diff --git a/.gitignore b/.gitignore
index c579f6a00..c9080af50 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,4 @@
+### TorrentPier ###
.idea/
data/avatars/**/
data/old_files/
@@ -10,9 +11,24 @@ internal_data/log/
internal_data/sitemap/*.xml
internal_data/triggers/
+### Archives ###
*.log
*.zip
*.rar
*.tar
*.gz
*.torrent
+
+### Windows ###
+Thumbs.db
+Desktop.ini
+$RECYCLE.BIN/
+*.lnk
+
+### OSX ###
+.DS_Store
+.AppleDouble
+.LSOverride
+._*
+.Spotlight-V100
+.Trashes
\ No newline at end of file
diff --git a/.htaccess b/.htaccess
index 114882bd0..8298e9bdd 100644
--- a/.htaccess
+++ b/.htaccess
@@ -1,13 +1,18 @@
-## Set charset server
+## set default server charset
AddDefaultCharset UTF-8
-## Access control
+## folder listing access control
Options All -Indexes
-
-deny from all
-
-
+## sitemap and atom rewrite
RewriteEngine On
RewriteRule ^sitemap.xml$ internal_data/sitemap/sitemap.xml [L]
-RewriteRule ^/internal_data/atom/(.*) /atom$1 [L]
\ No newline at end of file
+RewriteRule ^/internal_data/atom/(.*) /atom$1 [L]
+
+## deny access to git folder
+RedirectMatch 404 /\\.git(/|$)
+
+## deny access to system files
+
+deny from all
+
\ No newline at end of file
diff --git a/install/php-fpm+nginx/nginx.conf b/install/php-fpm+nginx/nginx.conf
index f7bdb0020..1e24a39a0 100644
--- a/install/php-fpm+nginx/nginx.conf
+++ b/install/php-fpm+nginx/nginx.conf
@@ -1,5 +1,5 @@
-user www www;
-worker_processes 4;
+user www www;
+worker_processes auto;
#error_log /var/log/nginx/error.log;
#error_log /var/log/nginx/error.log notice;
@@ -41,9 +41,9 @@ http {
keepalive_timeout 65;
- limit_req_zone $binary_remote_addr zone=one:16m rate=5r/s;
+ limit_req_zone $binary_remote_addr zone=one:16m rate=5r/s;
- gzip on;
+ gzip on;
gzip_vary on;
gzip_min_length 2048;
gzip_comp_level 5;
@@ -69,14 +69,13 @@ http {
location / {
root /var/www;
- index index.html index.htm index.php;
+ index index.php index.html index.htm;
}
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
- # pass the PHP scripts to FastCGI server listening on /tmp/php.sock;
- #
+ # pass the PHP scripts to FastCGI server listening on /tmp/php.sock
location ~ \.php$ {
#limit_req zone=one burst=20 nodelay;
#limit_req_log_level info;
@@ -97,7 +96,7 @@ http {
include fastcgi_params;
}
- # Old XBTT config
+ # rewrite to XBTT (old)
# location ^~ /bt/ {
# access_log off;
# if ( $query_string ~ "^uk=([^&?]{10})[&?]+(.*)$" ) {
@@ -115,34 +114,41 @@ http {
# proxy_pass http://127.0.0.1:2710/;
# }
- # Cached Images
+ # cache static files
location ~* \.(jpg|jpeg|gif|png|css|js|ico)$ {
root /var/www;
access_log off;
expires 30d;
- add_header Cache-Control public;
- }
-
- location ~ \/admin|backup\/ {
- deny all;
- #allow YOUR_IP;
- }
- # Deny folder (Sec. lvl1)
- location ~ \/(install|internal_data|library)\/ {
- deny all;
+ add_header Cache-Control public;
}
# sitemap rewrite
rewrite ^/sitemap.xml$ /internal_data/sitemap/sitemap.xml;
- # deny access to .htaccess files, if Apache's document root
- # concurs with nginx's one
- # deny sql,tpl,db,inc,log
- location ~ /\.ht {
- deny all;
+ # deny access to admin folder
+ location ~ \/admin|backup\/ {
+ deny all;
+ #allow YOUR_IP;
}
+
+ # deny access to system folder
+ location ~ \/(install|internal_data|library)\/ {
+ deny all;
+ }
+
+ # deny access to git folder
+ location ~ /\.git {
+ deny all;
+ }
+
+ # deny access to .htaccess, if apache's document root concurs with nginx's one
+ location ~ /\.ht {
+ deny all;
+ }
+
+ # deny access to critical files
location ~ \.(.*sql|tpl|db|inc|log|md)$ {
- deny all;
+ deny all;
}
}
}
\ No newline at end of file