github/myvesta
1
0
Fork 0
mirror of https://github.com/myvesta/vesta synced 2025-07-14 09:03:23 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge branch 'master' into fix-tar-exclude-folder

Browse source
This commit is contained in:
Dmitry Bannik 2018-11-21 04:46:41 +03:00 committed by GitHub
commit eb29a1f374
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
189 changed files with 3427 additions and 4083 deletions
Download patch file Download diff file Expand all files Collapse all files

8
bin/v-add-backup-host
View file

@ -38,8 +38,8 @@ EOF
sftpc() { sftpc() {
expect -f "-" <<EOF "$@" expect -f "-" <<EOF "$@"
set count 0 set count 0
spawn /usr/bin/sftp -o StrictHostKeyChecking=no -o \ spawn "/usr/bin/sftp -o StrictHostKeyChecking=no -o \
Port=$port $user@$host Port=$port '$user@$host'"
expect { expect {
"password:" { "password:" {
send "$password\r" send "$password\r"
@ -94,12 +94,14 @@ EOF
if [ "$type" != 'local' ];then if [ "$type" != 'local' ];then
check_args '4' "$#" "TYPE HOST USERNAME PASSWORD [PATH] [PORT]" check_args '4' "$#" "TYPE HOST USERNAME PASSWORD [PATH] [PORT]"
is_format_valid 'host' is_format_valid 'user' 'host' 'path' 'port'
is_password_valid is_password_valid
if [ "$type" = 'sftp' ]; then if [ "$type" = 'sftp' ]; then
which expect >/dev/null 2>&1 which expect >/dev/null 2>&1
check_result $? "expect command not found" $E_NOTEXIST check_result $? "expect command not found" $E_NOTEXIST
fi fi
host "$host" >/dev/null 2>&1
check_result $? "host connection failed" "$E_CONNECT"
fi fi

22
bin/v-add-user-package
View file

@ -30,37 +30,37 @@ is_package_new() {
is_package_consistent() { is_package_consistent() {
source $pkg_dir/$package.pkg source $pkg_dir/$package.pkg
if [ "$WEB_DOMAINS" != 'unlimited' ]; then if [ "$WEB_DOMAINS" != 'unlimited' ]; then
is_format_valid_int $WEB_DOMAINS 'WEB_DOMAINS' is_int_format_valid $WEB_DOMAINS 'WEB_DOMAINS'
fi fi
if [ "$WEB_ALIASES" != 'unlimited' ]; then if [ "$WEB_ALIASES" != 'unlimited' ]; then
is_format_valid_int $WEB_ALIASES 'WEB_ALIASES' is_int_format_valid $WEB_ALIASES 'WEB_ALIASES'
fi fi
if [ "$DNS_DOMAINS" != 'unlimited' ]; then if [ "$DNS_DOMAINS" != 'unlimited' ]; then
is_format_valid_int $DNS_DOMAINS 'DNS_DOMAINS' is_int_format_valid $DNS_DOMAINS 'DNS_DOMAINS'
fi fi
if [ "$DNS_RECORDS" != 'unlimited' ]; then if [ "$DNS_RECORDS" != 'unlimited' ]; then
is_format_valid_int $DNS_RECORDS 'DNS_RECORDS' is_int_format_valid $DNS_RECORDS 'DNS_RECORDS'
fi fi
if [ "$MAIL_DOMAINS" != 'unlimited' ]; then if [ "$MAIL_DOMAINS" != 'unlimited' ]; then
is_format_valid_int $MAIL_DOMAINS 'MAIL_DOMAINS' is_int_format_valid $MAIL_DOMAINS 'MAIL_DOMAINS'
fi fi
if [ "$MAIL_ACCOUNTS" != 'unlimited' ]; then if [ "$MAIL_ACCOUNTS" != 'unlimited' ]; then
is_format_valid_int $MAIL_ACCOUNTS 'MAIL_ACCOUNTS' is_int_format_valid $MAIL_ACCOUNTS 'MAIL_ACCOUNTS'
fi fi
if [ "$DATABASES" != 'unlimited' ]; then if [ "$DATABASES" != 'unlimited' ]; then
is_format_valid_int $DATABASES 'DATABASES' is_int_format_valid $DATABASES 'DATABASES'
fi fi
if [ "$CRON_JOBS" != 'unlimited' ]; then if [ "$CRON_JOBS" != 'unlimited' ]; then
is_format_valid_int $CRON_JOBS 'CRON_JOBS' is_int_format_valid $CRON_JOBS 'CRON_JOBS'
fi fi
if [ "$DISK_QUOTA" != 'unlimited' ]; then if [ "$DISK_QUOTA" != 'unlimited' ]; then
is_format_valid_int $DISK_QUOTA 'DISK_QUOTA' is_int_format_valid $DISK_QUOTA 'DISK_QUOTA'
fi fi
if [ "$BANDWIDTH" != 'unlimited' ]; then if [ "$BANDWIDTH" != 'unlimited' ]; then
is_format_valid_int $BANDWIDTH 'BANDWIDTH' is_int_format_valid $BANDWIDTH 'BANDWIDTH'
fi fi
if [ "$BACKUPS" != 'unlimited' ]; then if [ "$BACKUPS" != 'unlimited' ]; then
is_format_valid_int $BACKUPS 'BACKUPS' is_int_format_valid $BACKUPS 'BACKUPS'
fi fi
is_format_valid_shell $SHELL is_format_valid_shell $SHELL
} }

7
bin/v-add-web-domain
View file

@ -113,9 +113,12 @@ if [ "$aliases" = 'none' ]; then
ALIAS='' ALIAS=''
else else
ALIAS="www.$domain" ALIAS="www.$domain"
if [ ! -z "$aliases" ]; then if [ -z "$aliases" ]; then
ALIAS="$ALIAS,$aliases" ALIAS="www.$domain"
else
ALIAS="$aliases"
fi fi
ip_alias=$(get_ip_alias $domain) ip_alias=$(get_ip_alias $domain)
if [ ! -z "$ip_alias" ]; then if [ ! -z "$ip_alias" ]; then
ALIAS="$ALIAS,$ip_alias" ALIAS="$ALIAS,$ip_alias"

13
bin/v-backup-user
View file

@ -216,6 +216,9 @@ if [ ! -z "$WEB_SYSTEM" ] && [ "$WEB" != '*' ]; then
cp $USER_DATA/ssl/$domain.* vesta/ cp $USER_DATA/ssl/$domain.* vesta/
fi fi
# Changin dir to documentroot
cd $HOMEDIR/$user/web/$domain
# Define exclude arguments # Define exclude arguments
exlusion=$(echo -e "$WEB" |tr ',' '\n' |grep "^$domain:") exlusion=$(echo -e "$WEB" |tr ',' '\n' |grep "^$domain:")
set -f set -f
@ -224,15 +227,20 @@ if [ ! -z "$WEB_SYSTEM" ] && [ "$WEB" != '*' ]; then
if [ ! -z "$exlusion" ]; then if [ ! -z "$exlusion" ]; then
xdirs="$(echo -e "$exlusion" |tr ':' '\n' |grep -v $domain)" xdirs="$(echo -e "$exlusion" |tr ':' '\n' |grep -v $domain)"
for xpath in $xdirs; do for xpath in $xdirs; do
if [ -d "$xpath" ]; then
fargs+=(--exclude=$xpath/*) fargs+=(--exclude=$xpath/*)
echo "$(date "+%F %T") excluding directory $xpath" echo "$(date "+%F %T") excluding directory $xpath"
msg="$msg\n$(date "+%F %T") excluding directory $xpath" msg="$msg\n$(date "+%F %T") excluding directory $xpath"
else
echo "$(date "+%F %T") excluding file $xpath"
msg="$msg\n$(date "+%F %T") excluding file $xpath"
fargs+=(--exclude=$xpath)
fi
done done
fi fi
set +f set +f
# Backup files # Backup files
cd $HOMEDIR/$user/web/$domain
tar -cpf- ${fargs[@]} * |gzip -$BACKUP_GZIP - > $tmpdir/web/$domain/domain_data.tar.gz tar -cpf- ${fargs[@]} * |gzip -$BACKUP_GZIP - > $tmpdir/web/$domain/domain_data.tar.gz
done done
@ -392,7 +400,9 @@ if [ ! -z "$DB_SYSTEM" ] && [ "$DB" != '*' ]; then
grep "DB='$database'" $conf > vesta/db.conf grep "DB='$database'" $conf > vesta/db.conf
dump="$tmpdir/db/$database/$database.$TYPE.sql" dump="$tmpdir/db/$database/$database.$TYPE.sql"
dumpgz="$tmpdir/db/$database/$database.$TYPE.sql.gz"
grants="$tmpdir/db/$database/conf/$database.$TYPE.$DBUSER" grants="$tmpdir/db/$database/conf/$database.$TYPE.$DBUSER"
if [ ! -f "$dumpgz" ]; then
case $TYPE in case $TYPE in
mysql) dump_mysql_database ;; mysql) dump_mysql_database ;;
pgsql) dump_pgsql_database ;; pgsql) dump_pgsql_database ;;
@ -400,6 +410,7 @@ if [ ! -z "$DB_SYSTEM" ] && [ "$DB" != '*' ]; then
# Compress dump # Compress dump
gzip -$BACKUP_GZIP $dump gzip -$BACKUP_GZIP $dump
fi
done done
# Print total # Print total

3
bin/v-backup-users
View file

@ -28,6 +28,9 @@ if [ -z "$BACKUP_SYSTEM" ]; then
exit exit
fi fi
for user in $(grep '@' /etc/passwd |cut -f1 -d:); do for user in $(grep '@' /etc/passwd |cut -f1 -d:); do
if [ ! -f "$VESTA/data/users/$user/user.conf" ]; then
continue;
fi
check_suspend=$(grep "SUSPENDED='no'" $VESTA/data/users/$user/user.conf) check_suspend=$(grep "SUSPENDED='no'" $VESTA/data/users/$user/user.conf)
log=$VESTA/log/backup.log log=$VESTA/log/backup.log
if [ ! -z "$check_suspend" ]; then if [ ! -z "$check_suspend" ]; then

25
bin/v-list-users
View file

@ -15,9 +15,14 @@ format=${1-shell}
# JSON list function # JSON list function
json_list() { json_list() {
echo '{' echo '{'
object_count=$(grep '@' /etc/passwd |wc -l)
i=1 i=1
while read USER; do while read USER; do
if [ ! -f "$VESTA/data/users/$USER/user.conf" ]; then
continue;
fi
if [ $i -gt 1 ]; then
echo ","
fi
source $VESTA/data/users/$USER/user.conf source $VESTA/data/users/$USER/user.conf
echo -n ' "'$USER'": { echo -n ' "'$USER'": {
"FNAME": "'$FNAME'", "FNAME": "'$FNAME'",
@ -74,14 +79,8 @@ json_list() {
"TIME": "'$TIME'", "TIME": "'$TIME'",
"DATE": "'$DATE'" "DATE": "'$DATE'"
}' }'
if [ "$i" -lt "$object_count" ]; then
echo ','
else
echo
fi
((i++)) ((i++))
done < <(grep '@' /etc/passwd |cut -f1 -d:) done < <(grep '@' /etc/passwd |cut -f1 -d:)
echo '}' echo '}'
} }
@ -90,6 +89,9 @@ shell_list() {
echo "USER PKG WEB DNS MAIL DB DISK BW SPND DATE" echo "USER PKG WEB DNS MAIL DB DISK BW SPND DATE"
echo "---- --- --- --- --- -- ---- -- ---- ----" echo "---- --- --- --- --- -- ---- -- ---- ----"
while read USER; do while read USER; do
if [ ! -f "$VESTA/data/users/$USER/user.conf" ]; then
continue;
fi
source $VESTA/data/users/$USER/user.conf source $VESTA/data/users/$USER/user.conf
echo -n "$USER $PACKAGE $U_WEB_DOMAINS $U_DNS_DOMAINS $U_MAIL_DOMAINS" echo -n "$USER $PACKAGE $U_WEB_DOMAINS $U_DNS_DOMAINS $U_MAIL_DOMAINS"
echo " $U_DATABASES $U_DISK $U_BANDWIDTH $SUSPENDED $DATE" echo " $U_DATABASES $U_DISK $U_BANDWIDTH $SUSPENDED $DATE"
@ -99,6 +101,9 @@ shell_list() {
# PLAIN list function # PLAIN list function
plain_list() { plain_list() {
while read USER; do while read USER; do
if [ ! -f "$VESTA/data/users/$USER/user.conf" ]; then
continue;
fi
source $VESTA/data/users/$USER/user.conf source $VESTA/data/users/$USER/user.conf
echo -ne "$USER\t$FNAME\t$LNAME\t$PACKAGE\t$WEB_TEMPLATE\t" echo -ne "$USER\t$FNAME\t$LNAME\t$PACKAGE\t$WEB_TEMPLATE\t"
echo -ne "$BACKEND_TEMPLATE\t$PROXY_TEMPLATE\t$DNS_TEMPLATE\t" echo -ne "$BACKEND_TEMPLATE\t$PROXY_TEMPLATE\t$DNS_TEMPLATE\t"
@ -131,6 +136,9 @@ csv_list() {
echo -n "U_MAIL_DOMAINS,U_MAIL_DKIM,U_MAIL_ACCOUNTS,U_DATABASES" echo -n "U_MAIL_DOMAINS,U_MAIL_DKIM,U_MAIL_ACCOUNTS,U_DATABASES"
echo "U_CRON_JOBS,U_BACKUPS,LANGUAGE,TIME,DATE" echo "U_CRON_JOBS,U_BACKUPS,LANGUAGE,TIME,DATE"
while read USER; do while read USER; do
if [ ! -f "$VESTA/data/users/$USER/user.conf" ]; then
continue;
fi
source $VESTA/data/users/$USER/user.conf source $VESTA/data/users/$USER/user.conf
echo -n "$USER,\"$FNAME\",\"$LNAME\",$PACKAGE,$WEB_TEMPLATE," echo -n "$USER,\"$FNAME\",\"$LNAME\",$PACKAGE,$WEB_TEMPLATE,"
echo -n "$BACKEND_TEMPLATE,$PROXY_TEMPLATE,$DNS_TEMPLATE," echo -n "$BACKEND_TEMPLATE,$PROXY_TEMPLATE,$DNS_TEMPLATE,"
@ -151,6 +159,9 @@ csv_list() {
# Raw list function # Raw list function
raw_list() { raw_list() {
while read USER; do while read USER; do
if [ ! -f "$VESTA/data/users/$USER/user.conf" ]; then
continue;
fi
echo $VESTA/data/users/$USER/user.conf echo $VESTA/data/users/$USER/user.conf
cat $VESTA/data/users/$USER/user.conf cat $VESTA/data/users/$USER/user.conf
done < <(grep '@' /etc/passwd |cut -f1 -d:) done < <(grep '@' /etc/passwd |cut -f1 -d:)

1
bin/v-list-web-domain-ssl
View file

@ -19,6 +19,7 @@ source $VESTA/func/main.sh
# JSON list function # JSON list function
json_list() { json_list() {
issuer=$(echo "$issuer" |sed -e 's/"/\\"/g' -e "s/%quote%/'/g")
echo '{' echo '{'
echo -e "\t\"$domain\": {" echo -e "\t\"$domain\": {"
echo " \"CRT\": \"$crt\"," echo " \"CRT\": \"$crt\","

5
bin/v-open-fs-config
View file

@ -35,6 +35,11 @@ if [ ! -z "$src_file" ]; then
echo "Error: invalid source path $src_file" echo "Error: invalid source path $src_file"
exit 2 exit 2
fi fi
spath=$(echo "$rpath" |egrep "/etc|/var/lib")
if [ -z "$spath" ]; then
echo "Error: invalid source path $src_file"
exit 2
fi
fi fi
# Reading conf # Reading conf

6
bin/v-update-letsencrypt-ssl
View file

@ -31,7 +31,11 @@ for user in $users; do
# Checking user certificates # Checking user certificates
lecounter=0 lecounter=0
for domain in $(search_objects 'web' 'LETSENCRYPT' 'yes' 'DOMAIN'); do for domain in $(search_objects 'web' 'LETSENCRYPT' 'yes' 'DOMAIN'); do
# Working on Web domain check - if is suspended
webSuspended=$(grep "DOMAIN='$domain'" $USER_DATA/web.conf |grep "SUSPENDED='no")
if [ ! -z "$webSuspended" ]; then
continue;
fi;
crt="$VESTA/data/users/$user/ssl/$domain.crt" crt="$VESTA/data/users/$user/ssl/$domain.crt"
crt_data=$(openssl x509 -text -in "$crt") crt_data=$(openssl x509 -text -in "$crt")
expire=$(echo "$crt_data" |grep "Not After") expire=$(echo "$crt_data" |grep "Not After")

3
bin/v-update-user-stats
View file

@ -67,6 +67,9 @@ TOTAL_USERS=0
# Updating user stats # Updating user stats
for user in $user_list; do for user in $user_list; do
if [ ! -f "$VESTA/data/users/$user/user.conf" ]; then
continue;
fi
USER_DATA=$VESTA/data/users/$user USER_DATA=$VESTA/data/users/$user
source $USER_DATA/user.conf source $USER_DATA/user.conf
next_month=$(date +'%m/01/%y' -d '+ 1 month') next_month=$(date +'%m/01/%y' -d '+ 1 month')

15
func/main.sh
View file

@ -805,7 +805,16 @@ is_password_format_valid() {
check_result $E_INVALID "invalid password format :: $1" check_result $E_INVALID "invalid password format :: $1"
fi fi
} }
# Missing function -
# Before: validate_format_shell
# After: is_format_valid_shell
is_format_valid_shell() {
if [ -z "$(grep -w $1 /etc/shells)" ]; then
echo "Error: shell $1 is not valid"
log_event "$E_INVALID" "$EVENT"
exit $E_INVALID
fi
}
# Format validation controller # Format validation controller
is_format_valid() { is_format_valid() {
for arg_name in $*; do for arg_name in $*; do
@ -873,6 +882,8 @@ is_format_valid() {
rtype) is_dns_type_format_valid "$arg" ;; rtype) is_dns_type_format_valid "$arg" ;;
rule) is_int_format_valid "$arg" "rule id" ;; rule) is_int_format_valid "$arg" "rule id" ;;
soa) is_domain_format_valid "$arg" 'SOA' ;; soa) is_domain_format_valid "$arg" 'SOA' ;;
#missing command: is_format_valid_shell
shell) is_format_valid_shell "$arg" ;;
stats_pass) is_password_format_valid "$arg" ;; stats_pass) is_password_format_valid "$arg" ;;
stats_user) is_user_format_valid "$arg" "$arg_name" ;; stats_user) is_user_format_valid "$arg" "$arg_name" ;;
template) is_object_format_valid "$arg" "$arg_name" ;; template) is_object_format_valid "$arg" "$arg_name" ;;
@ -922,7 +933,7 @@ format_aliases() {
aliases=$(echo "$aliases" |tr -s '.') aliases=$(echo "$aliases" |tr -s '.')
aliases=$(echo "$aliases" |sed -e "s/[.]*$//g") aliases=$(echo "$aliases" |sed -e "s/[.]*$//g")
aliases=$(echo "$aliases" |sed -e "s/^[.]*//") aliases=$(echo "$aliases" |sed -e "s/^[.]*//")
aliases=$(echo "$aliases" |grep -v www.$domain |sed -e "/^$/d") aliases=$(echo "$aliases" |sed -e "/^$/d")
aliases=$(echo "$aliases" |tr '\n' ',' |sed -e "s/,$//") aliases=$(echo "$aliases" |tr '\n' ',' |sed -e "s/,$//")
fi fi
} }

1
install/debian/7/nginx/nginx.conf
View file

@ -50,6 +50,7 @@ http {
# Compression # Compression
gzip on; gzip on;
gzip_vary on;
gzip_comp_level 9; gzip_comp_level 9;
gzip_min_length 512; gzip_min_length 512;
gzip_buffers 8 64k; gzip_buffers 8 64k;

2
install/debian/7/sudo/admin
View file

@ -4,5 +4,5 @@ Defaults:admin !syslog
Defaults:admin !requiretty Defaults:admin !requiretty
Defaults:root !requiretty Defaults:root !requiretty
admin ALL=(ALL) ALL # sudo is limited to vesta scripts
admin ALL=NOPASSWD:/usr/local/vesta/bin/* admin ALL=NOPASSWD:/usr/local/vesta/bin/*

48
install/debian/7/templates/web/nginx/php5-fpm/drupal6.stpl
View file

@ -31,48 +31,42 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location @rewrite {
# For Drupal 6 and bwlow:
# Some modules enforce no slash (/) at the end of the URL
# Else this rewrite block wouldn't be needed (GlobalRedirect)
rewrite ^/(.*)$ /index.php?q=$1; rewrite ^/(.*)$ /index.php?q=$1;
} }
location ~ ^/sites/.*/files/styles/ { location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
try_files $uri @rewrite; try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ ^/sites/.*/files/imagecache/ {
try_files $uri @rewrite;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
} }
error_page 403 /error/404.html; error_page 403 /error/404.html;

49
install/debian/7/templates/web/nginx/php5-fpm/drupal6.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,48 +27,42 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location @rewrite {
# For Drupal 6 and bwlow:
# Some modules enforce no slash (/) at the end of the URL
# Else this rewrite block wouldn't be needed (GlobalRedirect)
rewrite ^/(.*)$ /index.php?q=$1; rewrite ^/(.*)$ /index.php?q=$1;
} }
location ~ ^/sites/.*/files/styles/ { location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
try_files $uri @rewrite; try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ ^/sites/.*/files/imagecache/ {
try_files $uri @rewrite;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
} }
error_page 403 /error/404.html; error_page 403 /error/404.html;

50
install/debian/7/templates/web/nginx/php5-fpm/drupal7.stpl
View file

@ -31,50 +31,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
} }
location ~ [^/]\.php(/|$) { location ~ /vendor/.*\.php$ {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; deny all;
if (!-f $document_root$fastcgi_script_name) {
return 404; return 404;
} }
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
}
location @rewrite {
# You have 2 options here
# For D7 and above:
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
}
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

51
install/debian/7/templates/web/nginx/php5-fpm/drupal7.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,50 +27,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
} }
location ~ [^/]\.php(/|$) { location ~ /vendor/.*\.php$ {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; deny all;
if (!-f $document_root$fastcgi_script_name) {
return 404; return 404;
} }
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
}
location @rewrite {
# You have 2 options here
# For D7 and above:
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
}
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

51
install/debian/7/templates/web/nginx/php5-fpm/drupal8.stpl
View file

@ -31,51 +31,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
} }
location ~ [^/]\.php(/|$)|^/update.php { location ~ /vendor/.*\.php$ {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$; deny all;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404; return 404;
} }
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
}
location @rewrite {
# You have 2 options here
# For D7 and above:
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
}
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

52
install/debian/7/templates/web/nginx/php5-fpm/drupal8.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,51 +27,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
} }
location ~ [^/]\.php(/|$)|^/update.php { location ~ /vendor/.*\.php$ {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$; deny all;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404; return 404;
} }
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
}
location @rewrite {
# You have 2 options here
# For D7 and above:
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
}
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

1
install/debian/8/nginx/nginx.conf
View file

@ -51,6 +51,7 @@ http {
# Compression # Compression
gzip on; gzip on;
gzip_vary on;
gzip_comp_level 9; gzip_comp_level 9;
gzip_min_length 512; gzip_min_length 512;
gzip_buffers 8 64k; gzip_buffers 8 64k;

2
install/debian/8/sudo/admin
View file

@ -4,5 +4,5 @@ Defaults:admin !syslog
Defaults:admin !requiretty Defaults:admin !requiretty
Defaults:root !requiretty Defaults:root !requiretty
admin ALL=(ALL) ALL # sudo is limited to vesta scripts
admin ALL=NOPASSWD:/usr/local/vesta/bin/* admin ALL=NOPASSWD:/usr/local/vesta/bin/*

48
install/debian/8/templates/web/nginx/php5-fpm/drupal6.stpl
View file

@ -31,48 +31,42 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location @rewrite {
# For Drupal 6 and bwlow:
# Some modules enforce no slash (/) at the end of the URL
# Else this rewrite block wouldn't be needed (GlobalRedirect)
rewrite ^/(.*)$ /index.php?q=$1; rewrite ^/(.*)$ /index.php?q=$1;
} }
location ~ ^/sites/.*/files/styles/ { location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
try_files $uri @rewrite; try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ ^/sites/.*/files/imagecache/ {
try_files $uri @rewrite;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
} }
error_page 403 /error/404.html; error_page 403 /error/404.html;

49
install/debian/8/templates/web/nginx/php5-fpm/drupal6.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,48 +27,42 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location @rewrite {
# For Drupal 6 and bwlow:
# Some modules enforce no slash (/) at the end of the URL
# Else this rewrite block wouldn't be needed (GlobalRedirect)
rewrite ^/(.*)$ /index.php?q=$1; rewrite ^/(.*)$ /index.php?q=$1;
} }
location ~ ^/sites/.*/files/styles/ { location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
try_files $uri @rewrite; try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ ^/sites/.*/files/imagecache/ {
try_files $uri @rewrite;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
} }
error_page 403 /error/404.html; error_page 403 /error/404.html;

50
install/debian/8/templates/web/nginx/php5-fpm/drupal7.stpl
View file

@ -31,50 +31,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
} }
location ~ [^/]\.php(/|$) { location ~ /vendor/.*\.php$ {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; deny all;
if (!-f $document_root$fastcgi_script_name) {
return 404; return 404;
} }
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
}
location @rewrite {
# You have 2 options here
# For D7 and above:
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
}
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

51
install/debian/8/templates/web/nginx/php5-fpm/drupal7.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,50 +27,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
} }
location ~ [^/]\.php(/|$) { location ~ /vendor/.*\.php$ {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; deny all;
if (!-f $document_root$fastcgi_script_name) {
return 404; return 404;
} }
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
}
location @rewrite {
# You have 2 options here
# For D7 and above:
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
}
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

51
install/debian/8/templates/web/nginx/php5-fpm/drupal8.stpl
View file

@ -31,51 +31,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
} }
location ~ [^/]\.php(/|$)|^/update.php { location ~ /vendor/.*\.php$ {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$; deny all;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404; return 404;
} }
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
}
location @rewrite {
# You have 2 options here
# For D7 and above:
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
}
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

52
install/debian/8/templates/web/nginx/php5-fpm/drupal8.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,51 +27,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
} }
location ~ [^/]\.php(/|$)|^/update.php { location ~ /vendor/.*\.php$ {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$; deny all;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404; return 404;
} }
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
}
location @rewrite {
# You have 2 options here
# For D7 and above:
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
}
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

1
install/debian/9/nginx/nginx.conf
View file

@ -51,6 +51,7 @@ http {
# Compression # Compression
gzip on; gzip on;
gzip_vary on;
gzip_comp_level 9; gzip_comp_level 9;
gzip_min_length 512; gzip_min_length 512;
gzip_buffers 8 64k; gzip_buffers 8 64k;

2
install/debian/9/sudo/admin
View file

@ -4,5 +4,5 @@ Defaults:admin !syslog
Defaults:admin !requiretty Defaults:admin !requiretty
Defaults:root !requiretty Defaults:root !requiretty
admin ALL=(ALL) ALL # sudo is limited to vesta scripts
admin ALL=NOPASSWD:/usr/local/vesta/bin/* admin ALL=NOPASSWD:/usr/local/vesta/bin/*

48
install/debian/9/templates/web/nginx/php-fpm/drupal6.stpl
View file

@ -31,48 +31,42 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location @rewrite {
# For Drupal 6 and bwlow:
# Some modules enforce no slash (/) at the end of the URL
# Else this rewrite block wouldn't be needed (GlobalRedirect)
rewrite ^/(.*)$ /index.php?q=$1; rewrite ^/(.*)$ /index.php?q=$1;
} }
location ~ ^/sites/.*/files/styles/ { location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
try_files $uri @rewrite; try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ ^/sites/.*/files/imagecache/ {
try_files $uri @rewrite;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
} }
error_page 403 /error/404.html; error_page 403 /error/404.html;

49
install/debian/9/templates/web/nginx/php-fpm/drupal6.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,48 +27,42 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location @rewrite {
# For Drupal 6 and bwlow:
# Some modules enforce no slash (/) at the end of the URL
# Else this rewrite block wouldn't be needed (GlobalRedirect)
rewrite ^/(.*)$ /index.php?q=$1; rewrite ^/(.*)$ /index.php?q=$1;
} }
location ~ ^/sites/.*/files/styles/ { location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
try_files $uri @rewrite; try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ ^/sites/.*/files/imagecache/ {
try_files $uri @rewrite;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
} }
error_page 403 /error/404.html; error_page 403 /error/404.html;

50
install/debian/9/templates/web/nginx/php-fpm/drupal7.stpl
View file

@ -31,50 +31,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
} }
location ~ [^/]\.php(/|$) { location ~ /vendor/.*\.php$ {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; deny all;
if (!-f $document_root$fastcgi_script_name) {
return 404; return 404;
} }
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
}
location @rewrite {
# You have 2 options here
# For D7 and above:
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
}
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

51
install/debian/9/templates/web/nginx/php-fpm/drupal7.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,50 +27,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
} }
location ~ [^/]\.php(/|$) { location ~ /vendor/.*\.php$ {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; deny all;
if (!-f $document_root$fastcgi_script_name) {
return 404; return 404;
} }
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
}
location @rewrite {
# You have 2 options here
# For D7 and above:
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
}
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

51
install/debian/9/templates/web/nginx/php-fpm/drupal8.stpl
View file

@ -31,51 +31,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
} }
location ~ [^/]\.php(/|$)|^/update.php { location ~ /vendor/.*\.php$ {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$; deny all;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404; return 404;
} }
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
}
location @rewrite {
# You have 2 options here
# For D7 and above:
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
}
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

52
install/debian/9/templates/web/nginx/php-fpm/drupal8.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,51 +27,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
} }
location ~ [^/]\.php(/|$)|^/update.php { location ~ /vendor/.*\.php$ {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$; deny all;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404; return 404;
} }
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
}
location @rewrite {
# You have 2 options here
# For D7 and above:
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
}
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

1
install/rhel/5/nginx/nginx.conf
View file

@ -50,6 +50,7 @@ http {
# Compression # Compression
gzip on; gzip on;
gzip_vary on;
gzip_comp_level 9; gzip_comp_level 9;
gzip_min_length 512; gzip_min_length 512;
gzip_buffers 8 64k; gzip_buffers 8 64k;

2
install/rhel/5/sudo/admin
View file

@ -4,5 +4,5 @@ Defaults:admin !syslog
Defaults:admin !requiretty Defaults:admin !requiretty
Defaults:root !requiretty Defaults:root !requiretty
admin ALL=(ALL) ALL # sudo is limited to vesta scripts
admin ALL=NOPASSWD:/usr/local/vesta/bin/* admin ALL=NOPASSWD:/usr/local/vesta/bin/*

48
install/rhel/5/templates/web/nginx/php-fpm/drupal6.stpl
View file

@ -31,48 +31,42 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location @rewrite {
# For Drupal 6 and bwlow:
# Some modules enforce no slash (/) at the end of the URL
# Else this rewrite block wouldn't be needed (GlobalRedirect)
rewrite ^/(.*)$ /index.php?q=$1; rewrite ^/(.*)$ /index.php?q=$1;
} }
location ~ ^/sites/.*/files/styles/ { location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
try_files $uri @rewrite; try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ ^/sites/.*/files/imagecache/ {
try_files $uri @rewrite;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
} }
error_page 403 /error/404.html; error_page 403 /error/404.html;

49
install/rhel/5/templates/web/nginx/php-fpm/drupal6.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,48 +27,42 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location @rewrite {
# For Drupal 6 and bwlow:
# Some modules enforce no slash (/) at the end of the URL
# Else this rewrite block wouldn't be needed (GlobalRedirect)
rewrite ^/(.*)$ /index.php?q=$1; rewrite ^/(.*)$ /index.php?q=$1;
} }
location ~ ^/sites/.*/files/styles/ { location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
try_files $uri @rewrite; try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ ^/sites/.*/files/imagecache/ {
try_files $uri @rewrite;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
} }
error_page 403 /error/404.html; error_page 403 /error/404.html;

50
install/rhel/5/templates/web/nginx/php-fpm/drupal7.stpl
View file

@ -31,50 +31,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
} }
location ~ [^/]\.php(/|$) { location ~ /vendor/.*\.php$ {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; deny all;
if (!-f $document_root$fastcgi_script_name) {
return 404; return 404;
} }
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
}
location @rewrite {
# You have 2 options here
# For D7 and above:
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
}
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

51
install/rhel/5/templates/web/nginx/php-fpm/drupal7.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,50 +27,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
} }
location ~ [^/]\.php(/|$) { location ~ /vendor/.*\.php$ {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; deny all;
if (!-f $document_root$fastcgi_script_name) {
return 404; return 404;
} }
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
}
location @rewrite {
# You have 2 options here
# For D7 and above:
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
}
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

51
install/rhel/5/templates/web/nginx/php-fpm/drupal8.stpl
View file

@ -31,51 +31,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
} }
location ~ [^/]\.php(/|$)|^/update.php { location ~ /vendor/.*\.php$ {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$; deny all;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404; return 404;
} }
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
}
location @rewrite {
# You have 2 options here
# For D7 and above:
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
}
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

52
install/rhel/5/templates/web/nginx/php-fpm/drupal8.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,51 +27,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
} }
location ~ [^/]\.php(/|$)|^/update.php { location ~ /vendor/.*\.php$ {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$; deny all;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404; return 404;
} }
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
}
location @rewrite {
# You have 2 options here
# For D7 and above:
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
}
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

1
install/rhel/6/nginx/nginx.conf
View file

@ -50,6 +50,7 @@ http {
# Compression # Compression
gzip on; gzip on;
gzip_vary on;
gzip_comp_level 9; gzip_comp_level 9;
gzip_min_length 512; gzip_min_length 512;
gzip_buffers 8 64k; gzip_buffers 8 64k;

2
install/rhel/6/sudo/admin
View file

@ -4,5 +4,5 @@ Defaults:admin !syslog
Defaults:admin !requiretty Defaults:admin !requiretty
Defaults:root !requiretty Defaults:root !requiretty
admin ALL=(ALL) ALL # sudo is limited to vesta scripts
admin ALL=NOPASSWD:/usr/local/vesta/bin/* admin ALL=NOPASSWD:/usr/local/vesta/bin/*

48
install/rhel/6/templates/web/nginx/php-fpm/drupal6.stpl
View file

@ -31,48 +31,42 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location @rewrite {
# For Drupal 6 and bwlow:
# Some modules enforce no slash (/) at the end of the URL
# Else this rewrite block wouldn't be needed (GlobalRedirect)
rewrite ^/(.*)$ /index.php?q=$1; rewrite ^/(.*)$ /index.php?q=$1;
} }
location ~ ^/sites/.*/files/styles/ { location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
try_files $uri @rewrite; try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ ^/sites/.*/files/imagecache/ {
try_files $uri @rewrite;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
} }
error_page 403 /error/404.html; error_page 403 /error/404.html;

49
install/rhel/6/templates/web/nginx/php-fpm/drupal6.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,48 +27,42 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location @rewrite {
# For Drupal 6 and bwlow:
# Some modules enforce no slash (/) at the end of the URL
# Else this rewrite block wouldn't be needed (GlobalRedirect)
rewrite ^/(.*)$ /index.php?q=$1; rewrite ^/(.*)$ /index.php?q=$1;
} }
location ~ ^/sites/.*/files/styles/ { location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
try_files $uri @rewrite; try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ ^/sites/.*/files/imagecache/ {
try_files $uri @rewrite;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
} }
error_page 403 /error/404.html; error_page 403 /error/404.html;

50
install/rhel/6/templates/web/nginx/php-fpm/drupal7.stpl
View file

@ -31,50 +31,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
} }
location ~ [^/]\.php(/|$) { location ~ /vendor/.*\.php$ {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; deny all;
if (!-f $document_root$fastcgi_script_name) {
return 404; return 404;
} }
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
}
location @rewrite {
# You have 2 options here
# For D7 and above:
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
}
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

51
install/rhel/6/templates/web/nginx/php-fpm/drupal7.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,50 +27,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
} }
location ~ [^/]\.php(/|$) { location ~ /vendor/.*\.php$ {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; deny all;
if (!-f $document_root$fastcgi_script_name) {
return 404; return 404;
} }
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
}
location @rewrite {
# You have 2 options here
# For D7 and above:
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
}
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

51
install/rhel/6/templates/web/nginx/php-fpm/drupal8.stpl
View file

@ -31,51 +31,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
} }
location ~ [^/]\.php(/|$)|^/update.php { location ~ /vendor/.*\.php$ {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$; deny all;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404; return 404;
} }
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
}
location @rewrite {
# You have 2 options here
# For D7 and above:
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
}
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

52
install/rhel/6/templates/web/nginx/php-fpm/drupal8.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,51 +27,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
} }
location ~ [^/]\.php(/|$)|^/update.php { location ~ /vendor/.*\.php$ {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$; deny all;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404; return 404;
} }
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
}
location @rewrite {
# You have 2 options here
# For D7 and above:
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
}
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

1
install/rhel/7/nginx/nginx.conf
View file

@ -50,6 +50,7 @@ http {
# Compression # Compression
gzip on; gzip on;
gzip_vary on;
gzip_comp_level 9; gzip_comp_level 9;
gzip_min_length 512; gzip_min_length 512;
gzip_buffers 8 64k; gzip_buffers 8 64k;

2
install/rhel/7/sudo/admin
View file

@ -4,5 +4,5 @@ Defaults:admin !syslog
Defaults:admin !requiretty Defaults:admin !requiretty
Defaults:root !requiretty Defaults:root !requiretty
admin ALL=(ALL) ALL # sudo is limited to vesta scripts
admin ALL=NOPASSWD:/usr/local/vesta/bin/* admin ALL=NOPASSWD:/usr/local/vesta/bin/*

48
install/rhel/7/templates/web/nginx/php-fpm/drupal6.stpl
View file

@ -31,48 +31,42 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location @rewrite {
# For Drupal 6 and bwlow:
# Some modules enforce no slash (/) at the end of the URL
# Else this rewrite block wouldn't be needed (GlobalRedirect)
rewrite ^/(.*)$ /index.php?q=$1; rewrite ^/(.*)$ /index.php?q=$1;
} }
location ~ ^/sites/.*/files/styles/ { location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
try_files $uri @rewrite; try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ ^/sites/.*/files/imagecache/ {
try_files $uri @rewrite;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
} }
error_page 403 /error/404.html; error_page 403 /error/404.html;

49
install/rhel/7/templates/web/nginx/php-fpm/drupal6.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,48 +27,42 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location @rewrite {
# For Drupal 6 and bwlow:
# Some modules enforce no slash (/) at the end of the URL
# Else this rewrite block wouldn't be needed (GlobalRedirect)
rewrite ^/(.*)$ /index.php?q=$1; rewrite ^/(.*)$ /index.php?q=$1;
} }
location ~ ^/sites/.*/files/styles/ { location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
try_files $uri @rewrite; try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ ^/sites/.*/files/imagecache/ {
try_files $uri @rewrite;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
} }
error_page 403 /error/404.html; error_page 403 /error/404.html;

50
install/rhel/7/templates/web/nginx/php-fpm/drupal7.stpl
View file

@ -31,50 +31,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
} }
location ~ [^/]\.php(/|$) { location ~ /vendor/.*\.php$ {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; deny all;
if (!-f $document_root$fastcgi_script_name) {
return 404; return 404;
} }
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
}
location @rewrite {
# You have 2 options here
# For D7 and above:
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
}
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

51
install/rhel/7/templates/web/nginx/php-fpm/drupal7.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,50 +27,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
} }
location ~ [^/]\.php(/|$) { location ~ /vendor/.*\.php$ {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; deny all;
if (!-f $document_root$fastcgi_script_name) {
return 404; return 404;
} }
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
}
location @rewrite {
# You have 2 options here
# For D7 and above:
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
}
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

51
install/rhel/7/templates/web/nginx/php-fpm/drupal8.stpl
View file

@ -31,51 +31,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
} }
location ~ [^/]\.php(/|$)|^/update.php { location ~ /vendor/.*\.php$ {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$; deny all;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404; return 404;
} }
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
}
location @rewrite {
# You have 2 options here
# For D7 and above:
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
}
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

52
install/rhel/7/templates/web/nginx/php-fpm/drupal8.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,51 +27,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
} }
location ~ [^/]\.php(/|$)|^/update.php { location ~ /vendor/.*\.php$ {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$; deny all;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404; return 404;
} }
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
}
location @rewrite {
# You have 2 options here
# For D7 and above:
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
}
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

1
install/ubuntu/12.04/nginx/nginx.conf
View file

@ -50,6 +50,7 @@ http {
# Compression # Compression
gzip on; gzip on;
gzip_vary on;
gzip_comp_level 9; gzip_comp_level 9;
gzip_min_length 512; gzip_min_length 512;
gzip_buffers 8 64k; gzip_buffers 8 64k;

2
install/ubuntu/12.04/sudo/admin
View file

@ -4,5 +4,5 @@ Defaults:admin !syslog
Defaults:admin !requiretty Defaults:admin !requiretty
Defaults:root !requiretty Defaults:root !requiretty
admin ALL=(ALL) ALL # sudo is limited to vesta scripts
admin ALL=NOPASSWD:/usr/local/vesta/bin/* admin ALL=NOPASSWD:/usr/local/vesta/bin/*

48
install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal6.stpl
View file

@ -31,48 +31,42 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location @rewrite {
# For Drupal 6 and bwlow:
# Some modules enforce no slash (/) at the end of the URL
# Else this rewrite block wouldn't be needed (GlobalRedirect)
rewrite ^/(.*)$ /index.php?q=$1; rewrite ^/(.*)$ /index.php?q=$1;
} }
location ~ ^/sites/.*/files/styles/ { location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
try_files $uri @rewrite; try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ ^/sites/.*/files/imagecache/ {
try_files $uri @rewrite;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
} }
error_page 403 /error/404.html; error_page 403 /error/404.html;

49
install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal6.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,48 +27,42 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location @rewrite {
# For Drupal 6 and bwlow:
# Some modules enforce no slash (/) at the end of the URL
# Else this rewrite block wouldn't be needed (GlobalRedirect)
rewrite ^/(.*)$ /index.php?q=$1; rewrite ^/(.*)$ /index.php?q=$1;
} }
location ~ ^/sites/.*/files/styles/ { location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
try_files $uri @rewrite; try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ ^/sites/.*/files/imagecache/ {
try_files $uri @rewrite;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
} }
error_page 403 /error/404.html; error_page 403 /error/404.html;

50
install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal7.stpl
View file

@ -31,50 +31,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
} }
location ~ [^/]\.php(/|$) { location ~ /vendor/.*\.php$ {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; deny all;
if (!-f $document_root$fastcgi_script_name) {
return 404; return 404;
} }
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
}
location @rewrite {
# You have 2 options here
# For D7 and above:
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
}
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

51
install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal7.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,50 +27,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
} }
location ~ [^/]\.php(/|$) { location ~ /vendor/.*\.php$ {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; deny all;
if (!-f $document_root$fastcgi_script_name) {
return 404; return 404;
} }
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
}
location @rewrite {
# You have 2 options here
# For D7 and above:
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
}
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

51
install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal8.stpl
View file

@ -31,51 +31,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
} }
location ~ [^/]\.php(/|$)|^/update.php { location ~ /vendor/.*\.php$ {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$; deny all;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404; return 404;
} }
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
}
location @rewrite {
# You have 2 options here
# For D7 and above:
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
}
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

52
install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal8.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,51 +27,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
} }
location ~ [^/]\.php(/|$)|^/update.php { location ~ /vendor/.*\.php$ {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$; deny all;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404; return 404;
} }
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
}
location @rewrite {
# You have 2 options here
# For D7 and above:
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
}
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

1
install/ubuntu/12.10/nginx/nginx.conf
View file

@ -50,6 +50,7 @@ http {
# Compression # Compression
gzip on; gzip on;
gzip_vary on;
gzip_comp_level 9; gzip_comp_level 9;
gzip_min_length 512; gzip_min_length 512;
gzip_buffers 8 64k; gzip_buffers 8 64k;

2
install/ubuntu/12.10/sudo/admin
View file

@ -4,5 +4,5 @@ Defaults:admin !syslog
Defaults:admin !requiretty Defaults:admin !requiretty
Defaults:root !requiretty Defaults:root !requiretty
admin ALL=(ALL) ALL # sudo is limited to vesta scripts
admin ALL=NOPASSWD:/usr/local/vesta/bin/* admin ALL=NOPASSWD:/usr/local/vesta/bin/*

48
install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal6.stpl
View file

@ -31,48 +31,42 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location @rewrite {
# For Drupal 6 and bwlow:
# Some modules enforce no slash (/) at the end of the URL
# Else this rewrite block wouldn't be needed (GlobalRedirect)
rewrite ^/(.*)$ /index.php?q=$1; rewrite ^/(.*)$ /index.php?q=$1;
} }
location ~ ^/sites/.*/files/styles/ { location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
try_files $uri @rewrite; try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ ^/sites/.*/files/imagecache/ {
try_files $uri @rewrite;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
} }
error_page 403 /error/404.html; error_page 403 /error/404.html;

49
install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal6.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,48 +27,42 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location @rewrite {
# For Drupal 6 and bwlow:
# Some modules enforce no slash (/) at the end of the URL
# Else this rewrite block wouldn't be needed (GlobalRedirect)
rewrite ^/(.*)$ /index.php?q=$1; rewrite ^/(.*)$ /index.php?q=$1;
} }
location ~ ^/sites/.*/files/styles/ { location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
try_files $uri @rewrite; try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ ^/sites/.*/files/imagecache/ {
try_files $uri @rewrite;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
} }
error_page 403 /error/404.html; error_page 403 /error/404.html;

50
install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal7.stpl
View file

@ -31,50 +31,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
} }
location ~ [^/]\.php(/|$) { location ~ /vendor/.*\.php$ {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; deny all;
if (!-f $document_root$fastcgi_script_name) {
return 404; return 404;
} }
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
}
location @rewrite {
# You have 2 options here
# For D7 and above:
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
}
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

51
install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal7.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,50 +27,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
} }
location ~ [^/]\.php(/|$) { location ~ /vendor/.*\.php$ {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; deny all;
if (!-f $document_root$fastcgi_script_name) {
return 404; return 404;
} }
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
}
location @rewrite {
# You have 2 options here
# For D7 and above:
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
}
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

51
install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal8.stpl
View file

@ -31,51 +31,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
} }
location ~ [^/]\.php(/|$)|^/update.php { location ~ /vendor/.*\.php$ {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$; deny all;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404; return 404;
} }
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
}
location @rewrite {
# You have 2 options here
# For D7 and above:
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
}
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

52
install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal8.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,51 +27,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
} }
location ~ [^/]\.php(/|$)|^/update.php { location ~ /vendor/.*\.php$ {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$; deny all;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404; return 404;
} }
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
}
location @rewrite {
# You have 2 options here
# For D7 and above:
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
}
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

1
install/ubuntu/13.04/nginx/nginx.conf
View file

@ -50,6 +50,7 @@ http {
# Compression # Compression
gzip on; gzip on;
gzip_vary on;
gzip_comp_level 9; gzip_comp_level 9;
gzip_min_length 512; gzip_min_length 512;
gzip_buffers 8 64k; gzip_buffers 8 64k;

2
install/ubuntu/13.04/sudo/admin
View file

@ -4,5 +4,5 @@ Defaults:admin !syslog
Defaults:admin !requiretty Defaults:admin !requiretty
Defaults:root !requiretty Defaults:root !requiretty
admin ALL=(ALL) ALL # sudo is limited to vesta scripts
admin ALL=NOPASSWD:/usr/local/vesta/bin/* admin ALL=NOPASSWD:/usr/local/vesta/bin/*

48
install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal6.stpl
View file

@ -31,48 +31,42 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location @rewrite {
# For Drupal 6 and bwlow:
# Some modules enforce no slash (/) at the end of the URL
# Else this rewrite block wouldn't be needed (GlobalRedirect)
rewrite ^/(.*)$ /index.php?q=$1; rewrite ^/(.*)$ /index.php?q=$1;
} }
location ~ ^/sites/.*/files/styles/ { location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
try_files $uri @rewrite; try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ ^/sites/.*/files/imagecache/ {
try_files $uri @rewrite;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
} }
error_page 403 /error/404.html; error_page 403 /error/404.html;

49
install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal6.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,48 +27,42 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location @rewrite {
# For Drupal 6 and bwlow:
# Some modules enforce no slash (/) at the end of the URL
# Else this rewrite block wouldn't be needed (GlobalRedirect)
rewrite ^/(.*)$ /index.php?q=$1; rewrite ^/(.*)$ /index.php?q=$1;
} }
location ~ ^/sites/.*/files/styles/ { location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
try_files $uri @rewrite; try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ ^/sites/.*/files/imagecache/ {
try_files $uri @rewrite;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
} }
error_page 403 /error/404.html; error_page 403 /error/404.html;

50
install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal7.stpl
View file

@ -31,50 +31,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
} }
location ~ [^/]\.php(/|$) { location ~ /vendor/.*\.php$ {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; deny all;
if (!-f $document_root$fastcgi_script_name) {
return 404; return 404;
} }
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
}
location @rewrite {
# You have 2 options here
# For D7 and above:
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
}
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

51
install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal7.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,50 +27,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
} }
location ~ [^/]\.php(/|$) { location ~ /vendor/.*\.php$ {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; deny all;
if (!-f $document_root$fastcgi_script_name) {
return 404; return 404;
} }
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
}
location @rewrite {
# You have 2 options here
# For D7 and above:
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
}
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

51
install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal8.stpl
View file

@ -31,51 +31,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
} }
location ~ [^/]\.php(/|$)|^/update.php { location ~ /vendor/.*\.php$ {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$; deny all;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404; return 404;
} }
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
}
location @rewrite {
# You have 2 options here
# For D7 and above:
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
}
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

52
install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal8.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,51 +27,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
} }
location ~ [^/]\.php(/|$)|^/update.php { location ~ /vendor/.*\.php$ {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$; deny all;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404; return 404;
} }
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
}
location @rewrite {
# You have 2 options here
# For D7 and above:
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
}
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

1
install/ubuntu/13.10/nginx/nginx.conf
View file

@ -50,6 +50,7 @@ http {
# Compression # Compression
gzip on; gzip on;
gzip_vary on;
gzip_comp_level 9; gzip_comp_level 9;
gzip_min_length 512; gzip_min_length 512;
gzip_buffers 8 64k; gzip_buffers 8 64k;

2
install/ubuntu/13.10/sudo/admin
View file

@ -4,5 +4,5 @@ Defaults:admin !syslog
Defaults:admin !requiretty Defaults:admin !requiretty
Defaults:root !requiretty Defaults:root !requiretty
admin ALL=(ALL) ALL # sudo is limited to vesta scripts
admin ALL=NOPASSWD:/usr/local/vesta/bin/* admin ALL=NOPASSWD:/usr/local/vesta/bin/*

48
install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal6.stpl
View file

@ -31,48 +31,42 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location @rewrite {
# For Drupal 6 and bwlow:
# Some modules enforce no slash (/) at the end of the URL
# Else this rewrite block wouldn't be needed (GlobalRedirect)
rewrite ^/(.*)$ /index.php?q=$1; rewrite ^/(.*)$ /index.php?q=$1;
} }
location ~ ^/sites/.*/files/styles/ { location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
try_files $uri @rewrite; try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ ^/sites/.*/files/imagecache/ {
try_files $uri @rewrite;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
} }
error_page 403 /error/404.html; error_page 403 /error/404.html;

49
install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal6.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,48 +27,42 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location @rewrite {
# For Drupal 6 and bwlow:
# Some modules enforce no slash (/) at the end of the URL
# Else this rewrite block wouldn't be needed (GlobalRedirect)
rewrite ^/(.*)$ /index.php?q=$1; rewrite ^/(.*)$ /index.php?q=$1;
} }
location ~ ^/sites/.*/files/styles/ { location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
try_files $uri @rewrite; try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ ^/sites/.*/files/imagecache/ {
try_files $uri @rewrite;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
} }
error_page 403 /error/404.html; error_page 403 /error/404.html;

50
install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal7.stpl
View file

@ -31,50 +31,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
} }
location ~ [^/]\.php(/|$) { location ~ /vendor/.*\.php$ {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; deny all;
if (!-f $document_root$fastcgi_script_name) {
return 404; return 404;
} }
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
}
location @rewrite {
# You have 2 options here
# For D7 and above:
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
}
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

51
install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal7.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,50 +27,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
} }
location ~ [^/]\.php(/|$) { location ~ /vendor/.*\.php$ {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; deny all;
if (!-f $document_root$fastcgi_script_name) {
return 404; return 404;
} }
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
}
location @rewrite {
# You have 2 options here
# For D7 and above:
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
}
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

51
install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal8.stpl
View file

@ -31,51 +31,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
} }
location ~ [^/]\.php(/|$)|^/update.php { location ~ /vendor/.*\.php$ {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$; deny all;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404; return 404;
} }
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
}
location @rewrite {
# You have 2 options here
# For D7 and above:
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
}
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

52
install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal8.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,51 +27,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
} }
location ~ [^/]\.php(/|$)|^/update.php { location ~ /vendor/.*\.php$ {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$; deny all;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404; return 404;
} }
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
}
location @rewrite {
# You have 2 options here
# For D7 and above:
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
}
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

1
install/ubuntu/14.04/nginx/nginx.conf
View file

@ -50,6 +50,7 @@ http {
# Compression # Compression
gzip on; gzip on;
gzip_vary on;
gzip_comp_level 9; gzip_comp_level 9;
gzip_min_length 512; gzip_min_length 512;
gzip_buffers 8 64k; gzip_buffers 8 64k;

2
install/ubuntu/14.04/sudo/admin
View file

@ -4,5 +4,5 @@ Defaults:admin !syslog
Defaults:admin !requiretty Defaults:admin !requiretty
Defaults:root !requiretty Defaults:root !requiretty
admin ALL=(ALL) ALL # sudo is limited to vesta scripts
admin ALL=NOPASSWD:/usr/local/vesta/bin/* admin ALL=NOPASSWD:/usr/local/vesta/bin/*

48
install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal6.stpl
View file

@ -31,48 +31,42 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location @rewrite {
# For Drupal 6 and bwlow:
# Some modules enforce no slash (/) at the end of the URL
# Else this rewrite block wouldn't be needed (GlobalRedirect)
rewrite ^/(.*)$ /index.php?q=$1; rewrite ^/(.*)$ /index.php?q=$1;
} }
location ~ ^/sites/.*/files/styles/ { location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
try_files $uri @rewrite; try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ ^/sites/.*/files/imagecache/ {
try_files $uri @rewrite;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
} }
error_page 403 /error/404.html; error_page 403 /error/404.html;

49
install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal6.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,48 +27,42 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location @rewrite {
# For Drupal 6 and bwlow:
# Some modules enforce no slash (/) at the end of the URL
# Else this rewrite block wouldn't be needed (GlobalRedirect)
rewrite ^/(.*)$ /index.php?q=$1; rewrite ^/(.*)$ /index.php?q=$1;
} }
location ~ ^/sites/.*/files/styles/ { location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
try_files $uri @rewrite; try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ ^/sites/.*/files/imagecache/ {
try_files $uri @rewrite;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
} }
error_page 403 /error/404.html; error_page 403 /error/404.html;

50
install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal7.stpl
View file

@ -31,50 +31,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
} }
location ~ [^/]\.php(/|$) { location ~ /vendor/.*\.php$ {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; deny all;
if (!-f $document_root$fastcgi_script_name) {
return 404; return 404;
} }
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
}
location @rewrite {
# You have 2 options here
# For D7 and above:
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
}
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

51
install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal7.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,50 +27,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
} }
location ~ [^/]\.php(/|$) { location ~ /vendor/.*\.php$ {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; deny all;
if (!-f $document_root$fastcgi_script_name) {
return 404; return 404;
} }
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
}
location @rewrite {
# You have 2 options here
# For D7 and above:
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
}
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

51
install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal8.stpl
View file

@ -31,51 +31,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
} }
location ~ [^/]\.php(/|$)|^/update.php { location ~ /vendor/.*\.php$ {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$; deny all;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404; return 404;
} }
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
}
location @rewrite {
# You have 2 options here
# For D7 and above:
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
}
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

52
install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal8.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,51 +27,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
} }
location ~ [^/]\.php(/|$)|^/update.php { location ~ /vendor/.*\.php$ {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$; deny all;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404; return 404;
} }
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
}
location @rewrite {
# You have 2 options here
# For D7 and above:
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
}
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

1
install/ubuntu/14.10/nginx/nginx.conf
View file

@ -50,6 +50,7 @@ http {
# Compression # Compression
gzip on; gzip on;
gzip_vary on;
gzip_comp_level 9; gzip_comp_level 9;
gzip_min_length 512; gzip_min_length 512;
gzip_buffers 8 64k; gzip_buffers 8 64k;

Some files were not shown because too many files have changed in this diff Show more