Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- >nginx: [warn] could not build optimal proxy_headers_hash, you should increase either >proxy_headers_hash_max_size: 512 or proxy_headers_hash_bucket_size: 64; ignoring >proxy_headers_hash_bucket_size
- >nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
- >nginx: configuration file /etc/nginx/nginx.conf test is successful
- >######## # configuration file /etc/nginx/nginx.conf:
- >user nginx nginx;
- >worker_processes auto;
- >worker_rlimit_nofile 8192;
- >error_log /var/log/nginx/error.log notice;
- >pid /var/run/nginx.pid;
- >include /usr/share/nginx/modules/*.conf;
- >events {
- > worker_connections 1024;
- > use epoll;
- >}
- >http {
- >upstream php-fpm {
- > server unix:/run/php-fpm/www.sock;
- >}
- > server_names_hash_max_size 2048;
- > server_tokens off;
- > more_set_headers 'Server:';
- > vhost_traffic_status_zone;
- > include /etc/nginx/mime.types;
- > default_type application/octet-stream;
- > log_format main '$remote_addr - $remote_user [$time_local] "$request" '
- > '$status $body_bytes_sent "$http_referer" '
- > '"$http_user_agent" "$http_x_forwarded_for" '
- > '$request_time $upstream_response_time $pipe';
- > disable_symlinks if_not_owner;
- > sendfile on;
- > tcp_nopush on;
- > tcp_nodelay on;
- > types_hash_max_size 2048;
- > variables_hash_max_size 1024;
- > variables_hash_bucket_size 128;
- > keepalive_requests 150;
- > keepalive_timeout 15;
- > client_body_temp_path /var/lib/nginx/cache/client_body 1 2;
- > client_max_body_size 192m;
- > client_body_buffer_size 2048k;
- > client_body_timeout 30s;
- > client_header_timeout 30s;
- > gzip on;
- > gzip_disable "MSIE [1-6]\.";
- > gzip_static on;
- > gzip_comp_level 9;
- > gzip_http_version 1.1;
- > gzip_proxied any;
- > gzip_vary on;
- > gzip_buffers 16 8k;
- > gzip_min_length 1100;
- > gzip_types
- >[content redacted]
- > brotli on;
- > brotli_static on;
- > brotli_buffers 16 8k;
- > brotli_comp_level 6;
- > brotli_types
- >[content redacted]
- > index index.html index.php;
- > charset UTF-8;
- >######## # ignore_invalid_headers on;
- > proxy_cache_path /var/lib/nginx/cache/proxy levels=1:2 keys_zone=PROXYCACHE:100m max_size=200m >inactive=60m;
- > proxy_temp_path /var/lib/nginx/cache/proxy_tmp;
- > proxy_connect_timeout 30;
- > proxy_read_timeout 300;
- > proxy_send_timeout 300;
- > proxy_buffers 16 32k;
- > proxy_buffering on;
- > proxy_buffer_size 64k;
- > proxy_busy_buffers_size 96k;
- > proxy_temp_file_write_size 96k;
- >######## # proxy_cache_key "$scheme://$host$request_uri";
- > fastcgi_cache_path /var/lib/nginx/cache/fastcgi levels=1:2 keys_zone=FCGICACHE:100m max_size=200m >inactive=60m;
- > fastcgi_temp_path /var/lib/nginx/cache/fastcgi_tmp;
- >######## # fastcgi_cache_key "$scheme$request_method$host$request_uri";
- >######## # fastcgi_cache_use_stale error timeout invalid_header http_500;
- > fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
- > fastcgi_send_timeout 300;
- > fastcgi_read_timeout 300;
- > fastcgi_buffers 8 256k;
- > fastcgi_buffer_size 256k;
- > fastcgi_busy_buffers_size 256k;
- > fastcgi_index index.php;
- > include fastcgi_params;
- > fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
- > limit_req_zone $binary_remote_addr zone=wplogin:50m rate=20r/m;
- >######## # upstream php {
- >######## # server 127.0.0.1:9000;
- >######## # }
- >######## # server {
- >######## # listen 80;
- >######## # server_name _;
- >######## # root /usr/share/nginx/html;
- >######## # access_log /var/log/nginx/default-access_log;
- >######## # error_log /var/log/nginx/default-error_log warn;
- >######## # server_name_in_redirect off;
- >######## # include conf.d/custom/restrictions.conf;
- >######## # include conf.d/custom/fpm-default.conf;
- >######## # }
- > include /etc/nginx/conf.d/vhosts/*.conf;
- > include /etc/nginx/conf.d/custom/blacklist.conf;
- > include /etc/nginx/conf.d/custom/cloudflare.conf;
- >}
- >######## # configuration file /etc/nginx/mime.types:
- >[contents redacted]
- >######## # configuration file /etc/nginx/fastcgi_params:
- >fastcgi_param QUERY_STRING $query_string;
- >fastcgi_param REQUEST_METHOD $request_method;
- >fastcgi_param CONTENT_TYPE $content_type;
- >fastcgi_param CONTENT_LENGTH $content_length;
- >fastcgi_param SCRIPT_NAME $fastcgi_script_name;
- >fastcgi_param REQUEST_URI $request_uri;
- >fastcgi_param DOCUMENT_URI $document_uri;
- >fastcgi_param DOCUMENT_ROOT $document_root;
- >fastcgi_param SERVER_PROTOCOL $server_protocol;
- >fastcgi_param REQUEST_SCHEME $scheme;
- >fastcgi_param HTTPS $https if_not_empty;
- >fastcgi_param GATEWAY_INTERFACE CGI/1.1;
- >fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
- >fastcgi_param REMOTE_ADDR $remote_addr;
- >fastcgi_param REMOTE_PORT $remote_port;
- >fastcgi_param SERVER_ADDR $server_addr;
- >fastcgi_param SERVER_PORT $server_port;
- >fastcgi_param SERVER_NAME $server_name;
- >######## # PHP only, required if PHP was built with --enable-force-cgi-redirect
- >fastcgi_param REDIRECT_STATUS 200;
- >######## # configuration file /etc/nginx/conf.d/vhosts/test.conf:
- >server {
- >listen 80 default_server;
- >listen [::]:80 default_server;
- >server_name test.domain.com www.test.domain.com;
- >return 302 https://test.domain.com$request_uri;
- >return 302 https://test.domain.com$request_uri;
- >#location / {
- >proxy_set_header HOST $host;
- >proxy_set_header X-Forwarded-Proto $scheme;
- >proxy_set_header X-FOWARDED-PROTO $scheme;
- >proxy_set_header X-Real-IP $remote_addr;
- >proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- >error_log /etc/nginx/log/test.log warn;
- >######## #proxy_pass http://127.0.0.1:2368;
- >######## #proxy_pass $targetBackend;
- >######## #proxy_connect_timeout 1s;
- >######## #proxy_timeout 3s;
- >######## #resolver 1.1.1.1;
- >######## #ssl_preread on;
- >######## #}
- >}
- >server {
- >listen 443 ssl http2;
- >listen [::]:443 ssl http2;
- >server_name test.domain.com;
- >ssl_certificate /var/www/test.pem;
- >ssl_certificate_key /etc/nginx/ssl/test.key;
- >#ssl_certificate $targetCert;
- >#ssl_certificate_key $targetCertKey;
- >error_log /etc/nginx/log/test-ssl.log warn;
- >location / {
- >proxy_set_header Host $host;
- >proxy_set_header X-Forwarded-Proto $scheme;
- >proxy_set_header X-FORWARDED-PROTO $scheme;
- >proxy_set_header X-Real-IP $remote_addr;
- >proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- >proxy_pass http://127.0.0.1:2368;
- >#proxy_pass $targetBackend;
- >#proxy_connect_timeout 1s;
- >#proxy_timeout 3s;
- >#resolver 1.1.1.1;
- >#ssl_preread on;
- >}
- > if ($bad_bot) { return 444; }
- > set $fpmuser www;
- > include conf.d/custom/ssl.global.conf;
- > include conf.d/custom/restrictions-users.conf;
- > #include conf.d/custom/pagespeed.conf;
- >}
- >######## # configuration file /etc/nginx/conf.d/custom/ssl.global.conf:
- >#ssl_certificate /etc/letsencrypt/live/domain/fullchain.pem;
- >#ssl_certificate_key /etc/letsencrypt/live/domain/privkey.pem;
- >ssl_certificate /var/www/test.pem;
- >ssl_certificate_key /etc/nginx/ssl/test.key;
- >ssl_dhparam /etc/nginx/ssl/dhparam.pem;
- >ssl_session_timeout 4h;
- >ssl_session_cache shared:SSL:20m;
- >ssl_session_tickets off;
- >ssl_protocols TLSv1.2 TLSv1.3;
- >ssl_prefer_server_ciphers on;
- >ssl_ecdh_curve X25519:P-256:P-384:P-224:P-521;
- >ssl_buffer_size 1400;
- >ssl_stapling on;
- >ssl_stapling_verify on;
- >ssl_trusted_certificate /var/www/ca.pem;
- >resolver 1.1.1.1 8.8.8.8 valid=300s;
- >resolver_timeout 5s;
- >#add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
- >#add_header X-Frame-Options SAMEORIGIN;
- >add_header X-Content-Type-Options nosniff;
- >######## # Modern compatibility
- >ssl_ciphers TLS13-AES-128-GCM-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:ECDHE->ECDSA->AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20- >POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384;
- >######## # configuration file /etc/nginx/conf.d/custom/restrictions-users.conf:
- >location ~ ^/(favicon|apple-touch-icon|browserconfig|mstile)(.*)\.(png|xml|ico)$ {
- > log_not_found off;
- > access_log off;
- >}
- >location = /robots.txt {
- > allow all;
- > log_not_found off;
- > access_log off;
- >}
- >location ~ /\. {
- > deny all;
- > access_log off;
- >}
- >location ^~ /.well-known/ {
- > try_files $uri $uri/ =404;
- >}
- >location /nginx_status {
- > stub_status on;
- > access_log off;
- > include conf.d/custom/admin-ips.conf; deny all;
- >}
- >location /traffic_status {
- > vhost_traffic_status_display;
- > vhost_traffic_status_display_format html;
- > brotli off;
- >access_log off;
- >include conf.d/custom/admin-ips.conf; deny all;
- >}
- >location ~ ^/(status|ping)$ {
- > fastcgi_pass unix:/run/php-fpm/$fpmuser.sock;
- > access_log off;
- > include conf.d/custom/admin-ips.conf; deny all;
- >}
- >location ~ ^/(wp-login.php|xmlrpc.php)$ {
- > limit_req zone=wplogin burst=3 nodelay;
- > limit_req_status 444;
- > error_log /dev/null crit;
- > access_log off;
- > log_not_found off;
- > try_files $uri =404;
- > fastcgi_split_path_info ^(.+\.php)(/.+)$;
- > fastcgi_pass unix:/run/php-fpm/$fpmuser.sock;
- >}
- >######## # configuration file /etc/nginx/conf.d/custom/admin-ips.conf:
- >#include conf.d/custom/aerisnetwork-ips; ## Quick allow Aeris Network IPs
- >allow 127.0.0.1;
- >######## # configuration file /etc/nginx/conf.d/vhosts/invoicep.conf:
- >server {
- >listen 80;
- >listen [::]:80;
- >server_name invoice.domain.com www.invoice.domain.com;
- >#return 302 https://invoice.domain.com$request_uri;
- >######## # if ($scheme = http) {
- >######## # rewrite ^/(.*)$ https://invoice.domain.com/$1;
- >######## # }
- > if ($scheme = "http") {
- > >return 302 https://$server_name$request_uri;
- > }
- >######## #location /blog {
- >######## # rewrite ^/blog(/.*)?$ http://blog.<redacted>.com/$1;}
- >error_log /etc/nginx/log/invoice.log warn;
- >}
- >server {
- >listen 443 ssl http2;
- >listen [::]:443 ssl http2;
- >server_name invoice.domain.com www.invoice.domain.com;
- >root /var/www/invoicep;
- >index index.php index.html index.htm;
- >client_max_body_size 100M;
- >ssl_certificate /var/www/test.pem;
- >ssl_certificate_key /etc/nginx/ssl/test.key;
- >error_log /etc/nginx/log/invoice-ssl.log warn;
- >gzip on;
- >gzip_types application/javascript application/x-javascript text/javascript text/plain application/xml >application/json;
- >gzip_proxied no-cache no-store private expired auth;
- >gzip_min_length 1000;
- >location = /validation-file {
- > types {}
- > default_type text/html;
- >}
- >location = /index.php { }
- >location / {
- > if (!-e $request_filename){ rewrite ^(.*)$ /index.php break;}
- >location / {
- > try_files $uri $uri/ /index.php?q=$uri&$args;
- > }
- > location ~ \.php$ {
- >satisfy any;
- >allow all;
- > fastcgi_split_path_info ^(.+\.php)(/.*)$;
- >######## # include snippets/fastcgi-php.conf;
- > fastcgi_split_path_info ^(.+\.php)(/.*)$;
- > fastcgi_index index.php;
- > fastcgi_pass unix:/var/run/php/php8-fpm.sock;
- > fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
- >######## # include fastcgi_params;
- > fastcgi_param HTTPS on;
- > }
- >location ~* \.pdf$ {
- > add_header Cache-Control no-store;
- >}
- >######## #if (!-e $request_filename) {
- >######## # rewrite ^(.+)$ /index.php?q= last;
- >######## #}
- >location ~* /storage/.*\.php$ {
- > return 503;
- >}
- >######## #location ~ \.php$ {
- >######## #include fastcgi_params;
- >######## #fastcgi_intercept_errors on;
- >######## #fastcgi_pass unix:/run/php/php-fpm.sock;
- >######## #}
- >######## #location ~ /\.ht {
- >######## # deny all;
- >######## #}
- >}
- >}
- >######## # configuration file /etc/nginx/conf.d/custom/blacklist.conf:
- >[contents redacted]
- >######## # configuration file /etc/nginx/conf.d/custom/cloudflare.conf:
- >[contents redacted]`
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement