github/torrentpier
1
0
Fork 0
mirror of https://github.com/torrentpier/torrentpier synced 2025-08-20 13:24:01 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Расширяем gitignore + защита .git

Browse source 
Добавляем некоторые используемые расширения в .gitignore + дополнительные правила для сервера (запрет на доступ к папке .git извне).
This commit is contained in:
Exile 2014-10-29 20:12:18 +03:00
commit 6e7595b686
3 changed files with 59 additions and 32 deletions
Download patch file Download diff file Expand all files Collapse all files

16
.gitignore vendored
View file

@ -1,3 +1,4 @@
### TorrentPier ###
.idea/ .idea/
data/avatars/**/ data/avatars/**/
data/old_files/ data/old_files/
@ -10,9 +11,24 @@ internal_data/log/
internal_data/sitemap/*.xml internal_data/sitemap/*.xml
internal_data/triggers/ internal_data/triggers/
### Archives ###
*.log *.log
*.zip *.zip
*.rar *.rar
*.tar *.tar
*.gz *.gz
*.torrent *.torrent
### Windows ###
Thumbs.db
Desktop.ini
$RECYCLE.BIN/
*.lnk
### OSX ###
.DS_Store
.AppleDouble
.LSOverride
._*
.Spotlight-V100
.Trashes

19
.htaccess
View file

@ -1,13 +1,18 @@
## Set charset server ## set default server charset
AddDefaultCharset UTF-8 AddDefaultCharset UTF-8
## Access control ## folder listing access control
Options All -Indexes Options All -Indexes
<FilesMatch "\.(.*sql|tpl|inc|db|log|md)|(config|common).php$"> ## sitemap and atom rewrite
deny from all
</FilesMatch>
RewriteEngine On RewriteEngine On
RewriteRule ^sitemap.xml$ internal_data/sitemap/sitemap.xml [L] RewriteRule ^sitemap.xml$ internal_data/sitemap/sitemap.xml [L]
RewriteRule ^/internal_data/atom/(.*) /atom$1 [L] RewriteRule ^/internal_data/atom/(.*) /atom$1 [L]
## deny access to git folder
RedirectMatch 404 /\\.git(/|$)
## deny access to system files
<FilesMatch "\.(.*sql|tpl|db|inc|log|md)|(config|common).php$">
deny from all
</FilesMatch>

56
install/php-fpm+nginx/nginx.conf
View file

@ -1,5 +1,5 @@
user www www; user www www;
worker_processes 4; worker_processes auto;
#error_log /var/log/nginx/error.log; #error_log /var/log/nginx/error.log;
#error_log /var/log/nginx/error.log notice; #error_log /var/log/nginx/error.log notice;
@ -41,9 +41,9 @@ http {
keepalive_timeout 65; keepalive_timeout 65;
limit_req_zone $binary_remote_addr zone=one:16m rate=5r/s; limit_req_zone $binary_remote_addr zone=one:16m rate=5r/s;
gzip on; gzip on;
gzip_vary on; gzip_vary on;
gzip_min_length 2048; gzip_min_length 2048;
gzip_comp_level 5; gzip_comp_level 5;
@ -69,14 +69,13 @@ http {
location / { location / {
root /var/www; root /var/www;
index index.html index.htm index.php; index index.php index.html index.htm;
} }
error_page 404 /404.html; error_page 404 /404.html;
error_page 500 502 503 504 /50x.html; error_page 500 502 503 504 /50x.html;
# pass the PHP scripts to FastCGI server listening on /tmp/php.sock; # pass the PHP scripts to FastCGI server listening on /tmp/php.sock
#
location ~ \.php$ { location ~ \.php$ {
#limit_req zone=one burst=20 nodelay; #limit_req zone=one burst=20 nodelay;
#limit_req_log_level info; #limit_req_log_level info;
@ -97,7 +96,7 @@ http {
include fastcgi_params; include fastcgi_params;
} }
# Old XBTT config # rewrite to XBTT (old)
# location ^~ /bt/ { # location ^~ /bt/ {
# access_log off; # access_log off;
# if ( $query_string ~ "^uk=([^&?]{10})[&?]+(.*)$" ) { # if ( $query_string ~ "^uk=([^&?]{10})[&?]+(.*)$" ) {
@ -115,34 +114,41 @@ http {
# proxy_pass http://127.0.0.1:2710/; # proxy_pass http://127.0.0.1:2710/;
# } # }
# Cached Images # cache static files
location ~* \.(jpg|jpeg|gif|png|css|js|ico)$ { location ~* \.(jpg|jpeg|gif|png|css|js|ico)$ {
root /var/www; root /var/www;
access_log off; access_log off;
expires 30d; expires 30d;
add_header Cache-Control public; add_header Cache-Control public;
}
location ~ \/admin|backup\/ {
deny all;
#allow YOUR_IP;
}
# Deny folder (Sec. lvl1)
location ~ \/(install|internal_data|library)\/ {
deny all;
} }
# sitemap rewrite # sitemap rewrite
rewrite ^/sitemap.xml$ /internal_data/sitemap/sitemap.xml; rewrite ^/sitemap.xml$ /internal_data/sitemap/sitemap.xml;
# deny access to .htaccess files, if Apache's document root # deny access to admin folder
# concurs with nginx's one location ~ \/admin|backup\/ {
# deny sql,tpl,db,inc,log deny all;
location ~ /\.ht { #allow YOUR_IP;
deny all;
} }
# deny access to system folder
location ~ \/(install|internal_data|library)\/ {
deny all;
}
# deny access to git folder
location ~ /\.git {
deny all;
}
# deny access to .htaccess, if apache's document root concurs with nginx's one
location ~ /\.ht {
deny all;
}
# deny access to critical files
location ~ \.(.*sql|tpl|db|inc|log|md)$ { location ~ \.(.*sql|tpl|db|inc|log|md)$ {
deny all; deny all;
} }
} }
} }