github/torrentpier
1
0
Fork 0
mirror of https://github.com/torrentpier/torrentpier synced 2025-08-14 18:48:21 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Расширяем gitignore + защита .git

Browse source 
Добавляем некоторые используемые расширения в .gitignore + дополнительные правила для сервера (запрет на доступ к папке .git извне).
This commit is contained in:
Exile 2014-10-29 20:12:18 +03:00
commit 6e7595b686
3 changed files with 59 additions and 32 deletions
Download patch file Download diff file Expand all files Collapse all files

16
.gitignore vendored
View file

@ -1,3 +1,4 @@
### TorrentPier ###
.idea/
data/avatars/**/
data/old_files/
@ -10,9 +11,24 @@ internal_data/log/
internal_data/sitemap/*.xml
internal_data/triggers/
### Archives ###
*.log
*.zip
*.rar
*.tar
*.gz
*.torrent
### Windows ###
Thumbs.db
Desktop.ini
$RECYCLE.BIN/
*.lnk
### OSX ###
.DS_Store
.AppleDouble
.LSOverride
._*
.Spotlight-V100
.Trashes

19
.htaccess
View file

@ -1,13 +1,18 @@
## Set charset server
## set default server charset
AddDefaultCharset UTF-8
## Access control
## folder listing access control
Options All -Indexes
<FilesMatch "\.(.*sql|tpl|inc|db|log|md)|(config|common).php$">
deny from all
</FilesMatch>
## sitemap and atom rewrite
RewriteEngine On
RewriteRule ^sitemap.xml$ internal_data/sitemap/sitemap.xml [L]
RewriteRule ^/internal_data/atom/(.*) /atom$1 [L]
RewriteRule ^/internal_data/atom/(.*) /atom$1 [L]
## deny access to git folder
RedirectMatch 404 /\\.git(/|$)
## deny access to system files
<FilesMatch "\.(.*sql|tpl|db|inc|log|md)|(config|common).php$">
deny from all
</FilesMatch>

56
install/php-fpm+nginx/nginx.conf
View file

@ -1,5 +1,5 @@
user www www;
worker_processes 4;
user www www;
worker_processes auto;
#error_log /var/log/nginx/error.log;
#error_log /var/log/nginx/error.log notice;
@ -41,9 +41,9 @@ http {
keepalive_timeout 65;
limit_req_zone $binary_remote_addr zone=one:16m rate=5r/s;
limit_req_zone $binary_remote_addr zone=one:16m rate=5r/s;
gzip on;
gzip on;
gzip_vary on;
gzip_min_length 2048;
gzip_comp_level 5;
@ -69,14 +69,13 @@ http {
location / {
root /var/www;
index index.html index.htm index.php;
index index.php index.html index.htm;
}
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
# pass the PHP scripts to FastCGI server listening on /tmp/php.sock;
#
# pass the PHP scripts to FastCGI server listening on /tmp/php.sock
location ~ \.php$ {
#limit_req zone=one burst=20 nodelay;
#limit_req_log_level info;
@ -97,7 +96,7 @@ http {
include fastcgi_params;
}
# Old XBTT config
# rewrite to XBTT (old)
# location ^~ /bt/ {
# access_log off;
# if ( $query_string ~ "^uk=([^&?]{10})[&?]+(.*)$" ) {
@ -115,34 +114,41 @@ http {
# proxy_pass http://127.0.0.1:2710/;
# }
# Cached Images
# cache static files
location ~* \.(jpg|jpeg|gif|png|css|js|ico)$ {
root /var/www;
access_log off;
expires 30d;
add_header Cache-Control public;
}
location ~ \/admin|backup\/ {
deny all;
#allow YOUR_IP;
}
# Deny folder (Sec. lvl1)
location ~ \/(install|internal_data|library)\/ {
deny all;
add_header Cache-Control public;
}
# sitemap rewrite
rewrite ^/sitemap.xml$ /internal_data/sitemap/sitemap.xml;
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
# deny sql,tpl,db,inc,log
location ~ /\.ht {
deny all;
# deny access to admin folder
location ~ \/admin|backup\/ {
deny all;
#allow YOUR_IP;
}
# deny access to system folder
location ~ \/(install|internal_data|library)\/ {
deny all;
}
# deny access to git folder
location ~ /\.git {
deny all;
}
# deny access to .htaccess, if apache's document root concurs with nginx's one
location ~ /\.ht {
deny all;
}
# deny access to critical files
location ~ \.(.*sql|tpl|db|inc|log|md)$ {
deny all;
deny all;
}
}
}