error' => 'เกิดข้อผิดพลาด', 'Invalid username or password' => 'ชื่อผู้ใช้หรือรหัสผ่านไม่ถูกต้อง', 'Invalid username or code' => 'ชื่อผู้ใช้หรือรหัสไม่ถูกต้อง', 'Passwords not match' => 'รหัสผ่านทั้งสองไม่ตรงกัน', - 'Please enter valid email address.' => 'กรุณาใส่เมล์ที่ถูกต้อง', + 'Please enter valid email address.' => 'กรุณาใส่เมลที่ถูกต้อง', 'Field "%s" can not be blank.' => 'ช่อง "%s" ไม่สามารถเว้นว่างไว้', 'Password is too short.' => 'รหัสผ่านสั้นเกินไป (ต่ำสุด 6 ตัวอักษร)', 'Error code:' => 'รหัสข้อผิดพลาด: %s', 'SERVICE_ACTION_FAILED' => '"%s" "%s" ล้มเหลว', - 'IP address is in use' => 'IP address กำลังใช้งานอยู่', + 'IP address is in use' => 'ที่อยู่ IP ถูกใช้งานอยู่', 'BACKUP_SCHEDULED' => 'มีการเพิ่มงานลงในคิวแล้ว คุณจะได้รับอีเมลแจ้งเตือนเมื่อการสำรองข้อมูลของคุณพร้อมสำหรับการดาวน์โหลด', 'BACKUP_EXISTS' => 'มีการสำรองข้อมูลอยู่ โปรดรอให้การสำรองข้อมูลในปัจจุบันเสร็จสิ้น', 'RESTORE_SCHEDULED' => 'มีการเพิ่มงานลงในคิวแล้ว คุณจะได้รับการแจ้งเตือนทางอีเมลเมื่อการคืนค่าเสร็จสิ้น', @@ -521,7 +522,7 @@ $LANG['th'] = array( 'FTP login credentials' => 'ข้อมูลการเข้าสู่ระบบ FTP', 'FTP_ACCOUNT_READY' => "มีการสร้างบัญชี FTP และพร้อมใช้งานแล้ว\n\nโฮสต์: %s\nชื่อผู้ใช้: %s_%s\nรหัสผ่าน: %s\n\n--\nVesta Control Panel\n", - 'Database Credentials' => 'ข้อมูลของฐานข้อมูล', + 'Database Credentials' => 'ข้อมูลการใช้งานฐานข้อมูล', 'DATABASE_READY' => "สร้างฐานข้อมูลเรียบร้อยแล้ว\n\nDatabase: %s\nชื่อ: %s\nรหัสผ่าน: %s\n%s\n\n--\nVesta Control Panel\n", 'forgot password' => 'ลืมรหัสผ่าน', @@ -530,7 +531,7 @@ $LANG['th'] = array( 'Confirm Password' => 'ยืนยันรหัสผ่าน', 'Reset' => 'รีเซ็ต', 'Reset Code' => 'รหัสสำหรับรีเซ็ต', - 'RESET_NOTICE' => '', + 'RESET_NOTICE' => 'แจ้งการ', 'RESET_CODE_SENT' => 'รหัสสำหรับรีเซ็ตรหัสผ่านถูกส่งไปยังที่อยู่อีเมลของคุณแล้ว
', 'MAIL_RESET_SUBJECT' => 'ตั้งค่ารหัสผ่านใหม่ที่ %s', 'PASSWORD_RESET_REQUEST' => "หากต้องการรีเซ็ตรหัสผ่านของแผงควบคุมโปรดไปที่ลิงก์นี้:\nhttps://%s/reset/?action=confirm&user=%s&code=%s\n\nAlternatively, คุณอาจจะไปที่ https://%s/reset/?action=code&user=%s และใส่รหัสรีเซ็ตดังต่อไปนี้:\n%s\n\nหากคุณไม่ได้ขอรหัสผ่านใหม่โปรดละเว้นข้อความนี้และยอมรับคำขอโทษของเรา\n\n--\nVesta Control Panel\n", @@ -548,41 +549,41 @@ $LANG['th'] = array( 'Nov' => 'พ.ย.', 'Dec' => 'ธ.ค.', - 'Configuring Server' => 'การกำหนดค่าเซิฟเวอร์', + 'Configuring Server' => 'การกำหนดค่าเซิร์ฟเวอร์', 'Hostname' => 'Hostname', 'Time Zone' => 'เขตเวลา', 'Default Language' => 'ภาษาเริ่มต้น', - 'Proxy Server' => 'Proxy Server', - 'Web Server' => 'Web Server', - 'Backend Server' => 'Backend Server', - 'Backend Pool Mode' => 'Backend Pool Mode', - 'DNS Server' => 'DNS Server', + 'Proxy Server' => 'เซิร์ฟเวอร์ Proxy', + 'Web Server' => 'เซิร์ฟเวอร์เว็บ', + 'Backend Server' => 'เซิร์ฟเวอร์ Backend', + 'Backend Pool Mode' => 'โหมด Backend Pool', + 'DNS Server' => 'เซิร์ฟเวอร์ DNS', 'DNS Cluster' => 'DNS Cluster', - 'MAIL Server' => 'MAIL Server', - 'Antivirus' => 'Antivirus', - 'AntiSpam' => 'AntiSpam', + 'MAIL Server' => 'เซิร์ฟเวอร์เมล', + 'Antivirus' => 'ป้องกันไวรัส', + 'AntiSpam' => 'ป้องกันเมลขยะ', 'Webmail URL' => 'Webmail URL', 'MySQL Support' => 'สนับสนุน MySQL', - 'phpMyAdmin URL' => 'ที่อยู่ของ phpMyAdmin', + 'phpMyAdmin URL' => 'phpMyAdmin URL', 'PostgreSQL Support' => 'สนับสนุน PostgreSQL', - 'phpPgAdmin URL' => 'ที่อยู่ของ phpPgAdmin', + 'phpPgAdmin URL' => 'phpPgAdmin URL', 'Maximum Number Of Databases' => 'จำนวนฐานข้อมูลสูงสุด', 'Current Number Of Databases' => 'จำนวนฐานข้อมูลปัจจุบัน', - 'Local backup' => 'สำรองข้อมูลท้องถิ่น', + 'Local backup' => 'สำรองข้อมูลภายใน', 'Compression level' => 'ระดับการบีบอัด', 'Directory' => 'ไดเร็กทอรี่', - 'Remote backup' => 'การสำรองข้อมูลระยะไกล', + 'Remote backup' => 'การสำรองข้อมูลภายนอก', 'ftp' => 'FTP', 'sftp' => 'SFTP', 'SFTP Chroot' => 'SFTP Chroot', - 'FileSystem Disk Quota' => 'FileSystem Disk Quota', + 'FileSystem Disk Quota' => 'โควต้าการเก็บข้อมูลในระบบ', 'Vesta Control Panel Plugins' => 'ปลั๊กอิน Vesta Control Panel', 'preview' => 'ดูตัวอย่าง', 'Reseller Role' => 'บทบาท Reseller', 'Web Config Editor' => 'เครื่องมือแก้ไขการตั้งค่าเว็บ', 'Template Manager' => 'ตัวจัดการ Template', 'Backup Migration Manager' => 'ตัวจัดการการย้ายข้อมูลสำรอง', - 'FileManager' => 'FileManager', + 'FileManager' => 'ตัวจัดการไฟล์', 'show: CPU / MEM / NET / DISK' => 'แสดง: CPU / MEM / NET / DISK', 'sort by' => 'จัดเรียงโดย', @@ -592,7 +593,7 @@ $LANG['th'] = array( 'save to favorites' => 'บันทึกในรายการโปรด', - 'File Manager' => 'File Manager', + 'File Manager' => 'ตัวจัดการไฟล์', 'size' => 'ขนาด', 'date' => 'วันที่', 'name' => 'ชื่อ', @@ -608,8 +609,8 @@ $LANG['th'] = array( 'ARCHIVE' => 'เก็บถาวร', 'EXTRACT' => 'แตกไฟล์', 'DOWNLOAD' => 'ดาวน์โหลด', - 'Are you sure?' => 'คุณแน่ใจ?', - 'Hit' => 'Hit', + 'Are you sure?' => 'คุณแน่ใจหรือไม่', + 'Hit' => 'จำนวนการเข้าถึง', 'to reload the page' => 'เพื่อโหลดหน้าเว็บใหม่', 'Directory name cannot be empty' => 'ชื่อไดเร็กทอรี่ต้องไม่ว่างเปล่า', 'File name cannot be empty' => 'ชื่อไฟล์ต้องไม่ว่างเปล่า', @@ -629,7 +630,7 @@ $LANG['th'] = array( 'Extract' => 'แตกไฟล์', 'Create' => 'สร้าง', 'Compress' => 'บีบอัด', - 'OK' => 'โอเค', + 'OK' => 'ตกลง', 'YOU ARE COPYING' => 'คุณกำลังคัดลอก', 'YOU ARE REMOVING' => 'คุณกำลังลบ', 'Delete items' => 'ลบรายการ', @@ -667,7 +668,7 @@ $LANG['th'] = array( 'Go to CRON list' => 'ไปที่รายการ CRON', 'Go to BACKUP list' => 'ไปที่รายการ สำรองข้อมูล', 'Focus on search' => 'มุ่งเน้นการค้นหา', - 'Display/Close shortcuts' => 'แสดง/ปิด shortcuts', + 'Display/Close shortcuts' => 'แสดง/ปิดทางลัด', 'Move backward through top menu' => 'เลื่อนกลับไปที่เมนูด้านบน', 'Move forward through top menu' => 'เลื่อนไปข้างหน้าผ่านเมนูด้านบน', 'Enter focused element' => 'ใส่องค์ประกอบที่เน้น', @@ -696,7 +697,7 @@ $LANG['th'] = array( 'Add File to the Current Selection' => 'เพิ่มไฟล์ในการเลือกปัจจุบัน', 'Select All Files' => 'เลือกไฟล์ทั้งหมด', 'shortcuts are inspired by magnificent GNU Midnight Commander file manager' => - 'shortcuts are inspired by magnificent GNU Midnight Commander file manager', + 'ทางลัดต่างๆ ได้แรงบันดาลใจจากตัวจัดการไฟล์ magnificent GNU Midnight Commander', 'Licence Key' => 'License Key', 'Enter License Key' => 'กรอก License Key', @@ -705,7 +706,7 @@ $LANG['th'] = array( 'Disable and Cancel License' => 'ปิดการใช้งาน และยกเลิก License', 'Licence Activated' => 'เปิดใช้งาน License แล้ว', 'Licence Deactivated' => 'ปิดการใช้งาน License แล้ว', - 'Restrict users so that they cannot use SSH and access only their home directory.' => 'จำกัดผู้ใช้เพื่อไม่ให้ใช้ SSH และเข้าถึงไดเร็กทอรี่บ้านเท่านั้น', + 'Restrict users so that they cannot use SSH and access only their home directory.' => 'จำกัดผู้ใช้เพื่อไม่ให้ใช้ SSH และเข้าถึงไดเร็กทอรี่ของตนเองเท่านั้น', 'Browse, copy, edit, view, and retrieve all of your web domain files using fully featured File Manager.' => 'เรียกดู, คัดลอก, แก้ไข, ดู, และเรียกค้นหาไฟล์โดเมนทั้งหมดของเว็บโดยใช้ตัวจัดการไฟล์ที่มีคุณลักษณะครบถ้วน', 'This is a commercial module, you would need to purchace license key to enable it.' => 'สิ่งนี้ไม่ใช่โมดูลฟรี, คุณจะต้องซื้อ License Key เพื่อเปิดใช้งาน', @@ -746,14 +747,14 @@ $LANG['th'] = array( 'PUB_KEY' => 'PUB_KEY', 'ISSUER' => 'ISSUER', - 'Use server hostname' => 'ใช้ server hostname', - 'Use domain hostname' => 'ใช้ domain hostname', + 'Use server hostname' => 'ใช้ hostname ของเซิร์ฟเวอร์', + 'Use domain hostname' => 'ใช้ hostname ของโดเมน', 'Use STARTTLS' => 'ใช้ STARTTLS', 'Use SSL / TLS' => 'ใช้ SSL / TLS', - 'No encryption' => 'ไม่มี encryption', - 'Do not use encryption' => 'ไม่ใช้ encryption', + 'No encryption' => 'ไม่มีการเข้ารหัส', + 'Do not use encryption' => 'ไม่ใช้การเข้ารหัส', 'maximum characters length, including prefix' => 'ความยาว charset สูงสุด %s ตัว, รวมถึงคำนำหน้า', - 'Email Credentials' => 'Email Credentials', + 'Email Credentials' => 'ข้อมูลการใช้อีเมล', ); From 0e484587a84c74293aa02779f85934f22a575ea2 Mon Sep 17 00:00:00 2001 From: Serghey Rodin Date: Thu, 9 Aug 2018 17:42:47 +0300 Subject: [PATCH 06/62] Added back policy.d block for daeomon autostart on install --- install/vst-install-ubuntu.sh | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/install/vst-install-ubuntu.sh b/install/vst-install-ubuntu.sh index a17517e3..bb74295b 100755 --- a/install/vst-install-ubuntu.sh +++ b/install/vst-install-ubuntu.sh @@ -626,15 +626,15 @@ fi # Updating system apt-get update -# Disabling daemon autostart /usr/share/doc/sysv-rc/README.policy-rc.d.gz -#echo -e '#!/bin/sh \nexit 101' > /usr/sbin/policy-rc.d -#chmod a+x /usr/sbin/policy-rc.d +# Disabling daemon autostart on apt-get install +echo -e '#!/bin/sh\nexit 101' > /usr/sbin/policy-rc.d +chmod a+x /usr/sbin/policy-rc.d # Installing apt packages apt-get -y install $software check_result $? "apt-get install failed" -# Restoring policy +# Restoring autostart policy rm -f /usr/sbin/policy-rc.d @@ -912,7 +912,7 @@ if [ -z "$ZONE" ]; then ZONE='UTC' fi for pconf in $(find /etc/php* -name php.ini); do - sed -i "s/;date.timezone =/date.timezone = $ZONE/g" $pconf + sed -i "s%;date.timezone =%date.timezone = $ZONE%g" $pconf sed -i 's%_open_tag = Off%_open_tag = On%g' $pconf done @@ -1129,8 +1129,8 @@ if [ "$exim" = 'yes' ] && [ "$mysql" = 'yes' ]; then fi cp -f $vestacp/roundcube/main.inc.php /etc/roundcube/ cp -f $vestacp/roundcube/db.inc.php /etc/roundcube/ - chmod 640 /etc/roundcube/debian-db-roundcube.php - chown root:www-data /etc/roundcube/debian-db-roundcube.php + chmod 640 /etc/roundcube/debian-db* + chown root:www-data /etc/roundcube/debian-db* cp -f $vestacp/roundcube/vesta.php \ /usr/share/roundcube/plugins/password/drivers/ cp -f $vestacp/roundcube/config.inc.php /etc/roundcube/plugins/password/ From 563a9d8b10243f5627f14ced6060867548b57380 Mon Sep 17 00:00:00 2001 From: dpeca Date: Sun, 12 Aug 2018 03:17:01 +0200 Subject: [PATCH 07/62] Avoid blocking v-backup-user because of already dumped db Well, in one db.conf I found duplicated entry for the same database. root@btvc:~# cat /usr/local/vesta/data/users/btvc2011/db.conf DB='btvc2011_cart' DBUSER='btvc2011_9091dn' MD5='*' HOST='localhost' TYPE='mysql' CHARSET='UTF8' U_DISK='1' SUSPENDED='no' TIME='' DATE='' DB='btvc2011_cart' DBUSER='btvc2011_admin' MD5='*' HOST='localhost' TYPE='mysql' CHARSET='UTF8' U_DISK='0' SUSPENDED='no' TIME='' DATE='' DB='btvc2011_cart' DBUSER='btvc2011_david' MD5='*' HOST='localhost' TYPE='mysql' CHARSET='UTF8' U_DISK='0' SUSPENDED='no' TIME='' DATE='' DB='btvc2011_cart' DBUSER='btvc2011_djn' MD5='*' HOST='localhost' TYPE='mysql' CHARSET='UTF8' U_DISK='0' SUSPENDED='no' TIME='' DATE='' DB='btvc2011_cart' DBUSER='btvc2011_jd' MD5='*' HOST='localhost' TYPE='mysql' CHARSET='UTF8' U_DISK='0' SUSPENDED='no' TIME='' DATE='' DB='btvc2011_cart' DBUSER='btvc2011_oscar' MD5='*' HOST='localhost' TYPE='mysql' CHARSET='UTF8' U_DISK='0' SUSPENDED='no' TIME='' DATE='' Obviously different users has access to the same database. I know that this is impossible to create in Vesta. But @Skamasle thirt-party script for importing cPanels backup obviously CAN do that... and many people use that cPanel importer. This fix will avoid databases that are already dumped. Without this fix backup script get stuck on stdin waiting for: gzip: /backup/tmp.4YlV9Yr4m5/db/btvc2011_cart/btvc2011_cart.mysql.sql.gz already exists; do you wish to overwrite (y or n)? --- bin/v-backup-user | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/bin/v-backup-user b/bin/v-backup-user index bc57cafc..b9fa8420 100755 --- a/bin/v-backup-user +++ b/bin/v-backup-user @@ -393,13 +393,15 @@ if [ ! -z "$DB_SYSTEM" ] && [ "$DB" != '*' ]; then dump="$tmpdir/db/$database/$database.$TYPE.sql" grants="$tmpdir/db/$database/conf/$database.$TYPE.$DBUSER" - case $TYPE in - mysql) dump_mysql_database ;; - pgsql) dump_pgsql_database ;; - esac + if [ ! -f "$dump" ]; then + case $TYPE in + mysql) dump_mysql_database ;; + pgsql) dump_pgsql_database ;; + esac - # Compress dump - gzip -$BACKUP_GZIP $dump + # Compress dump + gzip -$BACKUP_GZIP $dump + fi done # Print total From df7cccac4cc1d1f7fc3aef1b4524c18d9666f00f Mon Sep 17 00:00:00 2001 From: dpeca Date: Sun, 12 Aug 2018 04:25:18 +0200 Subject: [PATCH 08/62] Little fix for previous commit see https://github.com/serghey-rodin/vesta/commit/563a9d8b10243f5627f14ced6060867548b57380 --- bin/v-backup-user | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/bin/v-backup-user b/bin/v-backup-user index b9fa8420..f9569aa4 100755 --- a/bin/v-backup-user +++ b/bin/v-backup-user @@ -392,8 +392,9 @@ if [ ! -z "$DB_SYSTEM" ] && [ "$DB" != '*' ]; then grep "DB='$database'" $conf > vesta/db.conf dump="$tmpdir/db/$database/$database.$TYPE.sql" + dumpgz="$tmpdir/db/$database/$database.$TYPE.sql.gz" grants="$tmpdir/db/$database/conf/$database.$TYPE.$DBUSER" - if [ ! -f "$dump" ]; then + if [ ! -f "$dumpgz" ]; then case $TYPE in mysql) dump_mysql_database ;; pgsql) dump_pgsql_database ;; From d2764a6481a08d7aabdadc30f0ee9c08d5ec6c65 Mon Sep 17 00:00:00 2001 From: Skull Writter <7103685+skullwritter@users.noreply.github.com> Date: Fri, 31 Aug 2018 15:35:21 +0000 Subject: [PATCH 09/62] Missing function: is_format_valid_shell --- func/main.sh | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/func/main.sh b/func/main.sh index be626702..e78e6edf 100644 --- a/func/main.sh +++ b/func/main.sh @@ -805,7 +805,16 @@ is_password_format_valid() { check_result $E_INVALID "invalid password format :: $1" fi } - +# Missing function - +# Before: validate_format_shell +# After: is_format_valid_shell +is_format_valid_shell() { + if [ -z "$(grep -w $1 /etc/shells)" ]; then + echo "Error: shell $1 is not valid" + log_event "$E_INVALID" "$EVENT" + exit $E_INVALID + fi +} # Format validation controller is_format_valid() { for arg_name in $*; do @@ -872,7 +881,9 @@ is_format_valid() { restart) is_boolean_format_valid "$arg" 'restart' ;; rtype) is_dns_type_format_valid "$arg" ;; rule) is_int_format_valid "$arg" "rule id" ;; - soa) is_domain_format_valid "$arg" 'SOA' ;; + soa) is_domain_format_valid "$arg" 'SOA' ;; + #missing command: is_format_valid_shell + shell) is_format_valid_shell "$arg" ;; stats_pass) is_password_format_valid "$arg" ;; stats_user) is_user_format_valid "$arg" "$arg_name" ;; template) is_object_format_valid "$arg" "$arg_name" ;; From 1ba6d24189a463cf6577184ea118c6e2c914564d Mon Sep 17 00:00:00 2001 From: Skull Writter <7103685+skullwritter@users.noreply.github.com> Date: Fri, 31 Aug 2018 15:49:32 +0000 Subject: [PATCH 10/62] Typo in function name --- bin/v-add-user-package | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/bin/v-add-user-package b/bin/v-add-user-package index 23f42725..0cab1a3d 100755 --- a/bin/v-add-user-package +++ b/bin/v-add-user-package @@ -30,37 +30,37 @@ is_package_new() { is_package_consistent() { source $pkg_dir/$package.pkg if [ "$WEB_DOMAINS" != 'unlimited' ]; then - is_format_valid_int $WEB_DOMAINS 'WEB_DOMAINS' + is_int_format_valid $WEB_DOMAINS 'WEB_DOMAINS' fi if [ "$WEB_ALIASES" != 'unlimited' ]; then - is_format_valid_int $WEB_ALIASES 'WEB_ALIASES' + is_int_format_valid $WEB_ALIASES 'WEB_ALIASES' fi if [ "$DNS_DOMAINS" != 'unlimited' ]; then - is_format_valid_int $DNS_DOMAINS 'DNS_DOMAINS' + is_int_format_valid $DNS_DOMAINS 'DNS_DOMAINS' fi if [ "$DNS_RECORDS" != 'unlimited' ]; then - is_format_valid_int $DNS_RECORDS 'DNS_RECORDS' + is_int_format_valid $DNS_RECORDS 'DNS_RECORDS' fi if [ "$MAIL_DOMAINS" != 'unlimited' ]; then - is_format_valid_int $MAIL_DOMAINS 'MAIL_DOMAINS' + is_int_format_valid $MAIL_DOMAINS 'MAIL_DOMAINS' fi if [ "$MAIL_ACCOUNTS" != 'unlimited' ]; then - is_format_valid_int $MAIL_ACCOUNTS 'MAIL_ACCOUNTS' + is_int_format_valid $MAIL_ACCOUNTS 'MAIL_ACCOUNTS' fi if [ "$DATABASES" != 'unlimited' ]; then - is_format_valid_int $DATABASES 'DATABASES' + is_int_format_valid $DATABASES 'DATABASES' fi if [ "$CRON_JOBS" != 'unlimited' ]; then - is_format_valid_int $CRON_JOBS 'CRON_JOBS' + is_int_format_valid $CRON_JOBS 'CRON_JOBS' fi if [ "$DISK_QUOTA" != 'unlimited' ]; then - is_format_valid_int $DISK_QUOTA 'DISK_QUOTA' + is_int_format_valid $DISK_QUOTA 'DISK_QUOTA' fi if [ "$BANDWIDTH" != 'unlimited' ]; then - is_format_valid_int $BANDWIDTH 'BANDWIDTH' + is_int_format_valid $BANDWIDTH 'BANDWIDTH' fi if [ "$BACKUPS" != 'unlimited' ]; then - is_format_valid_int $BACKUPS 'BACKUPS' + is_int_format_valid $BACKUPS 'BACKUPS' fi is_format_valid_shell $SHELL } From e7daba868b7c40e813b7a1eeae805d35d3880fad Mon Sep 17 00:00:00 2001 From: Seia Soto Date: Sat, 8 Sep 2018 23:23:03 +0900 Subject: [PATCH 11/62] Update translations --- web/inc/i18n/ko.php | 46 ++++++++++++++++++++++----------------------- 1 file changed, 23 insertions(+), 23 deletions(-) diff --git a/web/inc/i18n/ko.php b/web/inc/i18n/ko.php index a81db461..a032f265 100644 --- a/web/inc/i18n/ko.php +++ b/web/inc/i18n/ko.php @@ -26,11 +26,11 @@ $LANG['ko'] = array( 'BACKUP' => '백업', 'LOGIN' => '로그인', - 'RESET PASSWORD' => '비밀번호 초기화', + 'RESET PASSWORD' => '비밀번호 재설정', 'SEARCH' => '검색', 'PACKAGE' => '패키지', 'RRD' => 'RRD', - 'STATS' => 'STATS', + 'STATS' => '상태정보', 'LOG' => '기록', 'UPDATES' => '업데이트', 'FIREWALL' => '방화벽', @@ -139,7 +139,7 @@ $LANG['ko'] = array( 'Editing Firewall Rule' => '방화벽 규칙 편집', 'Adding IP Address to Banlist' => 'IP 주소를 차단 목록에 추가', - 'active' => '활성', + 'active' => '활성화됨', 'spnd' => '정지됨', 'suspended' => '정지됨', 'running' => '작동중', @@ -192,10 +192,10 @@ $LANG['ko'] = array( 'backup exclusions' => '백업 예외', 'template' => '템플릿', 'SSL Support' => 'SSL 지원', - 'SSL Home Directory' => 'SSL 홈', + 'SSL Home Directory' => 'SSL 홈 디렉토리', 'Lets Encrypt Support' => 'Lets Encrypt 지원', 'Lets Encrypt' => 'Lets Encrypt', - 'Your certificate will be automatically issued in 5 minutes' => '인증서는 5분 안에 자동으로 발급됩니다', + 'Your certificate will be automatically issued in 5 minutes' => '인증서는 5분 안에 자동으로 발급될 것입니다', 'Proxy Support' => '프록시 지원', 'Proxy Extensions' => '프록시 확장', 'Web Statistics' => '웹 통계', @@ -249,8 +249,8 @@ $LANG['ko'] = array( 'APACHE2 Usage' => 'APACHE2 사용', 'HTTPD Usage' => 'HTTPD 사용', 'NGINX Usage' => 'NGINX 사용', - 'MySQL Usage on localhost' => 'localhost에서의 MySQL 사용', - 'PostgreSQL Usage on localhost' => 'localhost에서의 PostgreSQL 사용', + 'MySQL Usage on localhost' => 'localhost에서 MySQL 사용', + 'PostgreSQL Usage on localhost' => 'localhost에서 PostgreSQL 사용', 'Bandwidth Usage eth0' => 'eth0 대역폭 사용', 'Bandwidth Usage eth1' => 'eth1 대역폭 사용', 'Exim Usage' => 'Exim 사용', @@ -267,7 +267,7 @@ $LANG['ko'] = array( 'ftp server' => 'FTP 서버', 'job scheduler' => '스케줄러 ', 'firewall' => '방화벽', - 'brute-force monitor' => '무차별 공격 모니터', + 'brute-force monitor' => '무차별 대입 공격 모니터', 'CPU' => 'CPU', 'Memory' => '메모리', 'Uptime' => '가동 시간', @@ -285,7 +285,7 @@ $LANG['ko'] = array( 'Language' => '언어', 'First Name' => '이름', 'Last Name' => '성', - 'Send login credentials to email address' => '이메일 주소로 로그인 정보를 보내기', + 'Send login credentials to email address' => '이메일 주소로 로그인 정보 전송', 'Default Template' => '기본 템플릿', 'Default Name Servers' => '기본 네임 서버', 'Domain' => '도메인', @@ -322,7 +322,7 @@ $LANG['ko'] = array( 'Minute' => '분', 'Command' => '명령어', 'Package Name' => '패키지 이름', - 'Netmask' => '넷마크', + 'Netmask' => '넷마스크', 'Interface' => '인터페이스', 'Shared' => '공유된', 'Assigned user' => '부여 된 사용자', @@ -356,7 +356,7 @@ $LANG['ko'] = array( 'IP address' => 'IP 주소', 'netmask' => '넷마스크', 'interface' => '인터페이스', - 'assigned user' => '부여 된 사용자', + 'assigned user' => '부여된 사용자', 'ns1' => 'NS1', 'ns2' => 'NS2', 'user' => '사용자', @@ -386,7 +386,7 @@ $LANG['ko'] = array( 'Port' => '포트', 'Comment' => '댓글', 'Banlist' => '차단 목록', - 'ranges are acceptable' => '허용 가능한 범위', + 'ranges are acceptable' => '허용할 수 있는 범위', 'CIDR format is supported' => 'CIDR 형식이 지원됩니다', 'ACCEPT' => '허용', 'DROP' => '드롭', @@ -474,18 +474,18 @@ $LANG['ko'] = array( 'DELETE_DATABASE_CONFIRMATION' => '정말로 %s 데이터베이스를 삭제 하시겠습니까?', 'SUSPEND_DATABASE_CONFIRMATION' => '정말로 %s 데이터베이스를 정지 시키시겠습니까?', 'UNSUSPEND_DATABASE_CONFIRMATION' => '정말로 %s 데이터베이스의 정지를 해제 하시겠습니까?', - 'DELETE_CRON_CONFIRMATION' => '정말로 Cron 작업을 삭제 하시려는게 맞습니까?', - 'SUSPEND_CRON_CONFIRMATION' => '정말로 Cron 작업을 정지 시키시려는게 맞습니까?', - 'UNSUSPEND_CRON_CONFIRMATION' => '정말로 Cron 작업의 정지를 해제 하시려는게 맞습니까?', - 'DELETE_BACKUP_CONFIRMATION' => '%s 백업을 삭제 하시려는게 맞습니까?', - 'DELETE_EXCLUSION_CONFIRMATION' => '%s 예외를 삭제 하시려는게 맞습니까?', + 'DELETE_CRON_CONFIRMATION' => '정말로 Cron 작업을 삭제 하시겠습니까?', + 'SUSPEND_CRON_CONFIRMATION' => '정말로 Cron 작업을 정지 시키겠습니까?', + 'UNSUSPEND_CRON_CONFIRMATION' => '정말로 Cron 작업의 정지를 해제 하시겠습니까?', + 'DELETE_BACKUP_CONFIRMATION' => '%s 백업을 삭제 하시겠습니까?', + 'DELETE_EXCLUSION_CONFIRMATION' => '%s 예외를 삭제 하시겠습니까?', 'DELETE_PACKAGE_CONFIRMATION' => '정말로 %s 패키지를 삭제 하시겠습니까?', 'DELETE_IP_CONFIRMATION' => '정말로 %s IP 주소를 삭제 하시겠습니까?', - 'DELETE_RULE_CONFIRMATION' => '정말로 #%s 규칙을 삭제하시려는게 맞습니까?', - 'SUSPEND_RULE_CONFIRMATION' => '정말로 #%s 규칙을 정지 시키시려는게 맞습니까?', - 'UNSUSPEND_RULE_CONFIRMATION' => '정말로 #%s 규칙의 정지를 해제 시키시려는게 맞습니까?', + 'DELETE_RULE_CONFIRMATION' => '정말로 #%s 규칙을 삭제 하시겠습니까?', + 'SUSPEND_RULE_CONFIRMATION' => '정말로 #%s 규칙을 정지 하시겠습니까?', + 'UNSUSPEND_RULE_CONFIRMATION' => '정말로 #%s 규칙의 정지를 해제 하시겠습니까?', 'LEAVE_PAGE_CONFIRMATION' => '페이지를 나가시겠습니까?', - 'RESTART_CONFIRMATION' => '%s을/를 재시작 하시려는게 맞습니까?', + 'RESTART_CONFIRMATION' => '%s을(를) 재시작 하시려는게 맞습니까?', 'Welcome' => '환영합니다', 'LOGGED_IN_AS' => '%s 사용자로 로그인 됨', 'Error' => 'Error', @@ -735,7 +735,7 @@ $LANG['ko'] = array( 'webalizer' => 'Webalizer', 'awstats' => 'Awstats', - 'Vesta SSL' => 'Vesta SSL', + 'Vesta SSL' => 'Vesta 인증서', 'SUBJECT' => '주체', 'ALIASES' => '별칭', 'NOT_BEFORE' => '유효 기간(시작)', @@ -754,5 +754,5 @@ $LANG['ko'] = array( 'maximum characters length, including prefix' => '최대 길이는 접두사를 포함하여 %s자입니다.', 'Email Credentials' => '이메일 자격증명', - + ); From 7f20521c5b51a030336cd286938296eb12b7f984 Mon Sep 17 00:00:00 2001 From: Skull Writter <7103685+skullwritter@users.noreply.github.com> Date: Sat, 8 Sep 2018 14:32:11 +0000 Subject: [PATCH 12/62] Enable utf8mb4 charset issue: #1698 --- web/templates/admin/add_db.html | 2 ++ 1 file changed, 2 insertions(+) diff --git a/web/templates/admin/add_db.html b/web/templates/admin/add_db.html index fb369af0..74903241 100644 --- a/web/templates/admin/add_db.html +++ b/web/templates/admin/add_db.html @@ -148,6 +148,8 @@ + + From 5bd270591cf086dde275edb0a8ea7142eef00b54 Mon Sep 17 00:00:00 2001 From: Maksim Usmanov | Maks Date: Sun, 9 Sep 2018 13:51:00 +0200 Subject: [PATCH 13/62] Fix function check_result Check_error not defined --- install/vst-install-ubuntu.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install/vst-install-ubuntu.sh b/install/vst-install-ubuntu.sh index bb74295b..c0655bb2 100755 --- a/install/vst-install-ubuntu.sh +++ b/install/vst-install-ubuntu.sh @@ -236,7 +236,7 @@ fi # Checking root permissions if [ "x$(id -u)" != 'x0' ]; then - check_error 1 "Script can be run executed only by root" + check_result 1 "Script can be run executed only by root" fi # Checking admin user account From 5420b2c95d581fe8135e37a6eba303e3b3e1885e Mon Sep 17 00:00:00 2001 From: myrevery Date: Mon, 10 Sep 2018 01:59:17 +0800 Subject: [PATCH 14/62] Update cn.php Add new keyword and refine some details. --- web/inc/i18n/cn.php | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/web/inc/i18n/cn.php b/web/inc/i18n/cn.php index d47587db..62147871 100644 --- a/web/inc/i18n/cn.php +++ b/web/inc/i18n/cn.php @@ -175,6 +175,7 @@ $LANG['cn'] = array( 'User Directories' => '用户目录', 'Template' => '模板', 'Web Template' => 'Web模板', + 'Backend Support' => '后端支持', //New Keyword for PHP-FPM in WEB page. 'Backend Template' => '后端模板', 'Proxy Template' => '代理模板', 'DNS Template' => 'DNS模板', @@ -265,6 +266,7 @@ $LANG['cn'] = array( 'SSH Usage' => 'SSH 用量', 'reverse proxy' => '反向代理', 'web server' => 'Web服务', + 'backend server' => '后端服务', //New Keyword for PHP-FPM in SERVER page. 'dns server' => 'DNS服务', 'mail server' => '邮箱服务', 'pop/imap server' => 'POP/IMAP服务', @@ -383,9 +385,9 @@ $LANG['cn'] = array( 'ErrorLog' => '错误日志', 'Download AccessLog' => '下载访问日志', 'Download ErrorLog' => '下载错误日志', - 'Country' => '国家', - '2 letter code' => '2位国家简码 如: 中国CN / 美国US', - 'State / Province' => '州 / 省', + 'Country' => '国家地区', + '2 letter code' => '采用 ISO 3166-1 二位代码 如: 中国CN / 美国US', + 'State / Province' => '州 / 省级', 'City / Locality' => '市 / 地区', 'Organization' => '组织名称', 'Action' => '操作', @@ -719,10 +721,10 @@ $LANG['cn'] = array( 'Run Command' => '运行指令于', 'every month' => '每个月', 'every odd month' => '每个奇数月', - 'every even month' => '每隔 2 月', + 'every even month' => '每个偶数月', 'every day' => '每日', 'every odd day' => '每个奇数日', - 'every even day' => '每隔 2 日', + 'every even day' => '每个偶数日', 'weekdays (5 days)' => '工作日 (5天)', 'weekend (2 days)' => '双休日 (2天)', 'Monday' => '周一 ', @@ -748,7 +750,7 @@ $LANG['cn'] = array( 'NOT_BEFORE' => '有效期从', 'NOT_AFTER' => '有效期至', 'SIGNATURE' => '签名算法', - 'PUB_KEY' => '密钥位数', + 'PUB_KEY' => '公钥长度', 'ISSUER' => '颁发者', 'Use server hostname' => '采用服务器主机名', From 7b0597fc417bb83f0a378454ba1a7ad34d977621 Mon Sep 17 00:00:00 2001 From: marcos Date: Sun, 14 Oct 2018 15:28:48 +0200 Subject: [PATCH 15/62] traducciones --- web/inc/i18n/es.php | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/web/inc/i18n/es.php b/web/inc/i18n/es.php index 1f2c36dd..8cf45ddf 100644 --- a/web/inc/i18n/es.php +++ b/web/inc/i18n/es.php @@ -193,11 +193,11 @@ $LANG['es'] = array( 'Mail Accounts' => 'Cuentas de Correo', 'Cron Jobs' => 'Tareas Programadas', 'SSH Access' => 'Acceso SSH', - 'IP Address' => 'IP Address', - 'IP Addresses' => 'Dirección IP', + 'IP Address' => 'Dirección IP', + 'IP Addresses' => 'Direcciones IP', 'Backups' => 'Respaldos', 'Backup System' => 'Sistema de Respaldo', - 'backup exclusions' => 'respaldos excluídos', + 'backup exclusions' => 'configurar exlusiones', 'template' => 'plantilla', 'SSL Support' => 'Soportar SSL', 'SSL Home Directory' => 'Directorio local del SSL', @@ -248,8 +248,8 @@ $LANG['es'] = array( 'SYS' => 'SYS', 'Domains' => 'Dominios', 'Status' => 'Estado', - 'shared' => 'compartido', - 'dedicated' => 'dedicado', + 'shared' => 'compartida', + 'dedicated' => 'dedicada', 'Owner' => 'Dueño', 'Users' => 'Usuarios', 'Load Average' => 'Promedio de carga', @@ -332,7 +332,7 @@ $LANG['es'] = array( 'Package Name' => 'Nombre del Plan', 'Netmask' => 'Máscara de Red', 'Interface' => 'Interfaz', - 'Shared' => 'Compartido', + 'Shared' => 'Compartida', 'Assigned user' => 'Usuario asignado', 'Assigned domain' => 'Dominio asignado', 'NAT IP association' => 'Asociación NAT IP', @@ -762,4 +762,5 @@ $LANG['es'] = array( 'maximum characters length, including prefix' => 'usar un máximo de %s caracteres, incluyendo prefijo', 'Email Credentials' => 'Email Credentials', + ); From 1557f9bc8cbdb349a83bce96093b1717b36cf5cd Mon Sep 17 00:00:00 2001 From: Serghey Rodin Date: Wed, 17 Oct 2018 17:27:03 +0300 Subject: [PATCH 16/62] Security: separate passwords for databases --- install/vst-install-amazon.sh | 14 ++++++++------ install/vst-install-debian.sh | 12 +++++++----- install/vst-install-rhel.sh | 14 ++++++++------ install/vst-install-ubuntu.sh | 12 +++++++----- 4 files changed, 30 insertions(+), 22 deletions(-) diff --git a/install/vst-install-amazon.sh b/install/vst-install-amazon.sh index 899d4cd8..e419d019 100644 --- a/install/vst-install-amazon.sh +++ b/install/vst-install-amazon.sh @@ -1008,8 +1008,9 @@ if [ "$mysql" = 'yes' ]; then fi # Securing MySQL installation - mysqladmin -u root password $vpass - echo -e "[client]\npassword='$vpass'\n" > /root/.my.cnf + mpass=$(gen_pass) + mysqladmin -u root password $mpass + echo -e "[client]\npassword='$mpass'\n" > /root/.my.cnf chmod 600 /root/.my.cnf mysql -e "DELETE FROM mysql.user WHERE User=''" mysql -e "DROP DATABASE test" >/dev/null 2>&1 @@ -1031,9 +1032,10 @@ fi #----------------------------------------------------------# if [ "$postgresql" = 'yes' ]; then + ppass=$(gen_pass) if [ $release -eq 5 ]; then service postgresql start - sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$vpass'" + sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$ppass'" service postgresql stop cp -f $vestacp/postgresql/pg_hba.conf /var/lib/pgsql/data/ service postgresql start @@ -1041,7 +1043,7 @@ if [ "$postgresql" = 'yes' ]; then service postgresql initdb cp -f $vestacp/postgresql/pg_hba.conf /var/lib/pgsql/data/ service postgresql start - sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$vpass'" + sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$ppass'" fi # Configuring phpPgAdmin if [ "$apache" = 'yes' ]; then @@ -1272,13 +1274,13 @@ fi # Configuring MySQL host if [ "$mysql" = 'yes' ]; then - $VESTA/bin/v-add-database-host mysql localhost root $vpass + $VESTA/bin/v-add-database-host mysql localhost root $mpass $VESTA/bin/v-add-database admin default default $(gen_pass) mysql fi # Configuring PostgreSQL host if [ "$postgresql" = 'yes' ]; then - $VESTA/bin/v-add-database-host pgsql localhost postgres $vpass + $VESTA/bin/v-add-database-host pgsql localhost postgres $ppass $VESTA/bin/v-add-database admin db db $(gen_pass) pgsql fi diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index 4b5d293d..013f3160 100644 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -985,8 +985,9 @@ if [ "$mysql" = 'yes' ]; then check_result $? "mysql start failed" # Securing MySQL installation - mysqladmin -u root password $vpass - echo -e "[client]\npassword='$vpass'\n" > /root/.my.cnf + mpass=$(gen_pass) + mysqladmin -u root password $mpass + echo -e "[client]\npassword='$mpass'\n" > /root/.my.cnf chmod 600 /root/.my.cnf mysql -e "DELETE FROM mysql.user WHERE User=''" mysql -e "DROP DATABASE test" >/dev/null 2>&1 @@ -1008,9 +1009,10 @@ fi #----------------------------------------------------------# if [ "$postgresql" = 'yes' ]; then + ppass=$(gen_pass) wget $vestacp/postgresql/pg_hba.conf -O /etc/postgresql/*/main/pg_hba.conf service postgresql restart - sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$vpass'" + sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$ppass'" # Configuring phpPgAdmin if [ "$apache" = 'yes' ]; then @@ -1298,13 +1300,13 @@ fi # Configuring mysql host if [ "$mysql" = 'yes' ]; then - $VESTA/bin/v-add-database-host mysql localhost root $vpass + $VESTA/bin/v-add-database-host mysql localhost root $mpass $VESTA/bin/v-add-database admin default default $(gen_pass) mysql fi # Configuring pgsql host if [ "$postgresql" = 'yes' ]; then - $VESTA/bin/v-add-database-host pgsql localhost postgres $vpass + $VESTA/bin/v-add-database-host pgsql localhost postgres $ppass $VESTA/bin/v-add-database admin db db $(gen_pass) pgsql fi diff --git a/install/vst-install-rhel.sh b/install/vst-install-rhel.sh index 1ecd2235..4a863464 100755 --- a/install/vst-install-rhel.sh +++ b/install/vst-install-rhel.sh @@ -1024,8 +1024,9 @@ if [ "$mysql" = 'yes' ]; then fi # Securing MySQL installation - mysqladmin -u root password $vpass - echo -e "[client]\npassword='$vpass'\n" > /root/.my.cnf + mpass=$(gen_pass) + mysqladmin -u root password $mpass + echo -e "[client]\npassword='$mpass'\n" > /root/.my.cnf chmod 600 /root/.my.cnf mysql -e "DELETE FROM mysql.user WHERE User=''" mysql -e "DROP DATABASE test" >/dev/null 2>&1 @@ -1047,9 +1048,10 @@ fi #----------------------------------------------------------# if [ "$postgresql" = 'yes' ]; then + ppass=$(gen_pass) if [ $release -eq 5 ]; then service postgresql start - sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$vpass'" + sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$ppass'" service postgresql stop cp -f $vestacp/postgresql/pg_hba.conf /var/lib/pgsql/data/ service postgresql start @@ -1057,7 +1059,7 @@ if [ "$postgresql" = 'yes' ]; then service postgresql initdb cp -f $vestacp/postgresql/pg_hba.conf /var/lib/pgsql/data/ service postgresql start - sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$vpass'" + sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$ppass'" fi # Configuring phpPgAdmin if [ "$apache" = 'yes' ]; then @@ -1289,13 +1291,13 @@ fi # Configuring MySQL/MariaDB host if [ "$mysql" = 'yes' ]; then - $VESTA/bin/v-add-database-host mysql localhost root $vpass + $VESTA/bin/v-add-database-host mysql localhost root $mpass $VESTA/bin/v-add-database admin default default $(gen_pass) mysql fi # Configuring PostgreSQL host if [ "$postgresql" = 'yes' ]; then - $VESTA/bin/v-add-database-host pgsql localhost postgres $vpass + $VESTA/bin/v-add-database-host pgsql localhost postgres $ppass $VESTA/bin/v-add-database admin db db $(gen_pass) pgsql fi diff --git a/install/vst-install-ubuntu.sh b/install/vst-install-ubuntu.sh index c0655bb2..bfcf8919 100755 --- a/install/vst-install-ubuntu.sh +++ b/install/vst-install-ubuntu.sh @@ -977,8 +977,9 @@ if [ "$mysql" = 'yes' ]; then check_result $? "mysql start failed" # Securing MySQL/MariaDB installation - mysqladmin -u root password $vpass - echo -e "[client]\npassword='$vpass'\n" > /root/.my.cnf + mpass=$(gen_pass) + mysqladmin -u root password $mpass + echo -e "[client]\npassword='$mpass'\n" > /root/.my.cnf chmod 600 /root/.my.cnf mysql -e "DELETE FROM mysql.user WHERE User=''" mysql -e "DROP DATABASE test" >/dev/null 2>&1 @@ -1000,9 +1001,10 @@ fi #----------------------------------------------------------# if [ "$postgresql" = 'yes' ]; then + ppass=$(gen_pass) cp -f $vestacp/postgresql/pg_hba.conf /etc/postgresql/*/main/ service postgresql restart - sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$vpass'" + sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$ppass'" # Configuring phpPgAdmin if [ "$apache" = 'yes' ]; then @@ -1235,13 +1237,13 @@ fi # Configuring MySQL/MariaDB host if [ "$mysql" = 'yes' ]; then - $VESTA/bin/v-add-database-host mysql localhost root $vpass + $VESTA/bin/v-add-database-host mysql localhost root $mpass $VESTA/bin/v-add-database admin default default $(gen_pass) mysql fi # Configuring PostgreSQL host if [ "$postgresql" = 'yes' ]; then - $VESTA/bin/v-add-database-host pgsql localhost postgres $vpass + $VESTA/bin/v-add-database-host pgsql localhost postgres $ppass $VESTA/bin/v-add-database admin db db $(gen_pass) pgsql fi From a1b3aa3a8432b72842fe13ee77a892d2bba2b022 Mon Sep 17 00:00:00 2001 From: Serghey Rodin Date: Wed, 17 Oct 2018 22:06:17 +0300 Subject: [PATCH 17/62] No stats with distro name anymore --- install/vst-install-amazon.sh | 3 --- install/vst-install-debian.sh | 3 --- install/vst-install-rhel.sh | 3 --- install/vst-install-ubuntu.sh | 3 --- 4 files changed, 12 deletions(-) diff --git a/install/vst-install-amazon.sh b/install/vst-install-amazon.sh index e419d019..8dbdaa14 100644 --- a/install/vst-install-amazon.sh +++ b/install/vst-install-amazon.sh @@ -1334,9 +1334,6 @@ $VESTA/bin/v-add-cron-vesta-autoupdate # Vesta Access Info # #----------------------------------------------------------# -# Sending install notification to vestacp.com -wget vestacp.com/notify/?$codename -O /dev/null -q - # Comparing hostname and IP host_ip=$(host $servername |head -n 1 |awk '{print $NF}') if [ "$host_ip" = "$ip" ]; then diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index 013f3160..47f36142 100644 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -1361,9 +1361,6 @@ $VESTA/bin/v-add-cron-vesta-autoupdate # Vesta Access Info # #----------------------------------------------------------# -# Sending install notification to vestacp.com -wget vestacp.com/notify/?$codename -O /dev/null -q - # Comparing hostname and ip host_ip=$(host $servername| head -n 1 | awk '{print $NF}') if [ "$host_ip" = "$ip" ]; then diff --git a/install/vst-install-rhel.sh b/install/vst-install-rhel.sh index 4a863464..3aaad808 100755 --- a/install/vst-install-rhel.sh +++ b/install/vst-install-rhel.sh @@ -1351,9 +1351,6 @@ $VESTA/bin/v-add-cron-vesta-autoupdate # Vesta Access Info # #----------------------------------------------------------# -# Sending install notification to vestacp.com -wget vestacp.com/notify/?$codename -O /dev/null -q - # Comparing hostname and IP host_ip=$(host $servername |head -n 1 |awk '{print $NF}') if [ "$host_ip" = "$ip" ]; then diff --git a/install/vst-install-ubuntu.sh b/install/vst-install-ubuntu.sh index bfcf8919..4cc5ee86 100755 --- a/install/vst-install-ubuntu.sh +++ b/install/vst-install-ubuntu.sh @@ -1297,9 +1297,6 @@ $VESTA/bin/v-add-cron-vesta-autoupdate # Vesta Access Info # #----------------------------------------------------------# -# Sending install notification to vestacp.com -wget vestacp.com/notify/?$codename -O /dev/null -q - # Comparing hostname and IP host_ip=$(host $servername| head -n 1 |awk '{print $NF}') if [ "$host_ip" = "$ip" ]; then From 67a0e8d1086eb271df7e12fc67f1db482be8cb46 Mon Sep 17 00:00:00 2001 From: Serghey Rodin Date: Wed, 17 Oct 2018 22:27:06 +0300 Subject: [PATCH 18/62] limit config visibility to /etc and /var/lib --- bin/v-open-fs-config | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/bin/v-open-fs-config b/bin/v-open-fs-config index 6a4f54fd..720df86a 100755 --- a/bin/v-open-fs-config +++ b/bin/v-open-fs-config @@ -35,6 +35,11 @@ if [ ! -z "$src_file" ]; then echo "Error: invalid source path $src_file" exit 2 fi + spath=$(echo "$rpath" |egrep "/etc|/var/lib") + if [ -z "$spath" ]; then + echo "Error: invalid source path $src_file" + exit 2 + fi fi # Reading conf From 5f68c1b634abec2d5a4f83156bfd223d3a792f77 Mon Sep 17 00:00:00 2001 From: Serghey Rodin Date: Wed, 17 Oct 2018 23:28:37 +0300 Subject: [PATCH 19/62] Timing attack fix from security experts https://arcturussecurity.com --- web/reset/index.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/reset/index.php b/web/reset/index.php index abde3c14..0d90d15d 100644 --- a/web/reset/index.php +++ b/web/reset/index.php @@ -48,7 +48,7 @@ if ((!empty($_POST['user'])) && (!empty($_POST['code'])) && (!empty($_POST['pass if ( $return_var == 0 ) { $data = json_decode(implode('', $output), true); $rkey = $data[$user]['RKEY']; - if ($rkey == $_POST['code']) { + if (hash_equals($rkey, $POST[‘code’])) { $v_password = tempnam("/tmp","vst"); $fp = fopen($v_password, "w"); fwrite($fp, $_POST['password']."\n"); From d880b5b4254ed3d89303227d7de4a79e8e0579a7 Mon Sep 17 00:00:00 2001 From: Serghey Rodin Date: Wed, 17 Oct 2018 23:58:27 +0300 Subject: [PATCH 20/62] limit sudo for admin to vesta scripts only --- install/debian/7/sudo/admin | 2 +- install/debian/8/sudo/admin | 2 +- install/debian/9/sudo/admin | 2 +- install/rhel/5/sudo/admin | 2 +- install/rhel/6/sudo/admin | 2 +- install/rhel/7/sudo/admin | 2 +- install/ubuntu/12.04/sudo/admin | 2 +- install/ubuntu/12.10/sudo/admin | 2 +- install/ubuntu/13.04/sudo/admin | 2 +- install/ubuntu/13.10/sudo/admin | 2 +- install/ubuntu/14.04/sudo/admin | 2 +- install/ubuntu/14.10/sudo/admin | 2 +- install/ubuntu/15.04/sudo/admin | 2 +- install/ubuntu/15.10/sudo/admin | 2 +- install/ubuntu/16.04/sudo/admin | 2 +- install/ubuntu/16.10/sudo/admin | 2 +- install/ubuntu/17.04/sudo/admin | 2 +- install/ubuntu/17.10/sudo/admin | 2 +- install/ubuntu/18.04/sudo/admin | 2 +- 19 files changed, 19 insertions(+), 19 deletions(-) diff --git a/install/debian/7/sudo/admin b/install/debian/7/sudo/admin index 4226bdd4..331fa1f2 100644 --- a/install/debian/7/sudo/admin +++ b/install/debian/7/sudo/admin @@ -4,5 +4,5 @@ Defaults:admin !syslog Defaults:admin !requiretty Defaults:root !requiretty -admin ALL=(ALL) ALL +# sudo is limited to vesta scripts admin ALL=NOPASSWD:/usr/local/vesta/bin/* diff --git a/install/debian/8/sudo/admin b/install/debian/8/sudo/admin index 4226bdd4..331fa1f2 100644 --- a/install/debian/8/sudo/admin +++ b/install/debian/8/sudo/admin @@ -4,5 +4,5 @@ Defaults:admin !syslog Defaults:admin !requiretty Defaults:root !requiretty -admin ALL=(ALL) ALL +# sudo is limited to vesta scripts admin ALL=NOPASSWD:/usr/local/vesta/bin/* diff --git a/install/debian/9/sudo/admin b/install/debian/9/sudo/admin index 4226bdd4..331fa1f2 100644 --- a/install/debian/9/sudo/admin +++ b/install/debian/9/sudo/admin @@ -4,5 +4,5 @@ Defaults:admin !syslog Defaults:admin !requiretty Defaults:root !requiretty -admin ALL=(ALL) ALL +# sudo is limited to vesta scripts admin ALL=NOPASSWD:/usr/local/vesta/bin/* diff --git a/install/rhel/5/sudo/admin b/install/rhel/5/sudo/admin index 4226bdd4..331fa1f2 100644 --- a/install/rhel/5/sudo/admin +++ b/install/rhel/5/sudo/admin @@ -4,5 +4,5 @@ Defaults:admin !syslog Defaults:admin !requiretty Defaults:root !requiretty -admin ALL=(ALL) ALL +# sudo is limited to vesta scripts admin ALL=NOPASSWD:/usr/local/vesta/bin/* diff --git a/install/rhel/6/sudo/admin b/install/rhel/6/sudo/admin index 4226bdd4..331fa1f2 100644 --- a/install/rhel/6/sudo/admin +++ b/install/rhel/6/sudo/admin @@ -4,5 +4,5 @@ Defaults:admin !syslog Defaults:admin !requiretty Defaults:root !requiretty -admin ALL=(ALL) ALL +# sudo is limited to vesta scripts admin ALL=NOPASSWD:/usr/local/vesta/bin/* diff --git a/install/rhel/7/sudo/admin b/install/rhel/7/sudo/admin index 4226bdd4..331fa1f2 100644 --- a/install/rhel/7/sudo/admin +++ b/install/rhel/7/sudo/admin @@ -4,5 +4,5 @@ Defaults:admin !syslog Defaults:admin !requiretty Defaults:root !requiretty -admin ALL=(ALL) ALL +# sudo is limited to vesta scripts admin ALL=NOPASSWD:/usr/local/vesta/bin/* diff --git a/install/ubuntu/12.04/sudo/admin b/install/ubuntu/12.04/sudo/admin index 4226bdd4..331fa1f2 100644 --- a/install/ubuntu/12.04/sudo/admin +++ b/install/ubuntu/12.04/sudo/admin @@ -4,5 +4,5 @@ Defaults:admin !syslog Defaults:admin !requiretty Defaults:root !requiretty -admin ALL=(ALL) ALL +# sudo is limited to vesta scripts admin ALL=NOPASSWD:/usr/local/vesta/bin/* diff --git a/install/ubuntu/12.10/sudo/admin b/install/ubuntu/12.10/sudo/admin index 4226bdd4..331fa1f2 100644 --- a/install/ubuntu/12.10/sudo/admin +++ b/install/ubuntu/12.10/sudo/admin @@ -4,5 +4,5 @@ Defaults:admin !syslog Defaults:admin !requiretty Defaults:root !requiretty -admin ALL=(ALL) ALL +# sudo is limited to vesta scripts admin ALL=NOPASSWD:/usr/local/vesta/bin/* diff --git a/install/ubuntu/13.04/sudo/admin b/install/ubuntu/13.04/sudo/admin index 4226bdd4..331fa1f2 100644 --- a/install/ubuntu/13.04/sudo/admin +++ b/install/ubuntu/13.04/sudo/admin @@ -4,5 +4,5 @@ Defaults:admin !syslog Defaults:admin !requiretty Defaults:root !requiretty -admin ALL=(ALL) ALL +# sudo is limited to vesta scripts admin ALL=NOPASSWD:/usr/local/vesta/bin/* diff --git a/install/ubuntu/13.10/sudo/admin b/install/ubuntu/13.10/sudo/admin index 4226bdd4..331fa1f2 100644 --- a/install/ubuntu/13.10/sudo/admin +++ b/install/ubuntu/13.10/sudo/admin @@ -4,5 +4,5 @@ Defaults:admin !syslog Defaults:admin !requiretty Defaults:root !requiretty -admin ALL=(ALL) ALL +# sudo is limited to vesta scripts admin ALL=NOPASSWD:/usr/local/vesta/bin/* diff --git a/install/ubuntu/14.04/sudo/admin b/install/ubuntu/14.04/sudo/admin index 4226bdd4..331fa1f2 100644 --- a/install/ubuntu/14.04/sudo/admin +++ b/install/ubuntu/14.04/sudo/admin @@ -4,5 +4,5 @@ Defaults:admin !syslog Defaults:admin !requiretty Defaults:root !requiretty -admin ALL=(ALL) ALL +# sudo is limited to vesta scripts admin ALL=NOPASSWD:/usr/local/vesta/bin/* diff --git a/install/ubuntu/14.10/sudo/admin b/install/ubuntu/14.10/sudo/admin index 4226bdd4..331fa1f2 100644 --- a/install/ubuntu/14.10/sudo/admin +++ b/install/ubuntu/14.10/sudo/admin @@ -4,5 +4,5 @@ Defaults:admin !syslog Defaults:admin !requiretty Defaults:root !requiretty -admin ALL=(ALL) ALL +# sudo is limited to vesta scripts admin ALL=NOPASSWD:/usr/local/vesta/bin/* diff --git a/install/ubuntu/15.04/sudo/admin b/install/ubuntu/15.04/sudo/admin index 4226bdd4..331fa1f2 100644 --- a/install/ubuntu/15.04/sudo/admin +++ b/install/ubuntu/15.04/sudo/admin @@ -4,5 +4,5 @@ Defaults:admin !syslog Defaults:admin !requiretty Defaults:root !requiretty -admin ALL=(ALL) ALL +# sudo is limited to vesta scripts admin ALL=NOPASSWD:/usr/local/vesta/bin/* diff --git a/install/ubuntu/15.10/sudo/admin b/install/ubuntu/15.10/sudo/admin index 4226bdd4..331fa1f2 100644 --- a/install/ubuntu/15.10/sudo/admin +++ b/install/ubuntu/15.10/sudo/admin @@ -4,5 +4,5 @@ Defaults:admin !syslog Defaults:admin !requiretty Defaults:root !requiretty -admin ALL=(ALL) ALL +# sudo is limited to vesta scripts admin ALL=NOPASSWD:/usr/local/vesta/bin/* diff --git a/install/ubuntu/16.04/sudo/admin b/install/ubuntu/16.04/sudo/admin index 4226bdd4..331fa1f2 100644 --- a/install/ubuntu/16.04/sudo/admin +++ b/install/ubuntu/16.04/sudo/admin @@ -4,5 +4,5 @@ Defaults:admin !syslog Defaults:admin !requiretty Defaults:root !requiretty -admin ALL=(ALL) ALL +# sudo is limited to vesta scripts admin ALL=NOPASSWD:/usr/local/vesta/bin/* diff --git a/install/ubuntu/16.10/sudo/admin b/install/ubuntu/16.10/sudo/admin index 4226bdd4..331fa1f2 100644 --- a/install/ubuntu/16.10/sudo/admin +++ b/install/ubuntu/16.10/sudo/admin @@ -4,5 +4,5 @@ Defaults:admin !syslog Defaults:admin !requiretty Defaults:root !requiretty -admin ALL=(ALL) ALL +# sudo is limited to vesta scripts admin ALL=NOPASSWD:/usr/local/vesta/bin/* diff --git a/install/ubuntu/17.04/sudo/admin b/install/ubuntu/17.04/sudo/admin index 4226bdd4..331fa1f2 100644 --- a/install/ubuntu/17.04/sudo/admin +++ b/install/ubuntu/17.04/sudo/admin @@ -4,5 +4,5 @@ Defaults:admin !syslog Defaults:admin !requiretty Defaults:root !requiretty -admin ALL=(ALL) ALL +# sudo is limited to vesta scripts admin ALL=NOPASSWD:/usr/local/vesta/bin/* diff --git a/install/ubuntu/17.10/sudo/admin b/install/ubuntu/17.10/sudo/admin index 4226bdd4..331fa1f2 100644 --- a/install/ubuntu/17.10/sudo/admin +++ b/install/ubuntu/17.10/sudo/admin @@ -4,5 +4,5 @@ Defaults:admin !syslog Defaults:admin !requiretty Defaults:root !requiretty -admin ALL=(ALL) ALL +# sudo is limited to vesta scripts admin ALL=NOPASSWD:/usr/local/vesta/bin/* diff --git a/install/ubuntu/18.04/sudo/admin b/install/ubuntu/18.04/sudo/admin index 4226bdd4..331fa1f2 100644 --- a/install/ubuntu/18.04/sudo/admin +++ b/install/ubuntu/18.04/sudo/admin @@ -4,5 +4,5 @@ Defaults:admin !syslog Defaults:admin !requiretty Defaults:root !requiretty -admin ALL=(ALL) ALL +# sudo is limited to vesta scripts admin ALL=NOPASSWD:/usr/local/vesta/bin/* From cde42691701667502369f76e197c30005431f959 Mon Sep 17 00:00:00 2001 From: Serghey Rodin Date: Thu, 18 Oct 2018 00:14:28 +0300 Subject: [PATCH 21/62] Release 0.9.8-23 --- src/deb/ioncube/control | 2 +- src/deb/nginx/control | 2 +- src/deb/php/control | 2 +- src/deb/softaculous/control | 2 +- src/deb/vesta/control | 2 +- src/deb/vesta/postinst | 8 ++++++++ src/rpm/specs/vesta-ioncube.spec | 2 +- src/rpm/specs/vesta-nginx.spec | 2 +- src/rpm/specs/vesta-php.spec | 2 +- src/rpm/specs/vesta-softaculous.spec | 2 +- src/rpm/specs/vesta.spec | 17 ++++++++++++++++- upd/add_notifications.sh | 2 +- upd/fix_dhcprenew.sh | 20 ++++++++++++++++++++ upd/limit_sudo.sh | 6 ++++++ 14 files changed, 60 insertions(+), 11 deletions(-) create mode 100755 upd/fix_dhcprenew.sh create mode 100755 upd/limit_sudo.sh diff --git a/src/deb/ioncube/control b/src/deb/ioncube/control index 89268f6e..9db6cc14 100644 --- a/src/deb/ioncube/control +++ b/src/deb/ioncube/control @@ -1,7 +1,7 @@ Source: vesta-ioncube Package: vesta-ioncube Priority: optional -Version: 0.9.8-22 +Version: 0.9.8-23 Section: admin Maintainer: Serghey Rodin Homepage: https://www.ioncube.com diff --git a/src/deb/nginx/control b/src/deb/nginx/control index 9dc7351a..19ec8bbb 100644 --- a/src/deb/nginx/control +++ b/src/deb/nginx/control @@ -1,7 +1,7 @@ Source: vesta-nginx Package: vesta-nginx Priority: optional -Version: 0.9.8-22 +Version: 0.9.8-23 Section: admin Maintainer: Serghey Rodin Homepage: http://vestacp.com diff --git a/src/deb/php/control b/src/deb/php/control index 3714008d..e8702027 100644 --- a/src/deb/php/control +++ b/src/deb/php/control @@ -1,7 +1,7 @@ Source: vesta-php Package: vesta-php Priority: optional -Version: 0.9.8-22 +Version: 0.9.8-23 Section: admin Maintainer: Serghey Rodin Homepage: http://vestacp.com diff --git a/src/deb/softaculous/control b/src/deb/softaculous/control index 35140df6..c5c9eb67 100644 --- a/src/deb/softaculous/control +++ b/src/deb/softaculous/control @@ -1,7 +1,7 @@ Source: vesta-softaculous Package: vesta-softaculous Priority: optional -Version: 0.9.8-22 +Version: 0.9.8-23 Section: admin Maintainer: Serghey Rodin Homepage: https://www.softaculous.com diff --git a/src/deb/vesta/control b/src/deb/vesta/control index 028a4e41..9f83c2a6 100644 --- a/src/deb/vesta/control +++ b/src/deb/vesta/control @@ -1,7 +1,7 @@ Source: vesta Package: vesta Priority: optional -Version: 0.9.8-22 +Version: 0.9.8-23 Section: admin Maintainer: Serghey Rodin Homepage: http://vestacp.com diff --git a/src/deb/vesta/postinst b/src/deb/vesta/postinst index 3cba15e9..516df08b 100755 --- a/src/deb/vesta/postinst +++ b/src/deb/vesta/postinst @@ -28,4 +28,12 @@ if [ -x /usr/local/vesta/upd/fix_roundcube.sh ]; then /usr/local/vesta/upd/fix_roundcube.sh fi +if [ -x /usr/local/vesta/upd/limit_sudo.sh ]; then + /usr/local/vesta/upd/limit_sudo.sh +fi + +if [ -x /usr/local/vesta/upd/fix_dhcprenew.sh ]; then + /usr/local/vesta/upd/fix_dhcprenew.sh +fi + exit 0 diff --git a/src/rpm/specs/vesta-ioncube.spec b/src/rpm/specs/vesta-ioncube.spec index 5d48dc29..54bb5cf4 100644 --- a/src/rpm/specs/vesta-ioncube.spec +++ b/src/rpm/specs/vesta-ioncube.spec @@ -1,6 +1,6 @@ Name: vesta-ioncube Version: 0.9.8 -Release: 22 +Release: 23 Summary: ionCube Loader Group: System Environment/Base License: "Freely redistributable without restriction" diff --git a/src/rpm/specs/vesta-nginx.spec b/src/rpm/specs/vesta-nginx.spec index a633ef85..ca530cc1 100644 --- a/src/rpm/specs/vesta-nginx.spec +++ b/src/rpm/specs/vesta-nginx.spec @@ -1,6 +1,6 @@ Name: vesta-nginx Version: 0.9.8 -Release: 22 +Release: 23 Summary: Vesta Control Panel Group: System Environment/Base License: BSD-like diff --git a/src/rpm/specs/vesta-php.spec b/src/rpm/specs/vesta-php.spec index 12d1c401..fe5aded9 100644 --- a/src/rpm/specs/vesta-php.spec +++ b/src/rpm/specs/vesta-php.spec @@ -1,6 +1,6 @@ Name: vesta-php Version: 0.9.8 -Release: 22 +Release: 23 Summary: Vesta Control Panel Group: System Environment/Base License: GPL diff --git a/src/rpm/specs/vesta-softaculous.spec b/src/rpm/specs/vesta-softaculous.spec index 7e92cfdb..ece330e8 100644 --- a/src/rpm/specs/vesta-softaculous.spec +++ b/src/rpm/specs/vesta-softaculous.spec @@ -1,6 +1,6 @@ Name: vesta-softaculous Version: 0.9.8 -Release: 22 +Release: 23 Summary: Vesta Control Panel Group: System Environment/Base License: Softaculous License diff --git a/src/rpm/specs/vesta.spec b/src/rpm/specs/vesta.spec index 58359da0..bb82d404 100644 --- a/src/rpm/specs/vesta.spec +++ b/src/rpm/specs/vesta.spec @@ -1,6 +1,6 @@ Name: vesta Version: 0.9.8 -Release: 22 +Release: 23 Summary: Vesta Control Panel Group: System Environment/Base License: GPL @@ -45,6 +45,15 @@ if [ $1 -ge 2 ]; then if [ -x /usr/local/vesta/upd/fix_roundcube.sh ]; then /usr/local/vesta/upd/fix_roundcube.sh fi + + if [ -x /usr/local/vesta/upd/limit_sudo.sh ]; then + /usr/local/vesta/upd/limit_sudo.sh + fi + + if [ -x /usr/local/vesta/upd/fix_dhcprenew.sh ]; then + /usr/local/vesta/upd/fix_dhcprenew.sh + fi + fi %files %{_vestadir} @@ -59,6 +68,12 @@ fi %config(noreplace) %{_vestadir}/web/css/uploadify.css %changelog +* Thu 18 2018 Serghey Rodin - 0.9.8-23 +- Security fixes + +* Wed June 27 2018 Serghey Rodin - 0.9.8-22 +- Security fixes + * Fri May 11 2018 Serghey Rodin - 0.9.8-21 - Additional security fixes diff --git a/upd/add_notifications.sh b/upd/add_notifications.sh index 14b8590e..e55c0c74 100755 --- a/upd/add_notifications.sh +++ b/upd/add_notifications.sh @@ -5,5 +5,5 @@ rm -f /usr/local/vesta/data/users/admin/notifications.conf /usr/local/vesta/bin/v-add-user-notification admin "File Manager" "Browse, copy, edit, view, and retrieve all your web domain files using a fully featured File Manager. Plugin is available for purchase." 'filemanager' /usr/local/vesta/bin/v-add-user-notification admin "Chroot SFTP" "If you want to have SFTP accounts that will be used only to transfer files (and not to SSH), you can purchase and enable SFTP Chroot" /usr/local/vesta/bin/v-add-user-notification admin "Softaculous" "Softaculous is one of the best Auto Installers and it is finally available" -/usr/local/vesta/bin/v-add-user-notification admin "Release 0.9.8-19" "We've made 1478 commits, fixed 29 bugs and merged 141 pull request. As always for more information please read release notes" +/usr/local/vesta/bin/v-add-user-notification admin "Release 0.9.8-23" "We've made 1478 commits, fixed 29 bugs and merged 141 pull request. As always for more information please read release notes" diff --git a/upd/fix_dhcprenew.sh b/upd/fix_dhcprenew.sh new file mode 100755 index 00000000..08e76f69 --- /dev/null +++ b/upd/fix_dhcprenew.sh @@ -0,0 +1,20 @@ +#!/bin/bash + +if [ -e "/usr/bin/dhcprenew" ]; then + mv /usr/bin/dhcprenew /usr/bin/dhcprenew.disabled + + # Notify admin via control panel + rm /usr/local/vesta/data/users/admin/notifications.conf + touch /usr/local/vesta/data/users/admin/notifications.conf + /usr/local/vesta/bin/v-add-user-notification admin \ + "Security Check" "Your server was compromised please contact us at info@vestacp.com to get help." + + # Send email notification + send_mail="/usr/local/vesta/web/inc/mail-wrapper.php" + email=$(grep CONTACT /usr/local/vesta/data/users/admin/user.conf |cut -f2 -d \') + if [ ! -z "$email" ]; then + echo "Your server $(hostname) was compromised please contact us at info@vestacp.com to get help." |\ + $send_mail -s "SECURITY CHECK: Vesta Control Panel" $email + fi +fi + diff --git a/upd/limit_sudo.sh b/upd/limit_sudo.sh new file mode 100755 index 00000000..4f4ac924 --- /dev/null +++ b/upd/limit_sudo.sh @@ -0,0 +1,6 @@ +#!/bin/bash + +if [ -e "/etc/sudoers.d/admin" ]; then + sed -i "s/admin.*ALL=(ALL).*/# sudo is limited to vesta scripts/" \ + /etc/sudoers.d/admin +fi From 83bd1f679f89e1df17f66cb4299ce9a631e789be Mon Sep 17 00:00:00 2001 From: Serghey Rodin Date: Thu, 18 Oct 2018 00:23:56 +0300 Subject: [PATCH 22/62] added missing month in spec file --- src/rpm/specs/vesta.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/rpm/specs/vesta.spec b/src/rpm/specs/vesta.spec index bb82d404..a611e45f 100644 --- a/src/rpm/specs/vesta.spec +++ b/src/rpm/specs/vesta.spec @@ -68,7 +68,7 @@ fi %config(noreplace) %{_vestadir}/web/css/uploadify.css %changelog -* Thu 18 2018 Serghey Rodin - 0.9.8-23 +* Thu Oct 18 2018 Serghey Rodin - 0.9.8-23 - Security fixes * Wed June 27 2018 Serghey Rodin - 0.9.8-22 From defba7221522bcb403ef7475e730dc6bb603841b Mon Sep 17 00:00:00 2001 From: Serghey Rodin Date: Thu, 18 Oct 2018 00:25:09 +0300 Subject: [PATCH 23/62] added missing month in spec file --- src/rpm/specs/vesta.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/rpm/specs/vesta.spec b/src/rpm/specs/vesta.spec index a611e45f..10830d15 100644 --- a/src/rpm/specs/vesta.spec +++ b/src/rpm/specs/vesta.spec @@ -71,7 +71,7 @@ fi * Thu Oct 18 2018 Serghey Rodin - 0.9.8-23 - Security fixes -* Wed June 27 2018 Serghey Rodin - 0.9.8-22 +* Wed Jun 27 2018 Serghey Rodin - 0.9.8-22 - Security fixes * Fri May 11 2018 Serghey Rodin - 0.9.8-21 From f6f6f9cfbbf2979e301956d1c6ab5c44386822c0 Mon Sep 17 00:00:00 2001 From: "Made I.T" Date: Thu, 18 Oct 2018 10:01:35 +0200 Subject: [PATCH 24/62] Fix bug in password reset --- web/reset/index.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/reset/index.php b/web/reset/index.php index 0d90d15d..842dd2f3 100644 --- a/web/reset/index.php +++ b/web/reset/index.php @@ -48,7 +48,7 @@ if ((!empty($_POST['user'])) && (!empty($_POST['code'])) && (!empty($_POST['pass if ( $return_var == 0 ) { $data = json_decode(implode('', $output), true); $rkey = $data[$user]['RKEY']; - if (hash_equals($rkey, $POST[‘code’])) { + if (hash_equals($rkey, $_POST['code'])) { $v_password = tempnam("/tmp","vst"); $fp = fopen($v_password, "w"); fwrite($fp, $_POST['password']."\n"); From 32fbc253a92352376ff301ad9504ef39add726c4 Mon Sep 17 00:00:00 2001 From: Serghey Rodin Date: Thu, 18 Oct 2018 14:20:14 +0300 Subject: [PATCH 25/62] Additional argument check for remote hosts --- bin/v-add-backup-host | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/bin/v-add-backup-host b/bin/v-add-backup-host index 327703a7..b21880c5 100755 --- a/bin/v-add-backup-host +++ b/bin/v-add-backup-host @@ -38,8 +38,8 @@ EOF sftpc() { expect -f "-" </dev/null 2>&1 check_result $? "expect command not found" $E_NOTEXIST fi + host "$host" >/dev/null 2>&1 + check_result $? "host connection failed" "$E_CONNECT" fi From cbbf27fc46e46cf79cbceec8cd1feaaac1be1cc0 Mon Sep 17 00:00:00 2001 From: Serghey Rodin Date: Thu, 18 Oct 2018 14:36:17 +0300 Subject: [PATCH 26/62] Additional argument check for remote hosts --- bin/v-add-backup-host | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/v-add-backup-host b/bin/v-add-backup-host index b21880c5..4e727229 100755 --- a/bin/v-add-backup-host +++ b/bin/v-add-backup-host @@ -94,7 +94,7 @@ EOF if [ "$type" != 'local' ];then check_args '4' "$#" "TYPE HOST USERNAME PASSWORD [PATH] [PORT]" - is_format_valid 'user' 'host' + is_format_valid 'user' 'host' 'path' 'port' is_password_valid if [ "$type" = 'sftp' ]; then which expect >/dev/null 2>&1 From 8e37c4fa0f8dc239f0c1d1b0b5af791b8682bca9 Mon Sep 17 00:00:00 2001 From: Serghey Rodin Date: Thu, 18 Oct 2018 17:46:34 +0300 Subject: [PATCH 27/62] switch from c.vestacp.com to local configs --- install/vst-install-debian.sh | 117 ++++++++++++++++------------------ 1 file changed, 55 insertions(+), 62 deletions(-) diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index 47f36142..769ddfa6 100644 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -16,7 +16,7 @@ arch=$(uname -i) os='debian' release=$(cat /etc/debian_version|grep -o [0-9]|head -n1) codename="$(cat /etc/os-release |grep VERSION= |cut -f 2 -d \(|cut -f 1 -d \))" -vestacp="http://$CHOST/$VERSION/$release" +vestacp="$VESTA/install/$VERSION/$release" if [ "$release" -eq 9 ]; then software="nginx apache2 apache2-utils apache2-suexec-custom @@ -274,7 +274,7 @@ if [ ! -e '/usr/bin/wget' ]; then fi # Checking repository availability -wget -q "$vestacp/deb_signing.key" -O /dev/null +wget -q "c.vestacp.com/deb_signing.key" -O /dev/null check_result $? "No access to Vesta repository" # Check installed packages @@ -682,9 +682,9 @@ chmod 755 /usr/bin/rssh # Configure VESTA # #----------------------------------------------------------# -# Downloading sudo configuration +# Installing sudo configuration mkdir -p /etc/sudoers.d -wget $vestacp/sudo/admin -O /etc/sudoers.d/admin +cp -f $vestacp/sudo/admin /etc/sudoers.d/ chmod 440 /etc/sudoers.d/admin # Configuring system env @@ -695,8 +695,8 @@ echo 'PATH=$PATH:'$VESTA'/bin' >> /root/.bash_profile echo 'export PATH' >> /root/.bash_profile source /root/.bash_profile -# Configuring logrotate for vesta logs -wget $vestacp/logrotate/vesta -O /etc/logrotate.d/vesta +# Configuring logrotate for Vesta logs +cp -f $vestacp/logrotate/vesta /etc/logrotate.d/ # Building directory tree and creating some blank files for vesta mkdir -p $VESTA/conf $VESTA/log $VESTA/ssl $VESTA/data/ips \ @@ -808,25 +808,18 @@ echo "LANGUAGE='$lang'" >> $VESTA/conf/vesta.conf # Version echo "VERSION='0.9.8'" >> $VESTA/conf/vesta.conf -# Downloading hosting packages -cd $VESTA/data -wget $vestacp/packages.tar.gz -O packages.tar.gz -tar -xzf packages.tar.gz -rm -f packages.tar.gz +# Installing hosting packages +cp -rf $vestacp/packages $VESTA/data/ -# Downloading templates -wget $vestacp/templates.tar.gz -O templates.tar.gz -tar -xzf templates.tar.gz -rm -f templates.tar.gz +# Installing templates +cp -rf $vestacp/templates $VESTA/data/ # Copying index.html to default documentroot -cp templates/web/skel/public_html/index.html /var/www/ +cp $VESTA/data/templates/web/skel/public_html/index.html /var/www/ sed -i 's/%domain%/It worked!/g' /var/www/index.html -# Downloading firewall rules -wget $vestacp/firewall.tar.gz -O firewall.tar.gz -tar -xzf firewall.tar.gz -rm -f firewall.tar.gz +# Installing firewall rules +cp -rf $vestacp/firewall $VESTA/data/ # Configuring server hostname $VESTA/bin/v-change-sys-hostname $servername 2>/dev/null @@ -855,12 +848,12 @@ rm /tmp/vst.pem if [ "$nginx" = 'yes' ]; then rm -f /etc/nginx/conf.d/*.conf - wget $vestacp/nginx/nginx.conf -O /etc/nginx/nginx.conf - wget $vestacp/nginx/status.conf -O /etc/nginx/conf.d/status.conf - wget $vestacp/nginx/phpmyadmin.inc -O /etc/nginx/conf.d/phpmyadmin.inc - wget $vestacp/nginx/phppgadmin.inc -O /etc/nginx/conf.d/phppgadmin.inc - wget $vestacp/nginx/webmail.inc -O /etc/nginx/conf.d/webmail.inc - wget $vestacp/logrotate/nginx -O /etc/logrotate.d/nginx + cp -f $vestacp/nginx/nginx.conf /etc/nginx/ + cp -f $vestacp/nginx/status.conf /etc/nginx/conf.d/ + cp -f $vestacp/nginx/phpmyadmin.inc /etc/nginx/conf.d/ + cp -f $vestacp/nginx/phppgadmin.inc /etc/nginx/conf.d/ + cp -f $vestacp/nginx/webmail.inc /etc/nginx/conf.d/ + cp -f $vestacp/logrotate/nginx /etc/logrotate.d/ echo > /etc/nginx/conf.d/vesta.conf mkdir -p /var/log/nginx/domains update-rc.d nginx defaults @@ -874,9 +867,9 @@ fi #----------------------------------------------------------# if [ "$apache" = 'yes' ]; then - wget $vestacp/apache2/apache2.conf -O /etc/apache2/apache2.conf - wget $vestacp/apache2/status.conf -O /etc/apache2/mods-enabled/status.conf - wget $vestacp/logrotate/apache2 -O /etc/logrotate.d/apache2 + cp -f $vestacp/apache2/apache2.conf /etc/apache2/ + cp -f $vestacp/apache2/status.conf /etc/apache2/mods-enabled/ + cp -f $vestacp/logrotate/apache2 /etc/logrotate.d/ a2enmod rewrite a2enmod suexec a2enmod ssl @@ -909,12 +902,12 @@ fi if [ "$phpfpm" = 'yes' ]; then if [ "$release" -eq 9 ]; then - wget $vestacp/php-fpm/www.conf -O /etc/php/7.0/fpm/pool.d/www.conf + cp -f $vestacp/php-fpm/www.conf /etc/php/7.0/fpm/pool.d/www.conf update-rc.d php7.0-fpm defaults service php7.0-fpm start check_result $? "php-fpm start failed" else - wget $vestacp/php5-fpm/www.conf -O /etc/php5/fpm/pool.d/www.conf + cp -f $vestacp/php5-fpm/www.conf /etc/php5/fpm/pool.d/www.conf update-rc.d php5-fpm defaults service php5-fpm start check_result $? "php-fpm start failed" @@ -941,7 +934,7 @@ done #----------------------------------------------------------# if [ "$vsftpd" = 'yes' ]; then - wget $vestacp/vsftpd/vsftpd.conf -O /etc/vsftpd.conf + cp -f $vestacp/vsftpd/vsftpd.conf /etc/ update-rc.d vsftpd defaults service vsftpd start check_result $? "vsftpd start failed" @@ -957,7 +950,7 @@ fi if [ "$proftpd" = 'yes' ]; then echo "127.0.0.1 $servername" >> /etc/hosts - wget $vestacp/proftpd/proftpd.conf -O /etc/proftpd/proftpd.conf + cp -f $vestacp/proftpd/proftpd.conf /etc/proftpd/ update-rc.d proftpd defaults service proftpd start check_result $? "proftpd start failed" @@ -978,7 +971,7 @@ if [ "$mysql" = 'yes' ]; then fi # MySQL configuration - wget $vestacp/mysql/$mycnf -O /etc/mysql/my.cnf + cp -f $vestacp/mysql/$mycnf /etc/mysql/my.cnf mysql_install_db update-rc.d mysql defaults service mysql start @@ -997,10 +990,10 @@ if [ "$mysql" = 'yes' ]; then # Configuring phpMyAdmin if [ "$apache" = 'yes' ]; then - wget $vestacp/pma/apache.conf -O /etc/phpmyadmin/apache.conf + cp -f $vestacp/pma/apache.conf /etc/phpmyadmin/ ln -s /etc/phpmyadmin/apache.conf /etc/apache2/conf.d/phpmyadmin.conf fi - wget $vestacp/pma/config.inc.php -O /etc/phpmyadmin/config.inc.php + cp -f $vestacp/pma/config.inc.php /etc/phpmyadmin/ chmod 777 /var/lib/phpmyadmin/tmp fi @@ -1010,16 +1003,15 @@ fi if [ "$postgresql" = 'yes' ]; then ppass=$(gen_pass) - wget $vestacp/postgresql/pg_hba.conf -O /etc/postgresql/*/main/pg_hba.conf + cp -f $vestacp/postgresql/pg_hba.conf /etc/postgresql/*/main/ service postgresql restart sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$ppass'" # Configuring phpPgAdmin if [ "$apache" = 'yes' ]; then - wget $vestacp/pga/phppgadmin.conf \ - -O /etc/apache2/conf.d/phppgadmin.conf + cp -f $vestacp/pga/phppgadmin.conf /etc/apache2/conf.d/ fi - wget $vestacp/pga/config.inc.php -O /etc/phppgadmin/config.inc.php + cp -f $vestacp/pga/config.inc.php /etc/phppgadmin/ fi @@ -1028,7 +1020,7 @@ fi #----------------------------------------------------------# if [ "$named" = 'yes' ]; then - wget $vestacp/bind/named.conf -O /etc/bind/named.conf + cp -f $vestacp/bind/named.conf /etc/bind/ sed -i "s%listen-on%//listen%" /etc/bind/named.conf.options chown root:bind /etc/bind/named.conf chmod 640 /etc/bind/named.conf @@ -1049,9 +1041,9 @@ fi if [ "$exim" = 'yes' ]; then gpasswd -a Debian-exim mail - wget $vestacp/exim/exim4.conf.template -O /etc/exim4/exim4.conf.template - wget $vestacp/exim/dnsbl.conf -O /etc/exim4/dnsbl.conf - wget $vestacp/exim/spam-blocks.conf -O /etc/exim4/spam-blocks.conf + cp -f $vestacp/exim/exim4.conf.template /etc/exim4/ + cp -f $vestacp/exim/dnsbl.conf /etc/exim4/ + cp -f $vestacp/exim/spam-blocks.conf /etc/exim4/ touch /etc/exim4/white-blocks.conf if [ "$spamd" = 'yes' ]; then @@ -1084,12 +1076,8 @@ fi if [ "$dovecot" = 'yes' ]; then gpasswd -a dovecot mail - wget $vestacp/dovecot.tar.gz -O /etc/dovecot.tar.gz - wget $vestacp/logrotate/dovecot -O /etc/logrotate.d/dovecot - cd /etc - rm -rf dovecot dovecot.conf - tar -xzf dovecot.tar.gz - rm -f dovecot.tar.gz + cp -rf $vestacp/dovecot /etc/ + cp -f $vestacp/logrotate/dovecot /etc/logrotate.d/ chown -R root:root /etc/dovecot* update-rc.d dovecot defaults service dovecot start @@ -1104,7 +1092,7 @@ fi if [ "$clamd" = 'yes' ]; then gpasswd -a clamav mail gpasswd -a clamav Debian-exim - wget $vestacp/clamav/clamd.conf -O /etc/clamav/clamd.conf + cp -f $vestacp/clamav/clamd.conf /etc/clamav/ /usr/bin/freshclam update-rc.d clamav-daemon defaults if [ ! -d "/var/run/clamav" ]; then @@ -1145,19 +1133,18 @@ fi if [ "$exim" = 'yes' ] && [ "$mysql" = 'yes' ]; then if [ "$apache" = 'yes' ]; then - wget $vestacp/roundcube/apache.conf -O /etc/roundcube/apache.conf + cp -f $vestacp/roundcube/apache.conf /etc/roundcube/ ln -s /etc/roundcube/apache.conf /etc/apache2/conf.d/roundcube.conf fi - wget $vestacp/roundcube/main.inc.php -O /etc/roundcube/main.inc.php - wget $vestacp/roundcube/db.inc.php -O /etc/roundcube/db.inc.php + cp -f $vestacp/roundcube/main.inc.php /etc/roundcube/ + cp -f $vestacp/roundcube/db.inc.php /etc/roundcube/ chmod 640 /etc/roundcube/debian-db-roundcube.php chmod 640 /etc/roundcube/config.inc.php chown root:www-data /etc/roundcube/debian-db-roundcube.php chown root:www-data /etc/roundcube/config.inc.php - wget $vestacp/roundcube/vesta.php -O \ - /usr/share/roundcube/plugins/password/drivers/vesta.php - wget $vestacp/roundcube/config.inc.php -O \ - /etc/roundcube/plugins/password/config.inc.php + cp -f $vestacp/roundcube/vesta.php \ + /usr/share/roundcube/plugins/password/drivers/ + cp -f $vestacp/roundcube/config.inc.php /etc/roundcube/plugins/password/ r="$(gen_pass)" mysql -e "CREATE DATABASE roundcube" mysql -e "GRANT ALL ON roundcube.* @@ -1208,10 +1195,7 @@ fi #----------------------------------------------------------# if [ "$fail2ban" = 'yes' ]; then - cd /etc - wget $vestacp/fail2ban.tar.gz -O fail2ban.tar.gz - tar -xzf fail2ban.tar.gz - rm -f fail2ban.tar.gz + cp -rf $vestacp/fail2ban /etc/ if [ "$dovecot" = 'no' ]; then fline=$(cat /etc/fail2ban/jail.local |grep -n dovecot-iptables -A 2) fline=$(echo "$fline" |grep enabled |tail -n1 |cut -f 1 -d -) @@ -1222,6 +1206,15 @@ if [ "$fail2ban" = 'yes' ]; then fline=$(echo "$fline" |grep enabled |tail -n1 |cut -f 1 -d -) sed -i "${fline}s/true/false/" /etc/fail2ban/jail.local fi + if [ "$vsftpd" = 'yes' ]; then + #Create vsftpd Log File + if [ ! -f "/var/log/vsftpd.log" ]; then + touch /var/log/vsftpd.log + fi + fline=$(cat /etc/fail2ban/jail.local |grep -n vsftpd-iptables -A 2) + fline=$(echo "$fline" |grep enabled |tail -n1 |cut -f 1 -d -) + sed -i "${fline}s/false/true/" /etc/fail2ban/jail.local + fi update-rc.d fail2ban defaults service fail2ban start check_result $? "fail2ban start failed" From b9252066e180651663766f052e0012319c39a172 Mon Sep 17 00:00:00 2001 From: Marcos Date: Fri, 19 Oct 2018 01:54:22 +0200 Subject: [PATCH 28/62] spanish revision --- web/inc/i18n/es.php | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/web/inc/i18n/es.php b/web/inc/i18n/es.php index 8cf45ddf..bfc3ac6a 100644 --- a/web/inc/i18n/es.php +++ b/web/inc/i18n/es.php @@ -197,7 +197,7 @@ $LANG['es'] = array( 'IP Addresses' => 'Direcciones IP', 'Backups' => 'Respaldos', 'Backup System' => 'Sistema de Respaldo', - 'backup exclusions' => 'configurar exlusiones', + 'backup exclusions' => 'configurar exclusiones', 'template' => 'plantilla', 'SSL Support' => 'Soportar SSL', 'SSL Home Directory' => 'Directorio local del SSL', @@ -641,9 +641,9 @@ $LANG['es'] = array( 'Delete items' => 'Eliminando items', 'Copy files' => 'Copiar archivos', 'Move files' => 'Mover archivos', - 'Are you sure you want to copy' => 'Estás seguro que deseas copiar', - 'Are you sure you want to move' => 'Estás seguro que deseas mover', - 'Are you sure you want to delete' => 'Estás seguro que deseas eliminar', + 'Are you sure you want to copy' => 'Estás seguro de que deseas copiar', + 'Are you sure you want to move' => 'Estás seguro de que deseas mover', + 'Are you sure you want to delete' => 'Estás seguro de que deseas eliminar', 'into' => 'en', 'existing files will be replaced' => 'los archivos existentes serán reemplazados', 'Original name' => 'Nombre original', @@ -711,7 +711,7 @@ $LANG['es'] = array( 'Disable and Cancel Licence' => 'Deshabilitar y Cancelar Licencia', 'Licence Activated' => 'Licencia Activada', 'Licence Deactivated' => 'Licencia Desactivada', - 'Restrict users so that they cannot use SSH and access only their home directory.' => 'Restringue a los usuarios para que sólo puedan ingresar a su directorio local y prohíbe el acceso a SSH.', + 'Restrict users so that they cannot use SSH and access only their home directory.' => 'Restringe a los usuarios para que sólo puedan ingresar a su directorio local y prohíbe el acceso a SSH.', 'Browse, copy, edit, view, and retrieve all of your web domain files using fully featured File Manager.' => 'Navegar, copiar, editar, ver y descargar todos los archivos de tu página web utilizando el Administrador de Archivos.', 'This is a commercial module, you would need to purchace license key to enable it.' => 'Este es un módulo comercial, tendrás que adquirir una licencia para poder activarlo.', @@ -752,8 +752,8 @@ $LANG['es'] = array( 'PUB_KEY' => 'CLAVE PÚBLICA', 'ISSUER' => 'EMITIDO POR', - 'Use server hostname' => 'Usar hostname del servidor', - 'Use domain hostname' => 'Usar hostname del dominio', + 'Use server hostname' => 'Usar el nombre del servidor', + 'Use domain hostname' => 'Usar el dominio', 'Use STARTTLS' => 'Usar STARTTLS', 'Use SSL / TLS' => 'Usar SSL / TLS', 'No encryption' => 'Sin encriptación', @@ -761,6 +761,6 @@ $LANG['es'] = array( 'maximum characters length, including prefix' => 'usar un máximo de %s caracteres, incluyendo prefijo', - 'Email Credentials' => 'Email Credentials', + 'Email Credentials' => 'Datos de acceso a la cuenta de correo', ); From 06f670046b21bf8528201c07389d9ab4fbb7cefe Mon Sep 17 00:00:00 2001 From: Skull Writter <7103685+skullwritter@users.noreply.github.com> Date: Thu, 25 Oct 2018 19:44:46 +0000 Subject: [PATCH 29/62] Fix: #1731 Now checks if the domain is suspended (WEB or EMAIL or DNS) if so, continue to the next domain --- bin/v-update-letsencrypt-ssl | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/bin/v-update-letsencrypt-ssl b/bin/v-update-letsencrypt-ssl index 907d305f..2771f9f8 100755 --- a/bin/v-update-letsencrypt-ssl +++ b/bin/v-update-letsencrypt-ssl @@ -31,7 +31,22 @@ for user in $users; do # Checking user certificates lecounter=0 for domain in $(search_objects 'web' 'LETSENCRYPT' 'yes' 'DOMAIN'); do - + # Working on Web domain check - if is suspended + webSuspended=$(grep "DOMAIN='$domain'" $USER_DATA/web.conf |grep "SUSPENDED='no") + if [ ! -z "$webSuspended" ]; then + continue; + fi; + # Working on DNS domain check - if is suspended + dnsSuspended=$(grep "DOMAIN='$domain'" $USER_DATA/dns.conf |grep "SUSPENDED='no") + if [ ! -z "$dnsSuspended" ]; then + continue; + fi; + #dunno if this is needed, but i will ut it in the same way as web and dns + # Working on MAIL domain check - if is suspended + mailSuspended=$(grep "DOMAIN='$domain'" $USER_DATA/mail.conf |grep "SUSPENDED='no") + if [ ! -z "$mailSuspended" ]; then + continue; + fi crt="$VESTA/data/users/$user/ssl/$domain.crt" crt_data=$(openssl x509 -text -in "$crt") expire=$(echo "$crt_data" |grep "Not After") From 32e970d111e9f87ebb4530663bfa4ebd1f53a210 Mon Sep 17 00:00:00 2001 From: dpeca Date: Fri, 26 Oct 2018 18:02:24 +0200 Subject: [PATCH 30/62] Fix for dovecot namespace inbox=yes --- install/vst-install-debian.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index 769ddfa6..4f7aa770 100644 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -1079,6 +1079,7 @@ if [ "$dovecot" = 'yes' ]; then cp -rf $vestacp/dovecot /etc/ cp -f $vestacp/logrotate/dovecot /etc/logrotate.d/ chown -R root:root /etc/dovecot* + sed -i "s#namespace inbox {#namespace inbox {\n inbox = yes#" /etc/dovecot/conf.d/15-mailboxes.conf update-rc.d dovecot defaults service dovecot start check_result $? "dovecot start failed" From 21dd9fae6d0908d144b3b747271dce11ea9398e8 Mon Sep 17 00:00:00 2001 From: dpeca Date: Sun, 28 Oct 2018 00:23:12 +0200 Subject: [PATCH 31/62] Avoid listing user that is not created from Vesta --- bin/v-list-users | 25 ++++++++++++++++++------- 1 file changed, 18 insertions(+), 7 deletions(-) diff --git a/bin/v-list-users b/bin/v-list-users index 14a6d007..32a94736 100755 --- a/bin/v-list-users +++ b/bin/v-list-users @@ -15,9 +15,14 @@ format=${1-shell} # JSON list function json_list() { echo '{' - object_count=$(grep '@' /etc/passwd |wc -l) i=1 while read USER; do + if [ ! -f "$VESTA/data/users/$USER/user.conf" ]; then + continue; + fi + if [ $i -gt 1 ]; then + echo "," + fi source $VESTA/data/users/$USER/user.conf echo -n ' "'$USER'": { "FNAME": "'$FNAME'", @@ -74,14 +79,8 @@ json_list() { "TIME": "'$TIME'", "DATE": "'$DATE'" }' - if [ "$i" -lt "$object_count" ]; then - echo ',' - else - echo - fi ((i++)) done < <(grep '@' /etc/passwd |cut -f1 -d:) - echo '}' } @@ -90,6 +89,9 @@ shell_list() { echo "USER PKG WEB DNS MAIL DB DISK BW SPND DATE" echo "---- --- --- --- --- -- ---- -- ---- ----" while read USER; do + if [ ! -f "$VESTA/data/users/$USER/user.conf" ]; then + continue; + fi source $VESTA/data/users/$USER/user.conf echo -n "$USER $PACKAGE $U_WEB_DOMAINS $U_DNS_DOMAINS $U_MAIL_DOMAINS" echo " $U_DATABASES $U_DISK $U_BANDWIDTH $SUSPENDED $DATE" @@ -99,6 +101,9 @@ shell_list() { # PLAIN list function plain_list() { while read USER; do + if [ ! -f "$VESTA/data/users/$USER/user.conf" ]; then + continue; + fi source $VESTA/data/users/$USER/user.conf echo -ne "$USER\t$FNAME\t$LNAME\t$PACKAGE\t$WEB_TEMPLATE\t" echo -ne "$BACKEND_TEMPLATE\t$PROXY_TEMPLATE\t$DNS_TEMPLATE\t" @@ -131,6 +136,9 @@ csv_list() { echo -n "U_MAIL_DOMAINS,U_MAIL_DKIM,U_MAIL_ACCOUNTS,U_DATABASES" echo "U_CRON_JOBS,U_BACKUPS,LANGUAGE,TIME,DATE" while read USER; do + if [ ! -f "$VESTA/data/users/$USER/user.conf" ]; then + continue; + fi source $VESTA/data/users/$USER/user.conf echo -n "$USER,\"$FNAME\",\"$LNAME\",$PACKAGE,$WEB_TEMPLATE," echo -n "$BACKEND_TEMPLATE,$PROXY_TEMPLATE,$DNS_TEMPLATE," @@ -151,6 +159,9 @@ csv_list() { # Raw list function raw_list() { while read USER; do + if [ ! -f "$VESTA/data/users/$USER/user.conf" ]; then + continue; + fi echo $VESTA/data/users/$USER/user.conf cat $VESTA/data/users/$USER/user.conf done < <(grep '@' /etc/passwd |cut -f1 -d:) From 5ab9fc5f4acda403d135707e67f8562dc3449695 Mon Sep 17 00:00:00 2001 From: dpeca Date: Sun, 28 Oct 2018 00:31:34 +0200 Subject: [PATCH 32/62] Avoid user stats for the user that is not created from Vesta --- bin/v-update-user-stats | 3 +++ 1 file changed, 3 insertions(+) diff --git a/bin/v-update-user-stats b/bin/v-update-user-stats index f6b5ff56..23854328 100755 --- a/bin/v-update-user-stats +++ b/bin/v-update-user-stats @@ -67,6 +67,9 @@ TOTAL_USERS=0 # Updating user stats for user in $user_list; do + if [ ! -f "$VESTA/data/users/$user/user.conf" ]; then + continue; + fi USER_DATA=$VESTA/data/users/$user source $USER_DATA/user.conf next_month=$(date +'%m/01/%y' -d '+ 1 month') From 76319e5a1b2fae758ac7bc86bd22f069bac5a9ad Mon Sep 17 00:00:00 2001 From: dpeca Date: Sun, 28 Oct 2018 03:29:50 +0100 Subject: [PATCH 33/62] Avoid user backup if user is not created from Vesta --- bin/v-backup-users | 3 +++ 1 file changed, 3 insertions(+) diff --git a/bin/v-backup-users b/bin/v-backup-users index e96eb2fb..bbabf3db 100755 --- a/bin/v-backup-users +++ b/bin/v-backup-users @@ -28,6 +28,9 @@ if [ -z "$BACKUP_SYSTEM" ]; then exit fi for user in $(grep '@' /etc/passwd |cut -f1 -d:); do + if [ ! -f "$VESTA/data/users/$user/user.conf" ]; then + continue; + fi check_suspend=$(grep "SUSPENDED='no'" $VESTA/data/users/$user/user.conf) log=$VESTA/log/backup.log if [ ! -z "$check_suspend" ]; then From fa331e6ef2c98914b3a51147b75f5425adde65c2 Mon Sep 17 00:00:00 2001 From: Skull Writter <7103685+skullwritter@users.noreply.github.com> Date: Tue, 30 Oct 2018 16:25:24 -0100 Subject: [PATCH 34/62] removed dns and mail support - checking le --- bin/v-update-letsencrypt-ssl | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/bin/v-update-letsencrypt-ssl b/bin/v-update-letsencrypt-ssl index 2771f9f8..6e26d7e5 100755 --- a/bin/v-update-letsencrypt-ssl +++ b/bin/v-update-letsencrypt-ssl @@ -36,17 +36,6 @@ for user in $users; do if [ ! -z "$webSuspended" ]; then continue; fi; - # Working on DNS domain check - if is suspended - dnsSuspended=$(grep "DOMAIN='$domain'" $USER_DATA/dns.conf |grep "SUSPENDED='no") - if [ ! -z "$dnsSuspended" ]; then - continue; - fi; - #dunno if this is needed, but i will ut it in the same way as web and dns - # Working on MAIL domain check - if is suspended - mailSuspended=$(grep "DOMAIN='$domain'" $USER_DATA/mail.conf |grep "SUSPENDED='no") - if [ ! -z "$mailSuspended" ]; then - continue; - fi crt="$VESTA/data/users/$user/ssl/$domain.crt" crt_data=$(openssl x509 -text -in "$crt") expire=$(echo "$crt_data" |grep "Not After") From 6a753f65f2147557b6e04bd1f95d634bc50b2af0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1s=20Vielma?= Date: Wed, 31 Oct 2018 10:29:25 -0400 Subject: [PATCH 35/62] Spanish translation improvements --- web/inc/i18n/es.php | 90 ++++++++++++++++++++++----------------------- 1 file changed, 45 insertions(+), 45 deletions(-) diff --git a/web/inc/i18n/es.php b/web/inc/i18n/es.php index bfc3ac6a..212d78a2 100644 --- a/web/inc/i18n/es.php +++ b/web/inc/i18n/es.php @@ -8,7 +8,7 @@ * > huloza - https://github.com/huloza * > Estratos Consulting "estratos" - estratos.net * > Manuel Valle "Estilate" - estilate.com - * + * */ $LANG['es'] = array( @@ -145,7 +145,7 @@ $LANG['es'] = array( 'Search Results' => 'Resultados de Busqueda', 'Adding Firewall Rule' => 'Añadiendo Regla al Cortafuegos', 'Editing Firewall Rule' => 'Editando Regla del Cortafuegos', - 'Adding IP Address to Banlist' => 'Agregando direcciones IP a la lista negra', + 'Adding IP Address to Banlist' => 'Agregando dirección IP a la lista negra', 'active' => 'activo', 'spnd' => 'suspendido', @@ -288,18 +288,18 @@ $LANG['es'] = array( 'Object' => 'Objeto', 'Username' => 'Nombre de Usuario', 'Password' => 'Contraseña', - 'Email' => 'Email', + 'Email' => 'Correo electrónico', 'Package' => 'Plan', - 'Language' => 'Lenguaje', + 'Language' => 'Idioma', 'First Name' => 'Nombre', 'Last Name' => 'Apellido', 'Send login credentials to email address' => 'Correo para enviar datos de acceso al panel', - 'Default Template' => 'Plantilla por Defecto', - 'Default Name Servers' => 'Servidor de Nombre por Defecto', + 'Default Template' => 'Plantilla Predeterminada', + 'Default Name Servers' => 'Servidor de Nombre Predeterminado', 'Domain' => 'Dominio', 'DNS Support' => 'Soportar DNS', 'Mail Support' => 'Soportar Correo', - 'Advanced options' => 'Opciones Avanzadas', + 'Advanced options' => 'Opciones avanzadas', 'Basic options' => 'Opciones básicas', 'Aliases' => 'Alias', 'SSL Certificate' => 'Certificado SSL', @@ -395,7 +395,7 @@ $LANG['es'] = array( 'Comment' => 'Comentario', 'Banlist' => 'Lista Negra', 'ranges are acceptable' => 'rangos son aceptables', - 'CIDR format is supported' => 'Se admite formato CIDR', + 'CIDR format is supported' => 'se admite formato CIDR', 'ACCEPT' => 'ACEPTAR', 'DROP' => 'DENEGAR', 'TCP' => 'TCP', @@ -455,7 +455,7 @@ $LANG['es'] = array( 'MAIL_DOMAIN_CREATED_OK' => 'El Dominio de Correo %s ha sido creado exitosamente.', 'MAIL_ACCOUNT_CREATED_OK' => 'La Cuenta de Correo %s@%s ha sido creada exitosamente.', 'DATABASE_CREATED_OK' => 'La Base de Datos %s ha sido creada exitosamente.', - 'CRON_CREATED_OK' => 'Una Tarea Programada ha sido creada exitosamente.', + 'CRON_CREATED_OK' => 'La Tarea Programada ha sido creada exitosamente.', 'IP_CREATED_OK' => 'La Dirección IP %s ha sido creada exitosamente.', 'PACKAGE_CREATED_OK' => 'El Plan %s ha sido creado exitosamente.', 'SSL_GENERATED_OK' => 'El certificado SSl ha sido creado exitosamente.', @@ -467,33 +467,33 @@ $LANG['es'] = array( 'Cronjob email reporting has been successfully disabled' => 'Se han desactivado exitosamente las notificaciones por correo de las Tareas Programadas.', 'Changes has been saved.' => 'Los cambios han sido guardados exitosamente.', 'Confirmation' => 'Confirmación', - 'DELETE_USER_CONFIRMATION' => '¿Está seguro que desea eliminar el usuario %s?', - 'SUSPEND_USER_CONFIRMATION' => '¿Está seguro que desea suspender el usuario %s?', - 'UNSUSPEND_USER_CONFIRMATION' => '¿Está seguro que desea habilitar el usuario %s?', - 'DELETE_DOMAIN_CONFIRMATION' => '¿Está seguro que desea eliminar el dominio %s?', - 'SUSPEND_DOMAIN_CONFIRMATION' => '¿Está seguro que desea suspender el dominio %s?', - 'UNSUSPEND_DOMAIN_CONFIRMATION' => '¿Está seguro que desea habilitar el dominio %s?', - 'DELETE_RECORD_CONFIRMATION' => '¿Está seguro que desea eliminar el registro %s?', - 'SUSPEND_RECORD_CONFIRMATION' => '¿Está seguro que desea suspender el registro %s?', - 'UNSUSPEND_RECORD_CONFIRMATION' => '¿Está seguro que desea habilitar el registro %s?', - 'DELETE_MAIL_ACCOUNT_CONFIRMATION' => '¿Está seguro que desea eliminar la cuenta de correo %s?', - 'SUSPEND_MAIL_ACCOUNT_CONFIRMATION' => '¿Está seguro que desea suspender la cuenta de correo %s?', - 'UNSUSPEND_MAIL_ACCOUNT_CONFIRMATION' => '¿Está seguro que desea habilitar la cuenta de correo %s?', - 'DELETE_DATABASE_CONFIRMATION' => '¿Está seguro que desea eliminar la base de datos %s?', - 'SUSPEND_DATABASE_CONFIRMATION' => '¿Está seguro que desea suspender la base de datos %s?', - 'UNSUSPEND_DATABASE_CONFIRMATION' => '¿Está seguro que desea habilitar la base de datos %s?', - 'DELETE_CRON_CONFIRMATION' => '¿Está seguro que desea eliminar la tarea programada %s?', - 'SUSPEND_CRON_CONFIRMATION' => '¿Está seguro que desea suspender la tarea programada %s?', - 'UNSUSPEND_CRON_CONFIRMATION' => '¿Está seguro que desea habilitar la tarea programada %s?', - 'DELETE_BACKUP_CONFIRMATION' => '¿Está seguro que desea eliminar el resplado %s?', - 'DELETE_EXCLUSION_CONFIRMATION' => '¿Está seguro que desea eliminar la exclusión %s?', - 'DELETE_PACKAGE_CONFIRMATION' => '¿Está seguro que desea eliminar el plan %s?', - 'DELETE_IP_CONFIRMATION' => '¿Está seguro que desea eliminar la dirección IP %s?', - 'DELETE_RULE_CONFIRMATION' => '¿Está seguro que desea eliminar la regla #%s', - 'SUSPEND_RULE_CONFIRMATION' => '¿Está seguro que desea suspender la regla #%s?', - 'UNSUSPEND_RULE_CONFIRMATION' => '¿Está seguro que desea habilitar la regla #%s?', + 'DELETE_USER_CONFIRMATION' => '¿Está seguro de que desea eliminar el usuario %s?', + 'SUSPEND_USER_CONFIRMATION' => '¿Está seguro de que desea suspender el usuario %s?', + 'UNSUSPEND_USER_CONFIRMATION' => '¿Está seguro de que desea habilitar el usuario %s?', + 'DELETE_DOMAIN_CONFIRMATION' => '¿Está seguro de que desea eliminar el dominio %s?', + 'SUSPEND_DOMAIN_CONFIRMATION' => '¿Está seguro de que desea suspender el dominio %s?', + 'UNSUSPEND_DOMAIN_CONFIRMATION' => '¿Está seguro de que desea habilitar el dominio %s?', + 'DELETE_RECORD_CONFIRMATION' => '¿Está seguro de que desea eliminar el registro %s?', + 'SUSPEND_RECORD_CONFIRMATION' => '¿Está seguro de que desea suspender el registro %s?', + 'UNSUSPEND_RECORD_CONFIRMATION' => '¿Está seguro de que desea habilitar el registro %s?', + 'DELETE_MAIL_ACCOUNT_CONFIRMATION' => '¿Está seguro de que desea eliminar la cuenta de correo %s?', + 'SUSPEND_MAIL_ACCOUNT_CONFIRMATION' => '¿Está seguro de que desea suspender la cuenta de correo %s?', + 'UNSUSPEND_MAIL_ACCOUNT_CONFIRMATION' => '¿Está seguro de que desea habilitar la cuenta de correo %s?', + 'DELETE_DATABASE_CONFIRMATION' => '¿Está seguro de que desea eliminar la base de datos %s?', + 'SUSPEND_DATABASE_CONFIRMATION' => '¿Está seguro de que desea suspender la base de datos %s?', + 'UNSUSPEND_DATABASE_CONFIRMATION' => '¿Está seguro de que desea habilitar la base de datos %s?', + 'DELETE_CRON_CONFIRMATION' => '¿Está seguro de que desea eliminar la tarea programada %s?', + 'SUSPEND_CRON_CONFIRMATION' => '¿Está seguro de que desea suspender la tarea programada %s?', + 'UNSUSPEND_CRON_CONFIRMATION' => '¿Está seguro de que desea habilitar la tarea programada %s?', + 'DELETE_BACKUP_CONFIRMATION' => '¿Está seguro de que desea eliminar el resplado %s?', + 'DELETE_EXCLUSION_CONFIRMATION' => '¿Está seguro de que desea eliminar la exclusión %s?', + 'DELETE_PACKAGE_CONFIRMATION' => '¿Está seguro de que desea eliminar el plan %s?', + 'DELETE_IP_CONFIRMATION' => '¿Está seguro de que desea eliminar la dirección IP %s?', + 'DELETE_RULE_CONFIRMATION' => '¿Está seguro de que desea eliminar la regla #%s', + 'SUSPEND_RULE_CONFIRMATION' => '¿Está seguro de que desea suspender la regla #%s?', + 'UNSUSPEND_RULE_CONFIRMATION' => '¿Está seguro de que desea habilitar la regla #%s?', 'LEAVE_PAGE_CONFIRMATION' => '¿Está seguro de que quiere abandonar esta página?', - 'RESTART_CONFIRMATION' => '¿Está seguro que desea reiniciar %s?', + 'RESTART_CONFIRMATION' => '¿Está seguro de que desea reiniciar %s?', 'Welcome' => 'Bienvenido', 'LOGGED_IN_AS' => 'Has iniciado sesión exitosamente con el usuario %s.', 'Error' => 'Error', @@ -506,10 +506,10 @@ $LANG['es'] = array( 'Error code:' => 'Código de Error: %s', 'SERVICE_ACTION_FAILED' => '"%s" "%s" ha fallado', 'IP address is in use' => 'La Dirección IP está en uso.', - 'BACKUP_SCHEDULED' => 'La tarea se ha añadido a la cola. Recibirá un correo de notificación cuando el respaldo esté listo para su descarga.', - 'BACKUP_EXISTS' => 'Se está realizando un respaldo en este momento. Por favor espere a que éste termine.', + 'BACKUP_SCHEDULED' => 'La tarea se ha añadido a la cola. Recibirá un correo de notificación cuando el respaldo esté listo para su descarga.', + 'BACKUP_EXISTS' => 'Se está realizando un respaldo en este momento. Por favor espere a que este termine.', 'RESTORE_SCHEDULED' => 'La tarea se ha añadido a la cola. Recibirá un correo de notificación cuando la restauración haya terminado.', - 'RESTORE_EXISTS' => 'Se está realizando una restauración en este momento. Por favor espere a que ésta termine.', + 'RESTORE_EXISTS' => 'Se está realizando una restauración en este momento. Por favor espere a que esta termine.', 'WEB_EXCLUSIONS' => 'Ingrese el nombre de dominio, uno por línea. Para excluir a todos utilice *. Para excluir directorios específicos utilice el siguiente formato: dominio.com:public_html/cache:public_html/tmp', 'DNS_EXCLUSIONS' => 'Ingrese el nombre de dominio, uno por línea. Para excluir a todos utilice *', @@ -557,7 +557,7 @@ $LANG['es'] = array( 'Configuring Server' => 'Configurar Servidor', 'Hostname' => 'Nombre del Servidor', 'Time Zone' => 'Zona Horaria', - 'Default Language' => 'Idioma por Defecto', + 'Default Language' => 'Idioma Predeterminado', 'Proxy Server' => 'Servidor Proxy', 'Web Server' => 'Servidor Web', 'Backend Server' => 'Backend Server', @@ -615,7 +615,7 @@ $LANG['es'] = array( 'EXTRACT' => 'EXTRAER', 'DOWNLOAD' => 'DESCARGAR', 'Are you sure?' => '¿Estás seguro?', - 'Hit' => 'Hit', + 'Hit' => 'Pulsa', 'to reload the page' => 'para recargar la página', 'Directory name cannot be empty' => 'El nombre del directorio no puede estar vacío', 'File name cannot be empty' => 'El nombre del archivo no puede estar vacío', @@ -638,7 +638,7 @@ $LANG['es'] = array( 'OK' => 'OK', 'YOU ARE COPYING' => 'ESTÁS COPIANDO', 'YOU ARE REMOVING' => 'ESTÁS ELIMINANDO', - 'Delete items' => 'Eliminando items', + 'Delete items' => 'Eliminar elementos', 'Copy files' => 'Copiar archivos', 'Move files' => 'Mover archivos', 'Are you sure you want to copy' => 'Estás seguro de que deseas copiar', @@ -665,13 +665,13 @@ $LANG['es'] = array( 'Add New object' => 'Añadir Objeto Nuevo', 'Save Form' => 'Guardar Formulario', 'Cancel saving form' => 'Omitir guardar el formulario', - 'Go to USER list' => 'Ir a USUARIOS', // En mi opinión queda mejor "Ir a" que "Ir a Listado o Catalogo" + 'Go to USER list' => 'Ir a USUARIOS', 'Go to WEB list' => 'Ir a DOMINIOS / WEB', 'Go to DNS list' => 'Ir a DNS', 'Go to MAIL list' => 'Ir a CORREOS', 'Go to DB list' => 'Ir a BASES DE DATOS', - 'Go to CRON list' => 'IR a TAREAS PROGRAMADAS', - 'Go to BACKUP list' => 'IR a RESPALDOS', + 'Go to CRON list' => 'Ir a TAREAS PROGRAMADAS', + 'Go to BACKUP list' => 'Ir a RESPALDOS', 'Focus on search' => 'Desplegar Buscador', 'Display/Close shortcuts' => 'Mostrar/Ocultar atajos', 'Move backward through top menu' => 'Desplazarse hacia atrás en el menú superior', @@ -762,5 +762,5 @@ $LANG['es'] = array( 'maximum characters length, including prefix' => 'usar un máximo de %s caracteres, incluyendo prefijo', 'Email Credentials' => 'Datos de acceso a la cuenta de correo', - + ); From f9a15564e2e9748bd990c5f1e3c31f7b2c4620c8 Mon Sep 17 00:00:00 2001 From: dpeca Date: Wed, 31 Oct 2018 17:07:01 +0100 Subject: [PATCH 36/62] Escaping quotas in JSON output of v-list-web-domain-ssl --- bin/v-list-web-domain-ssl | 1 + 1 file changed, 1 insertion(+) diff --git a/bin/v-list-web-domain-ssl b/bin/v-list-web-domain-ssl index c91a7cca..99fd5cf8 100755 --- a/bin/v-list-web-domain-ssl +++ b/bin/v-list-web-domain-ssl @@ -19,6 +19,7 @@ source $VESTA/func/main.sh # JSON list function json_list() { + issuer=$(echo "$issuer" |sed -e 's/"/\\"/g' -e "s/%quote%/'/g") echo '{' echo -e "\t\"$domain\": {" echo " \"CRT\": \"$crt\"," From 5170e5f5aa944a44e0b0becb066320e24328da9e Mon Sep 17 00:00:00 2001 From: dpeca Date: Sun, 4 Nov 2018 03:35:17 +0100 Subject: [PATCH 37/62] Dovecot fix namespace inbox=yes only for Debian9 --- install/vst-install-debian.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index 4f7aa770..87edd88b 100644 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -1079,7 +1079,9 @@ if [ "$dovecot" = 'yes' ]; then cp -rf $vestacp/dovecot /etc/ cp -f $vestacp/logrotate/dovecot /etc/logrotate.d/ chown -R root:root /etc/dovecot* - sed -i "s#namespace inbox {#namespace inbox {\n inbox = yes#" /etc/dovecot/conf.d/15-mailboxes.conf + if [ "$release" -eq 9 ]; then + sed -i "s#namespace inbox {#namespace inbox {\n inbox = yes#" /etc/dovecot/conf.d/15-mailboxes.conf + fi update-rc.d dovecot defaults service dovecot start check_result $? "dovecot start failed" From c32fa673e15272779de2934d410fff72cb6702c3 Mon Sep 17 00:00:00 2001 From: Alexandr Loskutov Date: Sun, 4 Nov 2018 08:21:36 +0200 Subject: [PATCH 38/62] Fix Dovecot namespace inbox=yes for CentOS 7 Co-Authored-By: dpeca --- install/vst-install-rhel.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/install/vst-install-rhel.sh b/install/vst-install-rhel.sh index 3aaad808..385534ec 100755 --- a/install/vst-install-rhel.sh +++ b/install/vst-install-rhel.sh @@ -1127,6 +1127,9 @@ if [ "$dovecot" = 'yes' ]; then cp -rf $vestacp/dovecot /etc/ cp -f $vestacp/logrotate/dovecot /etc/logrotate.d/ chown -R root:root /etc/dovecot* + if [ "$release" -eq 7 ]; then + sed -i "s#namespace inbox {#namespace inbox {\n inbox = yes#" /etc/dovecot/conf.d/15-mailboxes.conf + fi chkconfig dovecot on service dovecot start check_result $? "dovecot start failed" From 381bc48e9652bdcfe74ef0c864076fd48df5bc07 Mon Sep 17 00:00:00 2001 From: "Made I.T" Date: Thu, 8 Nov 2018 16:32:31 +0100 Subject: [PATCH 39/62] Fix dubble www --- bin/v-add-web-domain | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/bin/v-add-web-domain b/bin/v-add-web-domain index b937330c..1005bc9c 100755 --- a/bin/v-add-web-domain +++ b/bin/v-add-web-domain @@ -113,9 +113,12 @@ if [ "$aliases" = 'none' ]; then ALIAS='' else ALIAS="www.$domain" - if [ ! -z "$aliases" ]; then - ALIAS="$ALIAS,$aliases" + if [ -z "$aliases" ]; then + ALIAS="www.$domain" + else + ALIAS="$aliases" fi + ip_alias=$(get_ip_alias $domain) if [ ! -z "$ip_alias" ]; then ALIAS="$ALIAS,$ip_alias" From 2dc406aae4801b4151daa4f8e052a3ad367e3a8d Mon Sep 17 00:00:00 2001 From: "Made I.T" Date: Thu, 8 Nov 2018 16:33:34 +0100 Subject: [PATCH 40/62] Fix dubble www --- func/main.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/func/main.sh b/func/main.sh index e78e6edf..ca4ac3c5 100644 --- a/func/main.sh +++ b/func/main.sh @@ -933,7 +933,7 @@ format_aliases() { aliases=$(echo "$aliases" |tr -s '.') aliases=$(echo "$aliases" |sed -e "s/[.]*$//g") aliases=$(echo "$aliases" |sed -e "s/^[.]*//") - aliases=$(echo "$aliases" |grep -v www.$domain |sed -e "/^$/d") + aliases=$(echo "$aliases" |sed -e "/^$/d") aliases=$(echo "$aliases" |tr '\n' ',' |sed -e "s/,$//") fi } From b9210522f57ee8f1c090d607a73bef5663108a65 Mon Sep 17 00:00:00 2001 From: dpeca Date: Fri, 9 Nov 2018 17:47:05 +0100 Subject: [PATCH 41/62] Ubuntu 18.04 dovecot namespace inbox fix Fix based on https://github.com/serghey-rodin/vesta/pull/1669/files --- install/ubuntu/18.04/dovecot/dovecot.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install/ubuntu/18.04/dovecot/dovecot.conf b/install/ubuntu/18.04/dovecot/dovecot.conf index 311a3351..163460ba 100644 --- a/install/ubuntu/18.04/dovecot/dovecot.conf +++ b/install/ubuntu/18.04/dovecot/dovecot.conf @@ -3,7 +3,7 @@ listen = *, :: base_dir = /var/run/dovecot/ !include conf.d/*.conf -namespace { +namespace inbox { type = private separator = / prefix = From e799566c6ba1c84e6689cb016bbc0f05abda2767 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luka=20Paunovi=C4=87?= Date: Wed, 14 Nov 2018 00:14:04 +0100 Subject: [PATCH 42/62] vary vary, causes page speed issues --- install/debian/7/nginx/nginx.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/install/debian/7/nginx/nginx.conf b/install/debian/7/nginx/nginx.conf index e7256de7..6bc999f9 100644 --- a/install/debian/7/nginx/nginx.conf +++ b/install/debian/7/nginx/nginx.conf @@ -50,6 +50,7 @@ http { # Compression gzip on; + gzip_vary on; gzip_comp_level 9; gzip_min_length 512; gzip_buffers 8 64k; From 591bfdaad19b91ed73ddf93313123ecc3c1b035b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luka=20Paunovi=C4=87?= Date: Wed, 14 Nov 2018 00:14:39 +0100 Subject: [PATCH 43/62] Update nginx.conf --- install/debian/8/nginx/nginx.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/install/debian/8/nginx/nginx.conf b/install/debian/8/nginx/nginx.conf index 1eef1672..e8967d8e 100644 --- a/install/debian/8/nginx/nginx.conf +++ b/install/debian/8/nginx/nginx.conf @@ -51,6 +51,7 @@ http { # Compression gzip on; + gzip_vary on; gzip_comp_level 9; gzip_min_length 512; gzip_buffers 8 64k; From a3982fd477136acfa66314de153eee66a464151e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luka=20Paunovi=C4=87?= Date: Wed, 14 Nov 2018 00:16:24 +0100 Subject: [PATCH 44/62] Update nginx.conf vary on --- install/debian/9/nginx/nginx.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/install/debian/9/nginx/nginx.conf b/install/debian/9/nginx/nginx.conf index 1eef1672..e8967d8e 100644 --- a/install/debian/9/nginx/nginx.conf +++ b/install/debian/9/nginx/nginx.conf @@ -51,6 +51,7 @@ http { # Compression gzip on; + gzip_vary on; gzip_comp_level 9; gzip_min_length 512; gzip_buffers 8 64k; From 4d70c416ca7425076e58fc921b051123f58c8abe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luka=20Paunovi=C4=87?= Date: Wed, 14 Nov 2018 00:17:02 +0100 Subject: [PATCH 45/62] Update nginx.conf vary on --- install/rhel/7/nginx/nginx.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/install/rhel/7/nginx/nginx.conf b/install/rhel/7/nginx/nginx.conf index e0575030..0a37ebbc 100644 --- a/install/rhel/7/nginx/nginx.conf +++ b/install/rhel/7/nginx/nginx.conf @@ -50,6 +50,7 @@ http { # Compression gzip on; + gzip_vary on; gzip_comp_level 9; gzip_min_length 512; gzip_buffers 8 64k; From 49cf56972954ef9b3da144da60c1ab53007a6ce4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luka=20Paunovi=C4=87?= Date: Wed, 14 Nov 2018 00:17:31 +0100 Subject: [PATCH 46/62] Update nginx.conf vary on --- install/rhel/6/nginx/nginx.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/install/rhel/6/nginx/nginx.conf b/install/rhel/6/nginx/nginx.conf index e0575030..0a37ebbc 100644 --- a/install/rhel/6/nginx/nginx.conf +++ b/install/rhel/6/nginx/nginx.conf @@ -50,6 +50,7 @@ http { # Compression gzip on; + gzip_vary on; gzip_comp_level 9; gzip_min_length 512; gzip_buffers 8 64k; From 812e001723fb1b62537d0b47daf3203f1f16c5e5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luka=20Paunovi=C4=87?= Date: Wed, 14 Nov 2018 00:18:06 +0100 Subject: [PATCH 47/62] Update nginx.conf vary on --- install/rhel/5/nginx/nginx.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/install/rhel/5/nginx/nginx.conf b/install/rhel/5/nginx/nginx.conf index e0575030..0a37ebbc 100644 --- a/install/rhel/5/nginx/nginx.conf +++ b/install/rhel/5/nginx/nginx.conf @@ -50,6 +50,7 @@ http { # Compression gzip on; + gzip_vary on; gzip_comp_level 9; gzip_min_length 512; gzip_buffers 8 64k; From 4073325014f92dc1c34a43f5f36d5d0235eb29df Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luka=20Paunovi=C4=87?= Date: Wed, 14 Nov 2018 00:20:21 +0100 Subject: [PATCH 48/62] Update nginx.conf vary on --- install/ubuntu/12.04/nginx/nginx.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/install/ubuntu/12.04/nginx/nginx.conf b/install/ubuntu/12.04/nginx/nginx.conf index e7256de7..6bc999f9 100644 --- a/install/ubuntu/12.04/nginx/nginx.conf +++ b/install/ubuntu/12.04/nginx/nginx.conf @@ -50,6 +50,7 @@ http { # Compression gzip on; + gzip_vary on; gzip_comp_level 9; gzip_min_length 512; gzip_buffers 8 64k; From 151f82e51958ff3941d4c32209c7a2e3264eb599 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luka=20Paunovi=C4=87?= Date: Wed, 14 Nov 2018 00:21:12 +0100 Subject: [PATCH 49/62] Update nginx.conf vary on --- install/ubuntu/18.04/nginx/nginx.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/install/ubuntu/18.04/nginx/nginx.conf b/install/ubuntu/18.04/nginx/nginx.conf index 790aee49..dc2cf1dd 100644 --- a/install/ubuntu/18.04/nginx/nginx.conf +++ b/install/ubuntu/18.04/nginx/nginx.conf @@ -50,6 +50,7 @@ http { # Compression gzip on; + gzip_vary on; gzip_static on; gzip_vary on; gzip_comp_level 6; From 61c439554e404fa124dc577c53649bb960e8b24e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luka=20Paunovi=C4=87?= Date: Wed, 14 Nov 2018 00:21:38 +0100 Subject: [PATCH 50/62] Update nginx.conf vary on --- install/ubuntu/17.10/nginx/nginx.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/install/ubuntu/17.10/nginx/nginx.conf b/install/ubuntu/17.10/nginx/nginx.conf index e7256de7..6bc999f9 100644 --- a/install/ubuntu/17.10/nginx/nginx.conf +++ b/install/ubuntu/17.10/nginx/nginx.conf @@ -50,6 +50,7 @@ http { # Compression gzip on; + gzip_vary on; gzip_comp_level 9; gzip_min_length 512; gzip_buffers 8 64k; From 433166a4776b25d4469316cce98f64452650b73d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luka=20Paunovi=C4=87?= Date: Wed, 14 Nov 2018 00:22:32 +0100 Subject: [PATCH 51/62] Update nginx.conf vary on --- install/ubuntu/17.04/nginx/nginx.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/install/ubuntu/17.04/nginx/nginx.conf b/install/ubuntu/17.04/nginx/nginx.conf index e7256de7..6bc999f9 100644 --- a/install/ubuntu/17.04/nginx/nginx.conf +++ b/install/ubuntu/17.04/nginx/nginx.conf @@ -50,6 +50,7 @@ http { # Compression gzip on; + gzip_vary on; gzip_comp_level 9; gzip_min_length 512; gzip_buffers 8 64k; From 46b7d8438fc3e477821c5004670c1918dab274ea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luka=20Paunovi=C4=87?= Date: Wed, 14 Nov 2018 00:23:06 +0100 Subject: [PATCH 52/62] Update nginx.conf vary on --- install/ubuntu/12.10/nginx/nginx.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/install/ubuntu/12.10/nginx/nginx.conf b/install/ubuntu/12.10/nginx/nginx.conf index e7256de7..6bc999f9 100644 --- a/install/ubuntu/12.10/nginx/nginx.conf +++ b/install/ubuntu/12.10/nginx/nginx.conf @@ -50,6 +50,7 @@ http { # Compression gzip on; + gzip_vary on; gzip_comp_level 9; gzip_min_length 512; gzip_buffers 8 64k; From ef422f62f643b5212fc1543de82a407f95c65e5a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luka=20Paunovi=C4=87?= Date: Wed, 14 Nov 2018 00:23:19 +0100 Subject: [PATCH 53/62] Update nginx.conf vary on --- install/ubuntu/13.04/nginx/nginx.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/install/ubuntu/13.04/nginx/nginx.conf b/install/ubuntu/13.04/nginx/nginx.conf index e7256de7..6bc999f9 100644 --- a/install/ubuntu/13.04/nginx/nginx.conf +++ b/install/ubuntu/13.04/nginx/nginx.conf @@ -50,6 +50,7 @@ http { # Compression gzip on; + gzip_vary on; gzip_comp_level 9; gzip_min_length 512; gzip_buffers 8 64k; From ccc4e5a2626607e09d84a99e7c5bec11c9e6d337 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luka=20Paunovi=C4=87?= Date: Wed, 14 Nov 2018 00:23:45 +0100 Subject: [PATCH 54/62] Update nginx.conf vary on --- install/ubuntu/13.10/nginx/nginx.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/install/ubuntu/13.10/nginx/nginx.conf b/install/ubuntu/13.10/nginx/nginx.conf index e7256de7..6bc999f9 100644 --- a/install/ubuntu/13.10/nginx/nginx.conf +++ b/install/ubuntu/13.10/nginx/nginx.conf @@ -50,6 +50,7 @@ http { # Compression gzip on; + gzip_vary on; gzip_comp_level 9; gzip_min_length 512; gzip_buffers 8 64k; From 936b225b30382444ff45dd941597fa9ef570f76e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luka=20Paunovi=C4=87?= Date: Wed, 14 Nov 2018 00:24:02 +0100 Subject: [PATCH 55/62] Update nginx.conf vary on --- install/ubuntu/16.10/nginx/nginx.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/install/ubuntu/16.10/nginx/nginx.conf b/install/ubuntu/16.10/nginx/nginx.conf index e7256de7..6bc999f9 100644 --- a/install/ubuntu/16.10/nginx/nginx.conf +++ b/install/ubuntu/16.10/nginx/nginx.conf @@ -50,6 +50,7 @@ http { # Compression gzip on; + gzip_vary on; gzip_comp_level 9; gzip_min_length 512; gzip_buffers 8 64k; From d6e0b4e18f39a8169df8ffe83db0b3541e888cc6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luka=20Paunovi=C4=87?= Date: Wed, 14 Nov 2018 00:24:17 +0100 Subject: [PATCH 56/62] Update nginx.conf vary on --- install/ubuntu/16.04/nginx/nginx.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/install/ubuntu/16.04/nginx/nginx.conf b/install/ubuntu/16.04/nginx/nginx.conf index e7256de7..6bc999f9 100644 --- a/install/ubuntu/16.04/nginx/nginx.conf +++ b/install/ubuntu/16.04/nginx/nginx.conf @@ -50,6 +50,7 @@ http { # Compression gzip on; + gzip_vary on; gzip_comp_level 9; gzip_min_length 512; gzip_buffers 8 64k; From 0f1fb8aa43f3cf5c6947a0e9ceacf866f40a797d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luka=20Paunovi=C4=87?= Date: Wed, 14 Nov 2018 00:24:25 +0100 Subject: [PATCH 57/62] Update nginx.conf --- install/ubuntu/15.10/nginx/nginx.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/install/ubuntu/15.10/nginx/nginx.conf b/install/ubuntu/15.10/nginx/nginx.conf index e7256de7..6bc999f9 100644 --- a/install/ubuntu/15.10/nginx/nginx.conf +++ b/install/ubuntu/15.10/nginx/nginx.conf @@ -50,6 +50,7 @@ http { # Compression gzip on; + gzip_vary on; gzip_comp_level 9; gzip_min_length 512; gzip_buffers 8 64k; From 13d713ecc817e6a894609e25d26500532cb56fa4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luka=20Paunovi=C4=87?= Date: Wed, 14 Nov 2018 00:24:42 +0100 Subject: [PATCH 58/62] Update nginx.conf --- install/ubuntu/15.04/nginx/nginx.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/install/ubuntu/15.04/nginx/nginx.conf b/install/ubuntu/15.04/nginx/nginx.conf index e7256de7..6bc999f9 100644 --- a/install/ubuntu/15.04/nginx/nginx.conf +++ b/install/ubuntu/15.04/nginx/nginx.conf @@ -50,6 +50,7 @@ http { # Compression gzip on; + gzip_vary on; gzip_comp_level 9; gzip_min_length 512; gzip_buffers 8 64k; From c82e50056d6f807a1f0056449b8f40c95e132c3c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luka=20Paunovi=C4=87?= Date: Wed, 14 Nov 2018 00:24:58 +0100 Subject: [PATCH 59/62] Update nginx.conf vary on --- install/ubuntu/14.10/nginx/nginx.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/install/ubuntu/14.10/nginx/nginx.conf b/install/ubuntu/14.10/nginx/nginx.conf index e7256de7..6bc999f9 100644 --- a/install/ubuntu/14.10/nginx/nginx.conf +++ b/install/ubuntu/14.10/nginx/nginx.conf @@ -50,6 +50,7 @@ http { # Compression gzip on; + gzip_vary on; gzip_comp_level 9; gzip_min_length 512; gzip_buffers 8 64k; From e67297010370a1a006815f18ea3a6a7e0ef86d96 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luka=20Paunovi=C4=87?= Date: Wed, 14 Nov 2018 00:25:12 +0100 Subject: [PATCH 60/62] Update nginx.conf vary on --- install/ubuntu/14.04/nginx/nginx.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/install/ubuntu/14.04/nginx/nginx.conf b/install/ubuntu/14.04/nginx/nginx.conf index 1932d171..c44ab650 100644 --- a/install/ubuntu/14.04/nginx/nginx.conf +++ b/install/ubuntu/14.04/nginx/nginx.conf @@ -50,6 +50,7 @@ http { # Compression gzip on; + gzip_vary on; gzip_comp_level 9; gzip_min_length 512; gzip_buffers 8 64k; From 0437c4ac3ee2056f2ed2fdfd10a6e6693b292699 Mon Sep 17 00:00:00 2001 From: Serghey Rodin Date: Wed, 14 Nov 2018 17:53:48 +0200 Subject: [PATCH 61/62] fix backup exlustions for files --- bin/v-backup-user | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/bin/v-backup-user b/bin/v-backup-user index f9569aa4..0c9e7c1b 100755 --- a/bin/v-backup-user +++ b/bin/v-backup-user @@ -216,6 +216,9 @@ if [ ! -z "$WEB_SYSTEM" ] && [ "$WEB" != '*' ]; then cp $USER_DATA/ssl/$domain.* vesta/ fi + # Changin dir to documentroot + cd $HOMEDIR/$user/web/$domain + # Define exclude arguments exlusion=$(echo -e "$WEB" |tr ',' '\n' |grep "^$domain:") set -f @@ -224,15 +227,21 @@ if [ ! -z "$WEB_SYSTEM" ] && [ "$WEB" != '*' ]; then if [ ! -z "$exlusion" ]; then xdirs="$(echo -e "$exlusion" |tr ':' '\n' |grep -v $domain)" for xpath in $xdirs; do - fargs+=(--exclude=$xpath/*) - echo "$(date "+%F %T") excluding directory $xpath" - msg="$msg\n$(date "+%F %T") excluding directory $xpath" + for xpath in $xdirs; do + if [ -d "$xpath" ]; then + fargs+=(--exclude=$xpath/*) + echo "$(date "+%F %T") excluding directory $xpath" + msg="$msg\n$(date "+%F %T") excluding directory $xpath" + else + echo "$(date "+%F %T") excluding file $xpath" + msg="$msg\n$(date "+%F %T") excluding file $xpath" + fargs+=(--exclude=$xpath) + fi done fi set +f # Backup files - cd $HOMEDIR/$user/web/$domain tar -cpf- * ${fargs[@]} |gzip -$BACKUP_GZIP - > $tmpdir/web/$domain/domain_data.tar.gz done From 00bc162fe6d1d5c5d0cbc336124bc1521299316a Mon Sep 17 00:00:00 2001 From: Serghey Rodin Date: Tue, 20 Nov 2018 11:20:21 +0200 Subject: [PATCH 62/62] removed duplicate loop --- bin/v-backup-user | 1 - 1 file changed, 1 deletion(-) diff --git a/bin/v-backup-user b/bin/v-backup-user index 0c9e7c1b..4ecc66aa 100755 --- a/bin/v-backup-user +++ b/bin/v-backup-user @@ -226,7 +226,6 @@ if [ ! -z "$WEB_SYSTEM" ] && [ "$WEB" != '*' ]; then fargs+=(--exclude='logs/*') if [ ! -z "$exlusion" ]; then xdirs="$(echo -e "$exlusion" |tr ':' '\n' |grep -v $domain)" - for xpath in $xdirs; do for xpath in $xdirs; do if [ -d "$xpath" ]; then fargs+=(--exclude=$xpath/*)