Optimizations for Nginx configs

This commit is contained in:
Alexey Pustovalov 2021-06-07 13:52:40 -04:00
parent a36ff2f2e0
commit 957029b5b5
12 changed files with 91 additions and 108 deletions

View File

@ -15,7 +15,6 @@ server {
large_client_header_buffers 8 8k; large_client_header_buffers 8 8k;
client_max_body_size 10M; client_max_body_size 10M;
location = /favicon.ico { location = /favicon.ico {
log_not_found off; log_not_found off;
} }
@ -26,12 +25,6 @@ server {
access_log off; access_log off;
} }
# deny running scripts inside writable directories
location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ {
return 403;
error_page 403 /403_error.html;
}
# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac). # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
location ~ /\. { location ~ /\. {
deny all; deny all;
@ -40,14 +33,19 @@ server {
} }
# caching of files # caching of files
location ~* \.(ico|pdf|flv)$ { location ~* \.ico$ {
expires 1y; expires 1y;
} }
location ~* \.(js|css|png|jpg|jpeg|gif|swf|xml|txt)$ { location ~* \.(js|css|png|jpg|jpeg|gif|xml|txt)$ {
expires 14d; expires 14d;
} }
location ~ /(app\/|conf[^\.]|include|locale) {
deny all;
return 404;
}
location / { location / {
try_files $uri $uri/ /index.php?$args; try_files $uri $uri/ /index.php?$args;
} }

View File

@ -1,6 +1,7 @@
server { server {
listen 8443 ssl http2; listen 8443 ssl http2;
listen [::]:8443 ssl http2; listen [::]:8443 ssl http2;
server_name zabbix; server_name zabbix;
server_name_in_redirect off; server_name_in_redirect off;
@ -31,7 +32,7 @@ server {
location =/nginx_status { location =/nginx_status {
stub_status on; stub_status on;
access_log off; access_log off;
allow 127.0.0.1; allow 127.0.0.1;
deny all; deny all;
} }
@ -46,12 +47,6 @@ server {
access_log off; access_log off;
} }
# deny running scripts inside writable directories
location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ {
return 403;
error_page 403 /403_error.html;
}
# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac). # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
location ~ /\. { location ~ /\. {
deny all; deny all;
@ -60,14 +55,19 @@ server {
} }
# caching of files # caching of files
location ~* \.(ico|pdf|flv)$ { location ~* \.ico$ {
expires 1y; expires 1y;
} }
location ~* \.(js|css|png|jpg|jpeg|gif|swf|xml|txt)$ { location ~* \.(js|css|png|jpg|jpeg|gif|xml|txt)$ {
expires 14d; expires 14d;
} }
location ~ /(app\/|conf[^\.]|include|locale) {
deny all;
return 404;
}
location / { location / {
try_files $uri $uri/ /index.php?$args; try_files $uri $uri/ /index.php?$args;
} }

View File

@ -15,7 +15,6 @@ server {
large_client_header_buffers 8 8k; large_client_header_buffers 8 8k;
client_max_body_size 10M; client_max_body_size 10M;
location = /favicon.ico { location = /favicon.ico {
log_not_found off; log_not_found off;
} }
@ -26,12 +25,6 @@ server {
access_log off; access_log off;
} }
# deny running scripts inside writable directories
location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ {
return 403;
error_page 403 /403_error.html;
}
# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac). # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
location ~ /\. { location ~ /\. {
deny all; deny all;
@ -40,14 +33,19 @@ server {
} }
# caching of files # caching of files
location ~* \.(ico|pdf|flv)$ { location ~* \.ico$ {
expires 1y; expires 1y;
} }
location ~* \.(js|css|png|jpg|jpeg|gif|swf|xml|txt)$ { location ~* \.(js|css|png|jpg|jpeg|gif|xml|txt)$ {
expires 14d; expires 14d;
} }
location ~ /(app\/|conf[^\.]|include|locale) {
deny all;
return 404;
}
location / { location / {
try_files $uri $uri/ /index.php?$args; try_files $uri $uri/ /index.php?$args;
} }

View File

@ -32,7 +32,7 @@ server {
location =/nginx_status { location =/nginx_status {
stub_status on; stub_status on;
access_log off; access_log off;
allow 127.0.0.1; allow 127.0.0.1;
deny all; deny all;
} }
@ -47,12 +47,6 @@ server {
access_log off; access_log off;
} }
# deny running scripts inside writable directories
location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ {
return 403;
error_page 403 /403_error.html;
}
# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac). # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
location ~ /\. { location ~ /\. {
deny all; deny all;
@ -61,14 +55,19 @@ server {
} }
# caching of files # caching of files
location ~* \.(ico|pdf|flv)$ { location ~* \.ico$ {
expires 1y; expires 1y;
} }
location ~* \.(js|css|png|jpg|jpeg|gif|swf|xml|txt)$ { location ~* \.(js|css|png|jpg|jpeg|gif|xml|txt)$ {
expires 14d; expires 14d;
} }
location ~ /(app\/|conf[^\.]|include|locale) {
deny all;
return 404;
}
location / { location / {
try_files $uri $uri/ /index.php?$args; try_files $uri $uri/ /index.php?$args;
} }

View File

@ -15,7 +15,6 @@ server {
large_client_header_buffers 8 8k; large_client_header_buffers 8 8k;
client_max_body_size 10M; client_max_body_size 10M;
location = /favicon.ico { location = /favicon.ico {
log_not_found off; log_not_found off;
} }
@ -26,12 +25,6 @@ server {
access_log off; access_log off;
} }
# deny running scripts inside writable directories
location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ {
return 403;
error_page 403 /403_error.html;
}
# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac). # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
location ~ /\. { location ~ /\. {
deny all; deny all;
@ -40,14 +33,19 @@ server {
} }
# caching of files # caching of files
location ~* \.(ico|pdf|flv)$ { location ~* \.ico$ {
expires 1y; expires 1y;
} }
location ~* \.(js|css|png|jpg|jpeg|gif|swf|xml|txt)$ { location ~* \.(js|css|png|jpg|jpeg|gif|xml|txt)$ {
expires 14d; expires 14d;
} }
location ~ /(app\/|conf[^\.]|include|locale) {
deny all;
return 404;
}
location / { location / {
try_files $uri $uri/ /index.php?$args; try_files $uri $uri/ /index.php?$args;
} }

View File

@ -32,7 +32,7 @@ server {
location =/nginx_status { location =/nginx_status {
stub_status on; stub_status on;
access_log off; access_log off;
allow 127.0.0.1; allow 127.0.0.1;
deny all; deny all;
} }
@ -47,12 +47,6 @@ server {
access_log off; access_log off;
} }
# deny running scripts inside writable directories
location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ {
return 403;
error_page 403 /403_error.html;
}
# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac). # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
location ~ /\. { location ~ /\. {
deny all; deny all;
@ -61,14 +55,19 @@ server {
} }
# caching of files # caching of files
location ~* \.(ico|pdf|flv)$ { location ~* \.ico$ {
expires 1y; expires 1y;
} }
location ~* \.(js|css|png|jpg|jpeg|gif|swf|xml|txt)$ { location ~* \.(js|css|png|jpg|jpeg|gif|xml|txt)$ {
expires 14d; expires 14d;
} }
location ~ /(app\/|conf[^\.]|include|locale) {
deny all;
return 404;
}
location / { location / {
try_files $uri $uri/ /index.php?$args; try_files $uri $uri/ /index.php?$args;
} }

View File

@ -15,7 +15,6 @@ server {
large_client_header_buffers 8 8k; large_client_header_buffers 8 8k;
client_max_body_size 10M; client_max_body_size 10M;
location = /favicon.ico { location = /favicon.ico {
log_not_found off; log_not_found off;
} }
@ -26,12 +25,6 @@ server {
access_log off; access_log off;
} }
# deny running scripts inside writable directories
location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ {
return 403;
error_page 403 /403_error.html;
}
# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac). # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
location ~ /\. { location ~ /\. {
deny all; deny all;
@ -40,14 +33,19 @@ server {
} }
# caching of files # caching of files
location ~* \.(ico|pdf|flv)$ { location ~* \.ico$ {
expires 1y; expires 1y;
} }
location ~* \.(js|css|png|jpg|jpeg|gif|swf|xml|txt)$ { location ~* \.(js|css|png|jpg|jpeg|gif|xml|txt)$ {
expires 14d; expires 14d;
} }
location ~ /(app\/|conf[^\.]|include|locale) {
deny all;
return 404;
}
location / { location / {
try_files $uri $uri/ /index.php?$args; try_files $uri $uri/ /index.php?$args;
} }

View File

@ -32,7 +32,7 @@ server {
location =/nginx_status { location =/nginx_status {
stub_status on; stub_status on;
access_log off; access_log off;
allow 127.0.0.1; allow 127.0.0.1;
deny all; deny all;
} }
@ -47,12 +47,6 @@ server {
access_log off; access_log off;
} }
# deny running scripts inside writable directories
location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ {
return 403;
error_page 403 /403_error.html;
}
# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac). # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
location ~ /\. { location ~ /\. {
deny all; deny all;
@ -61,14 +55,19 @@ server {
} }
# caching of files # caching of files
location ~* \.(ico|pdf|flv)$ { location ~* \.ico$ {
expires 1y; expires 1y;
} }
location ~* \.(js|css|png|jpg|jpeg|gif|swf|xml|txt)$ { location ~* \.(js|css|png|jpg|jpeg|gif|xml|txt)$ {
expires 14d; expires 14d;
} }
location ~ /(app\/|conf[^\.]|include|locale) {
deny all;
return 404;
}
location / { location / {
try_files $uri $uri/ /index.php?$args; try_files $uri $uri/ /index.php?$args;
} }

View File

@ -15,7 +15,6 @@ server {
large_client_header_buffers 8 8k; large_client_header_buffers 8 8k;
client_max_body_size 10M; client_max_body_size 10M;
location = /favicon.ico { location = /favicon.ico {
log_not_found off; log_not_found off;
} }
@ -26,12 +25,6 @@ server {
access_log off; access_log off;
} }
# deny running scripts inside writable directories
location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ {
return 403;
error_page 403 /403_error.html;
}
# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac). # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
location ~ /\. { location ~ /\. {
deny all; deny all;
@ -40,14 +33,19 @@ server {
} }
# caching of files # caching of files
location ~* \.(ico|pdf|flv)$ { location ~* \.ico$ {
expires 1y; expires 1y;
} }
location ~* \.(js|css|png|jpg|jpeg|gif|swf|xml|txt)$ { location ~* \.(js|css|png|jpg|jpeg|gif|xml|txt)$ {
expires 14d; expires 14d;
} }
location ~ /(app\/|conf[^\.]|include|locale) {
deny all;
return 404;
}
location / { location / {
try_files $uri $uri/ /index.php?$args; try_files $uri $uri/ /index.php?$args;
} }

View File

@ -32,7 +32,7 @@ server {
location =/nginx_status { location =/nginx_status {
stub_status on; stub_status on;
access_log off; access_log off;
allow 127.0.0.1; allow 127.0.0.1;
deny all; deny all;
} }
@ -47,12 +47,6 @@ server {
access_log off; access_log off;
} }
# deny running scripts inside writable directories
location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ {
return 403;
error_page 403 /403_error.html;
}
# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac). # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
location ~ /\. { location ~ /\. {
deny all; deny all;
@ -61,14 +55,19 @@ server {
} }
# caching of files # caching of files
location ~* \.(ico|pdf|flv)$ { location ~* \.ico$ {
expires 1y; expires 1y;
} }
location ~* \.(js|css|png|jpg|jpeg|gif|swf|xml|txt)$ { location ~* \.(js|css|png|jpg|jpeg|gif|xml|txt)$ {
expires 14d; expires 14d;
} }
location ~ /(app\/|conf[^\.]|include|locale) {
deny all;
return 404;
}
location / { location / {
try_files $uri $uri/ /index.php?$args; try_files $uri $uri/ /index.php?$args;
} }

View File

@ -15,7 +15,6 @@ server {
large_client_header_buffers 8 8k; large_client_header_buffers 8 8k;
client_max_body_size 10M; client_max_body_size 10M;
location = /favicon.ico { location = /favicon.ico {
log_not_found off; log_not_found off;
} }
@ -26,12 +25,6 @@ server {
access_log off; access_log off;
} }
# deny running scripts inside writable directories
location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ {
return 403;
error_page 403 /403_error.html;
}
# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac). # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
location ~ /\. { location ~ /\. {
deny all; deny all;
@ -40,14 +33,19 @@ server {
} }
# caching of files # caching of files
location ~* \.(ico|pdf|flv)$ { location ~* \.ico$ {
expires 1y; expires 1y;
} }
location ~* \.(js|css|png|jpg|jpeg|gif|swf|xml|txt)$ { location ~* \.(js|css|png|jpg|jpeg|gif|xml|txt)$ {
expires 14d; expires 14d;
} }
location ~ /(app\/|conf[^\.]|include|locale) {
deny all;
return 404;
}
location / { location / {
try_files $uri $uri/ /index.php?$args; try_files $uri $uri/ /index.php?$args;
} }

View File

@ -32,7 +32,7 @@ server {
location =/nginx_status { location =/nginx_status {
stub_status on; stub_status on;
access_log off; access_log off;
allow 127.0.0.1; allow 127.0.0.1;
deny all; deny all;
} }
@ -47,12 +47,6 @@ server {
access_log off; access_log off;
} }
# deny running scripts inside writable directories
location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ {
return 403;
error_page 403 /403_error.html;
}
# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac). # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
location ~ /\. { location ~ /\. {
deny all; deny all;
@ -61,14 +55,19 @@ server {
} }
# caching of files # caching of files
location ~* \.(ico|pdf|flv)$ { location ~* \.ico$ {
expires 1y; expires 1y;
} }
location ~* \.(js|css|png|jpg|jpeg|gif|swf|xml|txt)$ { location ~* \.(js|css|png|jpg|jpeg|gif|xml|txt)$ {
expires 14d; expires 14d;
} }
location ~ /(app\/|conf[^\.]|include|locale) {
deny all;
return 404;
}
location / { location / {
try_files $uri $uri/ /index.php?$args; try_files $uri $uri/ /index.php?$args;
} }