Wandystan
/
POMF
2
0
포크 0
코드 이슈 0 풀 리퀘스트 0 릴리즈 0 활동
소스 검색

Introduce configuration examples

master
Eliot Whalan 5 년 전
부모
bbf66982fa
커밋
24744dc847
No known key found for this signature in database GPG 키 ID: C0A42175139840D6
4개의 변경된 파일251개의 추가작업 그리고 4개의 파일을 삭제
분할 보기
Diff Options
Show Stats Download Patch File Download Diff File
  1. +1
    -4
      README.md
  2. +151
    -0
      confs/nginx.conf
  3. +51
    -0
      confs/pantsu.cat.conf
  4. +48
    -0
      confs/u.pantsu.cat.conf

+ 1
- 4
README.md 파일 보기

@@ -63,10 +63,7 @@ increase POST size limits in `php.ini` and webserver configuration. For PHP,
modify `upload_max_filesize` and `post_max_size` values. The configuration
option for nginx webserver is `client_max_body_size`.

Example nginx configs can be found:
[nginx.conf](https://u.pantsu.cat/ymixjx.conf)
[u.pantsu.cat](https://u.pantsu.cat/fqurgp.conf)
[pantsu.cat](https://u.pantsu.cat/pnuyls.conf)
Example nginx configs can be found in confs/.

### Apache



+ 151
- 0
confs/nginx.conf 파일 보기

@@ -0,0 +1,151 @@
user nginx;

worker_processes 2;

# Maximum open file descriptors per process;
# should be > worker_connections.
worker_rlimit_nofile 8192;

events {
# When you need > 8000 * cpu_cores connections, you start optimizing your OS,
# and this is probably the point at which you hire people who are smarter than
# you, as this is *a lot* of requests.
worker_connections 16000;
use epoll;
multi_accept on;

}

# Default error log file
# (this is only used when you don't override error_log on a server{} level)
pid /var/run/nginx.pid;




http {

# Hide nginx version information.
server_tokens off;
client_max_body_size 128m;
client_body_buffer_size 32k;
#fastcgi_buffers 8 16k;
#fastcgi_buffer_size 32k;
fastcgi_buffer_size 16k;
fastcgi_buffers 4 16k;

open_file_cache max=200000 inactive=20s;
open_file_cache_valid 30s;
open_file_cache_min_uses 2;
open_file_cache_errors on;
error_log error.log debug;


# Define the MIME types for files.
include mime.types;
default_type application/octet-stream;

# Update charset_types due to updated mime.types
charset_types text/xml text/plain text/vnd.wap.wml application/x-javascript application/rss+xml text/css application/javascript application/json;

# Format to use in log files
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';

# Default log file
# (this is only used when you don't override access_log on a server{} level)
#access_log logs/access.log main;
access_log off;

# How long to allow each connection to stay idle; longer values are better
# for each individual client, particularly for SSL, but means that worker
# connections are tied up longer. (Default: 65)
keepalive_timeout 20;

# Speed up file transfers by using sendfile() to copy directly
# between descriptors rather than using read()/write().
sendfile on;

# Tell Nginx not to send out partial frames; this increases throughput
# since TCP frames are filled up before being sent out. (adds TCP_CORK)
tcp_nopush on;


# Compression

# Enable Gzip compressed.
gzip on;

# Compression level (1-9).
# 5 is a perfect compromise between size and cpu usage, offering about
# 75% reduction for most ascii files (almost identical to level 9).
gzip_comp_level 5;

# Don't compress anything that's already small and unlikely to shrink much
# if at all (the default is 20 bytes, which is bad as that usually leads to
# larger files after gzipping).
gzip_min_length 256;

# Compress data even for clients that are connecting to us via proxies,
# identified by the "Via" header (required for CloudFront).
gzip_proxied any;

# Tell proxies to cache both the gzipped and regular version of a resource
# whenever the client's Accept-Encoding capabilities header varies;
# Avoids the issue where a non-gzip capable client (which is extremely rare
# today) would display gibberish if their proxy gave them the gzipped version.
gzip_vary on;

# Compress all output labeled with one of the following MIME-types.
gzip_types
application/atom+xml
application/javascript
application/json
application/ld+json
application/manifest+json
application/rdf+xml
application/rss+xml
application/schema+json
application/vnd.geo+json
application/vnd.ms-fontobject
application/x-font-ttf
application/x-javascript
application/x-web-app-manifest+json
application/xhtml+xml
application/xml
font/eot
font/opentype
image/bmp
image/svg+xml
image/vnd.microsoft.icon
image/x-icon
text/cache-manifest
text/css
text/javascript
text/plain
text/vcard
text/vnd.rim.location.xloc
text/vtt
text/x-component
text/x-cross-domain-policy
text/xml;
# text/html is always compressed by HttpGzipModule

# This should be turned on if you are going to have pre-compressed copies (.gz) of
# static files available. If not it should be left off as it will cause extra I/O
# for the check. It is best if you enable this in a location{} block for
# a specific directory, or on an individual server{} level.
# gzip_static on;

# Include files in the sites-enabled folder. server{} configuration files should be
# placed in the sites-available folder, and then the configuration should be enabled
# by creating a symlink to it in the sites-available folder.
# See doc/sites-enabled.md for more info.
index index.html index.htm index.php _h5ai/public/index.php;

include /etc/nginx/conf.d/*.conf;
}



+ 51
- 0
confs/pantsu.cat.conf 파일 보기

@@ -0,0 +1,51 @@
server {
listen 443 ssl deferred http2;
listen [::]:443 ssl deferred http2;

server_name pantsu.cat www.pantsu.cat;
root /mnt/pantsu/http/pantsu.cat/upload;
include /etc/nginx/includes/lets.conf;
ssl_certificate /etc/nginx/ssl/pantsu.cat/pantsu.cat_chain.pem;
ssl_certificate_key /etc/nginx/ssl/pantsu.cat/pantsu.cat.key;
add_header Public-Key-Pins 'pin-sha256="iLplfPiBVaaSmbk1Q0A+cY+nkeT0CyWXsjYNWAsI5UI="; pin-sha256="uynduGXAGjJl+B8om1uAZuG+2a9Guk58fjfztwMJGJc=";max-age=5184000;';

include /etc/nginx/includes/ssllax.conf;
location /upload.php {
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/htpasswd;
include /etc/nginx/includes/php.conf;
}
include /etc/nginx/includes/php.conf;


location ^~ /includes/ {
deny all;
}
location ^~ /pub/ {
autoindex on;
include /etc/nginx/includes/php.conf;
}
location ^~ /firefox/ {
add_header Content-Security-Policy "default-src 'self'; script-src 'self'; connect-src 'self'; img-src 'self' https://addons.cdn.mozilla.net https://static.addons.mozilla.net; style-src 'self' 'unsafe-inline';font-src 'self';";
}

error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
include /etc/nginx/includes/cache.conf;

}
# redirect all http traffic to https
#lel doesn't work
server {
listen 80;
listen [::]:80;
server_name pantsu.cat www.pantsu.cat;
include /etc/nginx/includes/lets.conf;
return 301 https://$host$request_uri;

}

+ 48
- 0
confs/u.pantsu.cat.conf 파일 보기

@@ -0,0 +1,48 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;

server_name u.pantsu.cat;
root /mnt/pantsu/http/files;
ssl_certificate /etc/letsencrypt/live/u.pantsu.cat/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/u.pantsu.cat/privkey.pem;

include /etc/nginx/includes/ssleff.conf;
ssl_trusted_certificate /etc/letsencrypt/live/u.pantsu.cat/chain.pem;

# ... the rest of your configuration
location / {
#location ^~ /.php$ {return 403;}
include mime.types;
types {
text/plain txt sh;
text/plain pl go py cs c java fish;
text/plain rb rs lua ls hy asm S conf;
text/plain php sql patch diff;
text/plain moon log tcl tk md coffee;
text/plain scss ts less d hs;
application/octet-stream svg;
text/plain cfg text ascii;
}


}

error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
include /etc/nginx/includes/cache.conf;

}
# redirect all http traffic to https
server {
listen 80;
listen [::]:80;
server_name u.pantsu.cat;
return 301 https://$host$request_uri;
include /etc/nginx/includes/lets.conf;
}

쓰기 미리보기
불러오는 중...
취소
저장