Advertisement
paster00100

Untitled

Nov 30th, 2023
169
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Nginx 13.78 KB | None | 0 0
  1. >nginx: [warn] could not build optimal proxy_headers_hash, you should increase either   >proxy_headers_hash_max_size: 512 or proxy_headers_hash_bucket_size: 64; ignoring   >proxy_headers_hash_bucket_size  
  2.   >nginx: the configuration file /etc/nginx/nginx.conf syntax is ok  
  3.   >nginx: configuration file /etc/nginx/nginx.conf test is successful  
  4.   >######## # configuration file /etc/nginx/nginx.conf:  
  5.   >user nginx nginx;  
  6.   >worker_processes auto;  
  7.   >worker_rlimit_nofile 8192;  
  8.   >error_log /var/log/nginx/error.log notice;  
  9.   >pid /var/run/nginx.pid;  
  10.   >include /usr/share/nginx/modules/*.conf;  
  11.   >events {  
  12.   >        worker_connections 1024;  
  13.   >        use epoll;  
  14.   >}  
  15.   >http {  
  16.   >upstream php-fpm {  
  17.   >        server unix:/run/php-fpm/www.sock;  
  18.   >}  
  19.   >        server_names_hash_max_size 2048;  
  20.   >        server_tokens off;  
  21.   >        more_set_headers 'Server:';  
  22.   >        vhost_traffic_status_zone;  
  23.   >        include /etc/nginx/mime.types;  
  24.   >        default_type application/octet-stream;  
  25.   >        log_format      main    '$remote_addr - $remote_user [$time_local] "$request" '  
  26.   >                                                '$status $body_bytes_sent "$http_referer" '  
  27.   >                                                '"$http_user_agent" "$http_x_forwarded_for" '  
  28.   >                                                '$request_time $upstream_response_time $pipe';  
  29.   >        disable_symlinks if_not_owner;  
  30.   >        sendfile on;  
  31.   >        tcp_nopush on;
  32.   >        tcp_nodelay on;  
  33.   >        types_hash_max_size 2048;  
  34.   >        variables_hash_max_size 1024;  
  35.   >        variables_hash_bucket_size 128;  
  36.   >        keepalive_requests 150;  
  37.   >        keepalive_timeout 15;  
  38.   >        client_body_temp_path /var/lib/nginx/cache/client_body 1 2;  
  39.   >        client_max_body_size 192m;  
  40.   >        client_body_buffer_size 2048k;  
  41.   >        client_body_timeout 30s;  
  42.   >        client_header_timeout 30s;  
  43.   >        gzip on;  
  44.   >        gzip_disable "MSIE [1-6]\.";  
  45.   >        gzip_static on;  
  46.   >        gzip_comp_level 9;  
  47.   >        gzip_http_version 1.1;  
  48.   >        gzip_proxied any;  
  49.   >        gzip_vary on;  
  50.   >        gzip_buffers 16 8k;  
  51.   >        gzip_min_length 1100;  
  52.   >        gzip_types  
  53.   >[content redacted]  
  54.   >        brotli on;  
  55.   >        brotli_static on;  
  56.   >        brotli_buffers 16 8k;  
  57.   >        brotli_comp_level 6;  
  58.   >        brotli_types  
  59.   >[content redacted]  
  60.   >        index index.html index.php;  
  61.   >        charset UTF-8;  
  62.   >######## #       ignore_invalid_headers on;  
  63.   >        proxy_cache_path /var/lib/nginx/cache/proxy levels=1:2 keys_zone=PROXYCACHE:100m max_size=200m   >inactive=60m;  
  64.   >        proxy_temp_path /var/lib/nginx/cache/proxy_tmp;  
  65.   >        proxy_connect_timeout 30;
  66.   >        proxy_read_timeout 300;
  67.   >        proxy_send_timeout 300;  
  68.   >        proxy_buffers 16 32k;  
  69.   >        proxy_buffering on;  
  70.   >        proxy_buffer_size 64k;  
  71.   >        proxy_busy_buffers_size 96k;  
  72.   >        proxy_temp_file_write_size 96k;  
  73.   >######## #       proxy_cache_key "$scheme://$host$request_uri";  
  74.   >        fastcgi_cache_path /var/lib/nginx/cache/fastcgi levels=1:2 keys_zone=FCGICACHE:100m   max_size=200m >inactive=60m;  
  75.   >        fastcgi_temp_path /var/lib/nginx/cache/fastcgi_tmp;  
  76.   >######## #       fastcgi_cache_key "$scheme$request_method$host$request_uri";  
  77.   >######## #       fastcgi_cache_use_stale error timeout invalid_header http_500;  
  78.   >        fastcgi_ignore_headers Cache-Control Expires Set-Cookie;  
  79.   >        fastcgi_send_timeout 300;  
  80.   >        fastcgi_read_timeout 300;  
  81.   >        fastcgi_buffers 8 256k;  
  82.   >        fastcgi_buffer_size 256k;  
  83.   >        fastcgi_busy_buffers_size 256k;  
  84.   >        fastcgi_index index.php;  
  85.   >        include fastcgi_params;  
  86.   >        fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;  
  87.   >        limit_req_zone $binary_remote_addr zone=wplogin:50m rate=20r/m;  
  88.   >######## #       upstream php {  
  89.   >######## #               server 127.0.0.1:9000;  
  90.   >######## #       }  
  91.   >######## #       server {  
  92.   >######## #               listen 80;  
  93.   >######## #               server_name _;  
  94.   >######## #               root /usr/share/nginx/html;  
  95.   >######## #               access_log /var/log/nginx/default-access_log;  
  96.   >######## #               error_log /var/log/nginx/default-error_log warn;  
  97.   >######## #               server_name_in_redirect off;  
  98.   >######## #               include conf.d/custom/restrictions.conf;  
  99.   >######## #               include conf.d/custom/fpm-default.conf;  
  100.   >######## #       }  
  101.   >        include /etc/nginx/conf.d/vhosts/*.conf;  
  102.   >        include /etc/nginx/conf.d/custom/blacklist.conf;  
  103.   >        include /etc/nginx/conf.d/custom/cloudflare.conf;  
  104.   >}  
  105.   >######## # configuration file /etc/nginx/mime.types:  
  106.   >[contents redacted]  
  107.   >######## # configuration file /etc/nginx/fastcgi_params:  
  108.   >fastcgi_param  QUERY_STRING       $query_string;  
  109.   >fastcgi_param  REQUEST_METHOD     $request_method;  
  110.   >fastcgi_param  CONTENT_TYPE       $content_type;  
  111.   >fastcgi_param  CONTENT_LENGTH     $content_length;  
  112.   >fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;  
  113.   >fastcgi_param  REQUEST_URI        $request_uri;  
  114.   >fastcgi_param  DOCUMENT_URI       $document_uri;  
  115.   >fastcgi_param  DOCUMENT_ROOT      $document_root;  
  116.   >fastcgi_param  SERVER_PROTOCOL    $server_protocol;  
  117.   >fastcgi_param  REQUEST_SCHEME     $scheme;  
  118.   >fastcgi_param  HTTPS              $https if_not_empty;  
  119.   >fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;  
  120.   >fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;  
  121.   >fastcgi_param  REMOTE_ADDR        $remote_addr;  
  122.   >fastcgi_param  REMOTE_PORT        $remote_port;  
  123.   >fastcgi_param  SERVER_ADDR        $server_addr;  
  124.   >fastcgi_param  SERVER_PORT        $server_port;  
  125.   >fastcgi_param  SERVER_NAME        $server_name;  
  126.   >######## # PHP only, required if PHP was built with --enable-force-cgi-redirect  
  127.   >fastcgi_param  REDIRECT_STATUS    200;  
  128.   >######## # configuration file /etc/nginx/conf.d/vhosts/test.conf:  
  129.   >server {  
  130.   >listen 80 default_server;  
  131.   >listen [::]:80 default_server;  
  132.   >server_name test.domain.com www.test.domain.com;  
  133.   >return 302 https://test.domain.com$request_uri;  
  134.   >return 302 https://test.domain.com$request_uri;  
  135.   >#location / {  
  136.   >proxy_set_header HOST $host;  
  137.   >proxy_set_header X-Forwarded-Proto $scheme;  
  138.   >proxy_set_header X-FOWARDED-PROTO $scheme;  
  139.   >proxy_set_header X-Real-IP $remote_addr;  
  140.   >proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;  
  141.   >error_log /etc/nginx/log/test.log warn;  
  142.   >######## #proxy_pass http://127.0.0.1:2368;  
  143.   >######## #proxy_pass $targetBackend;  
  144.   >######## #proxy_connect_timeout 1s;  
  145.   >######## #proxy_timeout 3s;  
  146.   >######## #resolver 1.1.1.1;  
  147.   >######## #ssl_preread on;  
  148.   >######## #}  
  149.   >}  
  150.   >server {  
  151.   >listen 443 ssl http2;  
  152.   >listen [::]:443 ssl http2;  
  153.   >server_name test.domain.com;  
  154.   >ssl_certificate /var/www/test.pem;  
  155.   >ssl_certificate_key /etc/nginx/ssl/test.key;  
  156.   >#ssl_certificate $targetCert;  
  157.   >#ssl_certificate_key $targetCertKey;  
  158.   >error_log /etc/nginx/log/test-ssl.log warn;  
  159.   >location / {  
  160.   >proxy_set_header Host $host;  
  161.   >proxy_set_header X-Forwarded-Proto $scheme;  
  162.   >proxy_set_header X-FORWARDED-PROTO $scheme;  
  163.   >proxy_set_header X-Real-IP $remote_addr;  
  164.   >proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;  
  165.   >proxy_pass http://127.0.0.1:2368;  
  166.   >#proxy_pass $targetBackend;  
  167.   >#proxy_connect_timeout 1s;  
  168.   >#proxy_timeout 3s;  
  169.   >#resolver 1.1.1.1;  
  170.   >#ssl_preread on;  
  171.   >}  
  172.   >        if ($bad_bot) { return 444; }  
  173.   >        set $fpmuser www;  
  174.   >        include conf.d/custom/ssl.global.conf;  
  175.   >        include conf.d/custom/restrictions-users.conf;  
  176.   >        #include conf.d/custom/pagespeed.conf;  
  177.   >}  
  178.   >######## # configuration file /etc/nginx/conf.d/custom/ssl.global.conf:  
  179.   >#ssl_certificate /etc/letsencrypt/live/domain/fullchain.pem;  
  180.   >#ssl_certificate_key /etc/letsencrypt/live/domain/privkey.pem;  
  181.   >ssl_certificate /var/www/test.pem;  
  182.   >ssl_certificate_key /etc/nginx/ssl/test.key;  
  183.   >ssl_dhparam /etc/nginx/ssl/dhparam.pem;  
  184.   >ssl_session_timeout 4h;  
  185.   >ssl_session_cache shared:SSL:20m;  
  186.   >ssl_session_tickets off;  
  187.   >ssl_protocols TLSv1.2 TLSv1.3;  
  188.   >ssl_prefer_server_ciphers on;  
  189.   >ssl_ecdh_curve X25519:P-256:P-384:P-224:P-521;  
  190.   >ssl_buffer_size 1400;  
  191.   >ssl_stapling on;  
  192.   >ssl_stapling_verify on;  
  193.   >ssl_trusted_certificate /var/www/ca.pem;  
  194.   >resolver 1.1.1.1 8.8.8.8 valid=300s;  
  195.   >resolver_timeout 5s;  
  196.   >#add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";  
  197.   >#add_header X-Frame-Options SAMEORIGIN;  
  198.   >add_header X-Content-Type-Options nosniff;  
  199.   >######## # Modern compatibility  
  200.   >ssl_ciphers TLS13-AES-128-GCM-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:ECDHE->ECDSA->AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-  >POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384;  
  201.   >######## # configuration file /etc/nginx/conf.d/custom/restrictions-users.conf:  
  202.   >location ~ ^/(favicon|apple-touch-icon|browserconfig|mstile)(.*)\.(png|xml|ico)$ {  
  203.   >        log_not_found off;  
  204.   >        access_log off;  
  205.   >}  
  206.   >location = /robots.txt {  
  207.   >        allow all;  
  208.   >        log_not_found off;  
  209.   >        access_log off;  
  210.   >}  
  211.   >location ~ /\. {  
  212.   >        deny all;  
  213.   >        access_log off;  
  214.   >}  
  215.   >location ^~ /.well-known/ {  
  216.   >        try_files $uri $uri/ =404;  
  217.   >}  
  218.   >location /nginx_status {  
  219.   >       stub_status on;  
  220.   >        access_log off;  
  221.   >       include conf.d/custom/admin-ips.conf; deny all;  
  222.   >}  
  223.   >location /traffic_status {  
  224.   >        vhost_traffic_status_display;  
  225.   >        vhost_traffic_status_display_format html;  
  226.   >        brotli off;  
  227.   >access_log off;  
  228.   >include conf.d/custom/admin-ips.conf; deny all;  
  229.   >}  
  230.   >location ~ ^/(status|ping)$ {  
  231.   >        fastcgi_pass unix:/run/php-fpm/$fpmuser.sock;  
  232.   >        access_log off;  
  233.   >        include conf.d/custom/admin-ips.conf; deny all;  
  234.   >}  
  235.   >location ~ ^/(wp-login.php|xmlrpc.php)$ {  
  236.   >        limit_req zone=wplogin burst=3 nodelay;  
  237.   >        limit_req_status 444;  
  238.   >        error_log /dev/null crit;  
  239.   >        access_log off;  
  240.   >        log_not_found off;  
  241.   >        try_files $uri =404;  
  242.   >        fastcgi_split_path_info ^(.+\.php)(/.+)$;  
  243.   >        fastcgi_pass unix:/run/php-fpm/$fpmuser.sock;  
  244.   >}  
  245.   >######## # configuration file /etc/nginx/conf.d/custom/admin-ips.conf:  
  246.   >#include conf.d/custom/aerisnetwork-ips;  ## Quick allow Aeris Network IPs  
  247.   >allow 127.0.0.1;  
  248.   >######## # configuration file /etc/nginx/conf.d/vhosts/invoicep.conf:  
  249.   >server {  
  250.   >listen 80;  
  251.   >listen [::]:80;  
  252.   >server_name invoice.domain.com www.invoice.domain.com;  
  253.   >#return 302 https://invoice.domain.com$request_uri;  
  254.   >######## #        if ($scheme = http) {  
  255.   >######## #          rewrite ^/(.*)$ https://invoice.domain.com/$1;  
  256.   >######## #        }  
  257.   > if ($scheme = "http") {  
  258.   >      >return 302 https://$server_name$request_uri;  
  259.   >  }  
  260.   >######## #location /blog {  
  261.   >######## #  rewrite ^/blog(/.*)?$ http://blog.<redacted>.com/$1;}  
  262.   >error_log /etc/nginx/log/invoice.log warn;  
  263.   >}  
  264.   >server {  
  265.   >listen 443 ssl http2;  
  266.   >listen [::]:443 ssl http2;  
  267.   >server_name invoice.domain.com www.invoice.domain.com;  
  268.   >root /var/www/invoicep;  
  269.   >index index.php index.html index.htm;  
  270.   >client_max_body_size 100M;  
  271.   >ssl_certificate /var/www/test.pem;  
  272.   >ssl_certificate_key /etc/nginx/ssl/test.key;  
  273.   >error_log /etc/nginx/log/invoice-ssl.log warn;  
  274.   >gzip on;  
  275.   >gzip_types      application/javascript application/x-javascript text/javascript text/plain   application/xml >application/json;  
  276.   >gzip_proxied    no-cache no-store private expired auth;  
  277.   >gzip_min_length 1000;  
  278.   >location = /validation-file {  
  279.   > types {}  
  280.   > default_type text/html;  
  281.   >}  
  282.   >location = /index.php { }  
  283.   >location / {  
  284.   >  if (!-e $request_filename){    rewrite ^(.*)$ /index.php break;}  
  285.   >location / {  
  286.   >        try_files $uri $uri/ /index.php?q=$uri&$args;  
  287.   >    }  
  288.   >    location ~ \.php$ {  
  289.   >satisfy any;  
  290.   >allow all;  
  291.   >            fastcgi_split_path_info ^(.+\.php)(/.*)$;  
  292.   >######## #               include snippets/fastcgi-php.conf;  
  293.   >            fastcgi_split_path_info ^(.+\.php)(/.*)$;  
  294.   >                fastcgi_index index.php;  
  295.   >               fastcgi_pass unix:/var/run/php/php8-fpm.sock;  
  296. >               fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;  
  297.   >######## #       include fastcgi_params;  
  298.   >                fastcgi_param HTTPS on;  
  299.   >    }  
  300.   >location ~* \.pdf$ {  
  301.   >    add_header Cache-Control no-store;  
  302.   >}  
  303.   >######## #if (!-e $request_filename) {  
  304.   >######## #    rewrite ^(.+)$ /index.php?q= last;  
  305.   >######## #}  
  306.   >location ~* /storage/.*\.php$ {  
  307.   >    return 503;  
  308.   >}  
  309.   >######## #location ~ \.php$ {  
  310.   >######## #include fastcgi_params;  
  311.   >######## #fastcgi_intercept_errors on;  
  312.   >######## #fastcgi_pass unix:/run/php/php-fpm.sock;  
  313.   >######## #}  
  314.   >######## #location ~ /\.ht {  
  315.   >######## #    deny all;  
  316.   >######## #}  
  317.   >}  
  318.   >}  
  319.   >######## # configuration file /etc/nginx/conf.d/custom/blacklist.conf:  
  320.   >[contents redacted]  
  321.   >######## # configuration file /etc/nginx/conf.d/custom/cloudflare.conf:  
  322.   >[contents redacted]`
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement