diff --git a/web-nginx-mysql/alpine/conf/etc/zabbix/nginx.conf b/web-nginx-mysql/alpine/conf/etc/zabbix/nginx.conf index 3b3499240..3f7cb9cd7 100644 --- a/web-nginx-mysql/alpine/conf/etc/zabbix/nginx.conf +++ b/web-nginx-mysql/alpine/conf/etc/zabbix/nginx.conf @@ -15,7 +15,6 @@ server { large_client_header_buffers 8 8k; client_max_body_size 10M; - location = /favicon.ico { log_not_found off; } @@ -26,12 +25,6 @@ server { access_log off; } - # deny running scripts inside writable directories - location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ { - return 403; - error_page 403 /403_error.html; - } - # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac). location ~ /\. { deny all; @@ -40,14 +33,19 @@ server { } # caching of files - location ~* \.(ico|pdf|flv)$ { + location ~* \.ico$ { expires 1y; } - location ~* \.(js|css|png|jpg|jpeg|gif|swf|xml|txt)$ { + location ~* \.(js|css|png|jpg|jpeg|gif|xml|txt)$ { expires 14d; } + location ~ /(app\/|conf[^\.]|include|locale) { + deny all; + return 404; + } + location / { try_files $uri $uri/ /index.php?$args; } diff --git a/web-nginx-mysql/alpine/conf/etc/zabbix/nginx_ssl.conf b/web-nginx-mysql/alpine/conf/etc/zabbix/nginx_ssl.conf index 55becd27c..f0d4620db 100644 --- a/web-nginx-mysql/alpine/conf/etc/zabbix/nginx_ssl.conf +++ b/web-nginx-mysql/alpine/conf/etc/zabbix/nginx_ssl.conf @@ -1,6 +1,7 @@ server { listen 8443 ssl http2; listen [::]:8443 ssl http2; + server_name zabbix; server_name_in_redirect off; @@ -31,7 +32,7 @@ server { location =/nginx_status { stub_status on; - access_log off; + access_log off; allow 127.0.0.1; deny all; } @@ -44,12 +45,6 @@ server { allow all; log_not_found off; access_log off; - } - - # deny running scripts inside writable directories - location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ { - return 403; - error_page 403 /403_error.html; } # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac). @@ -60,14 +55,19 @@ server { } # caching of files - location ~* \.(ico|pdf|flv)$ { + location ~* \.ico$ { expires 1y; } - location ~* \.(js|css|png|jpg|jpeg|gif|swf|xml|txt)$ { + location ~* \.(js|css|png|jpg|jpeg|gif|xml|txt)$ { expires 14d; } + location ~ /(app\/|conf[^\.]|include|locale) { + deny all; + return 404; + } + location / { try_files $uri $uri/ /index.php?$args; } diff --git a/web-nginx-mysql/centos/conf/etc/zabbix/nginx.conf b/web-nginx-mysql/centos/conf/etc/zabbix/nginx.conf index 3b3499240..3f7cb9cd7 100644 --- a/web-nginx-mysql/centos/conf/etc/zabbix/nginx.conf +++ b/web-nginx-mysql/centos/conf/etc/zabbix/nginx.conf @@ -15,7 +15,6 @@ server { large_client_header_buffers 8 8k; client_max_body_size 10M; - location = /favicon.ico { log_not_found off; } @@ -26,12 +25,6 @@ server { access_log off; } - # deny running scripts inside writable directories - location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ { - return 403; - error_page 403 /403_error.html; - } - # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac). location ~ /\. { deny all; @@ -40,14 +33,19 @@ server { } # caching of files - location ~* \.(ico|pdf|flv)$ { + location ~* \.ico$ { expires 1y; } - location ~* \.(js|css|png|jpg|jpeg|gif|swf|xml|txt)$ { + location ~* \.(js|css|png|jpg|jpeg|gif|xml|txt)$ { expires 14d; } + location ~ /(app\/|conf[^\.]|include|locale) { + deny all; + return 404; + } + location / { try_files $uri $uri/ /index.php?$args; } diff --git a/web-nginx-mysql/centos/conf/etc/zabbix/nginx_ssl.conf b/web-nginx-mysql/centos/conf/etc/zabbix/nginx_ssl.conf index 384d22506..f0d4620db 100644 --- a/web-nginx-mysql/centos/conf/etc/zabbix/nginx_ssl.conf +++ b/web-nginx-mysql/centos/conf/etc/zabbix/nginx_ssl.conf @@ -32,7 +32,7 @@ server { location =/nginx_status { stub_status on; - access_log off; + access_log off; allow 127.0.0.1; deny all; } @@ -45,12 +45,6 @@ server { allow all; log_not_found off; access_log off; - } - - # deny running scripts inside writable directories - location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ { - return 403; - error_page 403 /403_error.html; } # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac). @@ -61,14 +55,19 @@ server { } # caching of files - location ~* \.(ico|pdf|flv)$ { + location ~* \.ico$ { expires 1y; } - location ~* \.(js|css|png|jpg|jpeg|gif|swf|xml|txt)$ { + location ~* \.(js|css|png|jpg|jpeg|gif|xml|txt)$ { expires 14d; } + location ~ /(app\/|conf[^\.]|include|locale) { + deny all; + return 404; + } + location / { try_files $uri $uri/ /index.php?$args; } diff --git a/web-nginx-mysql/ubuntu/conf/etc/zabbix/nginx.conf b/web-nginx-mysql/ubuntu/conf/etc/zabbix/nginx.conf index 3b3499240..3f7cb9cd7 100644 --- a/web-nginx-mysql/ubuntu/conf/etc/zabbix/nginx.conf +++ b/web-nginx-mysql/ubuntu/conf/etc/zabbix/nginx.conf @@ -15,7 +15,6 @@ server { large_client_header_buffers 8 8k; client_max_body_size 10M; - location = /favicon.ico { log_not_found off; } @@ -26,12 +25,6 @@ server { access_log off; } - # deny running scripts inside writable directories - location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ { - return 403; - error_page 403 /403_error.html; - } - # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac). location ~ /\. { deny all; @@ -40,14 +33,19 @@ server { } # caching of files - location ~* \.(ico|pdf|flv)$ { + location ~* \.ico$ { expires 1y; } - location ~* \.(js|css|png|jpg|jpeg|gif|swf|xml|txt)$ { + location ~* \.(js|css|png|jpg|jpeg|gif|xml|txt)$ { expires 14d; } + location ~ /(app\/|conf[^\.]|include|locale) { + deny all; + return 404; + } + location / { try_files $uri $uri/ /index.php?$args; } diff --git a/web-nginx-mysql/ubuntu/conf/etc/zabbix/nginx_ssl.conf b/web-nginx-mysql/ubuntu/conf/etc/zabbix/nginx_ssl.conf index 384d22506..f0d4620db 100644 --- a/web-nginx-mysql/ubuntu/conf/etc/zabbix/nginx_ssl.conf +++ b/web-nginx-mysql/ubuntu/conf/etc/zabbix/nginx_ssl.conf @@ -32,7 +32,7 @@ server { location =/nginx_status { stub_status on; - access_log off; + access_log off; allow 127.0.0.1; deny all; } @@ -45,12 +45,6 @@ server { allow all; log_not_found off; access_log off; - } - - # deny running scripts inside writable directories - location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ { - return 403; - error_page 403 /403_error.html; } # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac). @@ -61,14 +55,19 @@ server { } # caching of files - location ~* \.(ico|pdf|flv)$ { + location ~* \.ico$ { expires 1y; } - location ~* \.(js|css|png|jpg|jpeg|gif|swf|xml|txt)$ { + location ~* \.(js|css|png|jpg|jpeg|gif|xml|txt)$ { expires 14d; } + location ~ /(app\/|conf[^\.]|include|locale) { + deny all; + return 404; + } + location / { try_files $uri $uri/ /index.php?$args; } diff --git a/web-nginx-pgsql/alpine/conf/etc/zabbix/nginx.conf b/web-nginx-pgsql/alpine/conf/etc/zabbix/nginx.conf index 3b3499240..3f7cb9cd7 100644 --- a/web-nginx-pgsql/alpine/conf/etc/zabbix/nginx.conf +++ b/web-nginx-pgsql/alpine/conf/etc/zabbix/nginx.conf @@ -15,7 +15,6 @@ server { large_client_header_buffers 8 8k; client_max_body_size 10M; - location = /favicon.ico { log_not_found off; } @@ -26,12 +25,6 @@ server { access_log off; } - # deny running scripts inside writable directories - location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ { - return 403; - error_page 403 /403_error.html; - } - # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac). location ~ /\. { deny all; @@ -40,14 +33,19 @@ server { } # caching of files - location ~* \.(ico|pdf|flv)$ { + location ~* \.ico$ { expires 1y; } - location ~* \.(js|css|png|jpg|jpeg|gif|swf|xml|txt)$ { + location ~* \.(js|css|png|jpg|jpeg|gif|xml|txt)$ { expires 14d; } + location ~ /(app\/|conf[^\.]|include|locale) { + deny all; + return 404; + } + location / { try_files $uri $uri/ /index.php?$args; } diff --git a/web-nginx-pgsql/alpine/conf/etc/zabbix/nginx_ssl.conf b/web-nginx-pgsql/alpine/conf/etc/zabbix/nginx_ssl.conf index 384d22506..f0d4620db 100644 --- a/web-nginx-pgsql/alpine/conf/etc/zabbix/nginx_ssl.conf +++ b/web-nginx-pgsql/alpine/conf/etc/zabbix/nginx_ssl.conf @@ -32,7 +32,7 @@ server { location =/nginx_status { stub_status on; - access_log off; + access_log off; allow 127.0.0.1; deny all; } @@ -45,12 +45,6 @@ server { allow all; log_not_found off; access_log off; - } - - # deny running scripts inside writable directories - location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ { - return 403; - error_page 403 /403_error.html; } # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac). @@ -61,14 +55,19 @@ server { } # caching of files - location ~* \.(ico|pdf|flv)$ { + location ~* \.ico$ { expires 1y; } - location ~* \.(js|css|png|jpg|jpeg|gif|swf|xml|txt)$ { + location ~* \.(js|css|png|jpg|jpeg|gif|xml|txt)$ { expires 14d; } + location ~ /(app\/|conf[^\.]|include|locale) { + deny all; + return 404; + } + location / { try_files $uri $uri/ /index.php?$args; } diff --git a/web-nginx-pgsql/centos/conf/etc/zabbix/nginx.conf b/web-nginx-pgsql/centos/conf/etc/zabbix/nginx.conf index 3b3499240..3f7cb9cd7 100644 --- a/web-nginx-pgsql/centos/conf/etc/zabbix/nginx.conf +++ b/web-nginx-pgsql/centos/conf/etc/zabbix/nginx.conf @@ -15,7 +15,6 @@ server { large_client_header_buffers 8 8k; client_max_body_size 10M; - location = /favicon.ico { log_not_found off; } @@ -26,12 +25,6 @@ server { access_log off; } - # deny running scripts inside writable directories - location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ { - return 403; - error_page 403 /403_error.html; - } - # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac). location ~ /\. { deny all; @@ -40,14 +33,19 @@ server { } # caching of files - location ~* \.(ico|pdf|flv)$ { + location ~* \.ico$ { expires 1y; } - location ~* \.(js|css|png|jpg|jpeg|gif|swf|xml|txt)$ { + location ~* \.(js|css|png|jpg|jpeg|gif|xml|txt)$ { expires 14d; } + location ~ /(app\/|conf[^\.]|include|locale) { + deny all; + return 404; + } + location / { try_files $uri $uri/ /index.php?$args; } diff --git a/web-nginx-pgsql/centos/conf/etc/zabbix/nginx_ssl.conf b/web-nginx-pgsql/centos/conf/etc/zabbix/nginx_ssl.conf index 384d22506..f0d4620db 100644 --- a/web-nginx-pgsql/centos/conf/etc/zabbix/nginx_ssl.conf +++ b/web-nginx-pgsql/centos/conf/etc/zabbix/nginx_ssl.conf @@ -32,7 +32,7 @@ server { location =/nginx_status { stub_status on; - access_log off; + access_log off; allow 127.0.0.1; deny all; } @@ -45,12 +45,6 @@ server { allow all; log_not_found off; access_log off; - } - - # deny running scripts inside writable directories - location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ { - return 403; - error_page 403 /403_error.html; } # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac). @@ -61,14 +55,19 @@ server { } # caching of files - location ~* \.(ico|pdf|flv)$ { + location ~* \.ico$ { expires 1y; } - location ~* \.(js|css|png|jpg|jpeg|gif|swf|xml|txt)$ { + location ~* \.(js|css|png|jpg|jpeg|gif|xml|txt)$ { expires 14d; } + location ~ /(app\/|conf[^\.]|include|locale) { + deny all; + return 404; + } + location / { try_files $uri $uri/ /index.php?$args; } diff --git a/web-nginx-pgsql/ubuntu/conf/etc/zabbix/nginx.conf b/web-nginx-pgsql/ubuntu/conf/etc/zabbix/nginx.conf index 3b3499240..3f7cb9cd7 100644 --- a/web-nginx-pgsql/ubuntu/conf/etc/zabbix/nginx.conf +++ b/web-nginx-pgsql/ubuntu/conf/etc/zabbix/nginx.conf @@ -15,7 +15,6 @@ server { large_client_header_buffers 8 8k; client_max_body_size 10M; - location = /favicon.ico { log_not_found off; } @@ -26,12 +25,6 @@ server { access_log off; } - # deny running scripts inside writable directories - location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ { - return 403; - error_page 403 /403_error.html; - } - # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac). location ~ /\. { deny all; @@ -40,14 +33,19 @@ server { } # caching of files - location ~* \.(ico|pdf|flv)$ { + location ~* \.ico$ { expires 1y; } - location ~* \.(js|css|png|jpg|jpeg|gif|swf|xml|txt)$ { + location ~* \.(js|css|png|jpg|jpeg|gif|xml|txt)$ { expires 14d; } + location ~ /(app\/|conf[^\.]|include|locale) { + deny all; + return 404; + } + location / { try_files $uri $uri/ /index.php?$args; } diff --git a/web-nginx-pgsql/ubuntu/conf/etc/zabbix/nginx_ssl.conf b/web-nginx-pgsql/ubuntu/conf/etc/zabbix/nginx_ssl.conf index 384d22506..f0d4620db 100644 --- a/web-nginx-pgsql/ubuntu/conf/etc/zabbix/nginx_ssl.conf +++ b/web-nginx-pgsql/ubuntu/conf/etc/zabbix/nginx_ssl.conf @@ -32,7 +32,7 @@ server { location =/nginx_status { stub_status on; - access_log off; + access_log off; allow 127.0.0.1; deny all; } @@ -45,12 +45,6 @@ server { allow all; log_not_found off; access_log off; - } - - # deny running scripts inside writable directories - location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ { - return 403; - error_page 403 /403_error.html; } # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac). @@ -61,14 +55,19 @@ server { } # caching of files - location ~* \.(ico|pdf|flv)$ { + location ~* \.ico$ { expires 1y; } - location ~* \.(js|css|png|jpg|jpeg|gif|swf|xml|txt)$ { + location ~* \.(js|css|png|jpg|jpeg|gif|xml|txt)$ { expires 14d; } + location ~ /(app\/|conf[^\.]|include|locale) { + deny all; + return 404; + } + location / { try_files $uri $uri/ /index.php?$args; }