Commit 3dcbedb8 authored by Edi Septriyanto's avatar Edi Septriyanto Committed by GitHub

Merge pull request #67 from joglomedia/1.3.0

Several bug fixes and enhancements

Added NEW

Postfix & Dovecot for basic mailer system
Fail2ban
Redis web panel (phpRedisAdmin)
parents 03101cf6 19232e90
......@@ -3,6 +3,10 @@
#
[lemper]
# LEMP stack environment.
# Use development for local environment and production for live environment.
ENVIRONMENT="production"
# Installer version.
LEMPER_VERSION="1.3.0"
......@@ -13,14 +17,14 @@ LEMPER_USERNAME="lemper"
# leave it blank for auto generated secure password.
LEMPER_PASSWORD=""
# Administration email. Don't leave it blank!
ADMIN_EMAIL="support@lemper.sh"
# Administration email. Change it! don't leave it blank!
ADMIN_EMAIL="mail@example.com"
# Server IP address, leave it blank for auto detection.
IP_SERVER=""
SERVER_IP=""
# Default Timezone, leave it blank to use default UTC timezone
# or "none" for current server setting
# or "none" for current server setting.
# Ref: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
# Example: Asia/Jakarta
TIMEZONE="UTC"
......@@ -134,6 +138,9 @@ PHP_PHALCON_VERSION="3.4.5"
# Phalcon zephir transpiler.
PHP_PHALCON_ZEPHIR=false
[php-composer]
INSTALL_PHPCOMPOSER=true
[mysql]
INSTALL_MYSQL=true
MYSQL_SERVER="mariadb"
......@@ -181,8 +188,13 @@ REDIS_PASSWORD=""
# TODO: Install DNS server.
[mailer]
INSTALL_POSTFIX=true
INSTALL_DOVECOT=true
# Install basic Mailer based on Postfix & Dovecot.
INSTALL_MAILER=true
INSTALL_SPFDKIM=true
# Sender domain is required, default sets to hostname.
# Ensure that the hostname/sender domain already pointed to this server IP address.
SENDER_DOMAIN="example.com"
[certbot]
INSTALL_CERTBOT=true
......@@ -194,3 +206,8 @@ INSTALL_FW=true
# available engine: ufw | csf | apf
# UFW is default Ubuntu firewall configurator.
FW_ENGINE="ufw"
[fail2ban]
INSTALL_FAIL2BAN=true
FAIL2BAN_INSTALLER="repo"
FAIL2BAN_VERSION="0.10.4"
......@@ -19,28 +19,22 @@ matrix:
- os: linux
dist: bionic
script:
# Copy .env file.
# Copy dotenv file.
- cp .env.dist .env
- sed -i "s/ENVIRONMENT=\"production\"/ENVIRONMENT=\"development\"/g" .env
- sed -i "s/SERVER_IP=\"\"/SERVER_IP=\"127.0.0.1\"/g" .env
- sed -i "s/AUTO_INSTALL=false/AUTO_INSTALL=true/g" .env
- sed -i "s/AUTO_REMOVE=false/AUTO_REMOVE=true/g" .env
- sed -i "s/FORCE_REMOVE=false/FORCE_REMOVE=true/g" .env
# Run the source through ShellCheck (http://www.shellcheck.net).
- shellcheck -s bash -x scripts/helper.sh
- shellcheck -s bash scripts/cleanup_server.sh
- shellcheck -s bash scripts/install_dependencies.sh
- shellcheck -s bash scripts/install_nginx.sh
- shellcheck -s bash scripts/install_php.sh
- shellcheck -s bash scripts/install_mariadb.sh
- shellcheck -s bash scripts/install_memcached.sh
- shellcheck -s bash scripts/install_mongodb.sh
- shellcheck -s bash scripts/install_redis.sh
- shellcheck -s bash scripts/install_certbotle.sh
- shellcheck -s bash scripts/install_mailer.sh
- shellcheck -s bash scripts/install_tools.sh
- shellcheck -s bash scripts/secure_server.sh
- shellcheck -s bash scripts/remove_*.sh
- shellcheck -s bash -x lemper.sh
- shellcheck -s bash bin/lemper-cli.sh
- shellcheck -s bash lib/lemper-*.sh
- shellcheck -s bash -x bin/lemper-cli.sh
- shellcheck -s bash -x lib/lemper-*.sh
- shellcheck -s bash -x scripts/cleanup_server.sh
- shellcheck -s bash -x scripts/helper.sh
- shellcheck -s bash -x scripts/install_*.sh
- shellcheck -s bash -x scripts/remove_*.sh
- shellcheck -s bash -x scripts/secure_server.sh
# Run initialization install.
- sudo bash scripts/cleanup_server.sh
- sudo bash scripts/install_dependencies.sh
......
# [L]inux [E]ngine-X [M]ariaDB [P]HP Install[ER]
LEMPer stands for Linux, Engine-X (Nginx), MariaDB and PHP installer written in Bash script. This is just a small tool set (a bunch collection of scripts) that usually I use to deploy and manage Debian-based/Ubuntu LEMP stack. LEMPer is _ServerPilot_, _CloudWays_, _RunCloud_, and _EasyEngine_ alternative crafted to support wide range PHP framework (not only WordPress).
LEMPer stands for Linux, Engine-X (Nginx), MariaDB and PHP installer written in Bash script. This is just a small tool set (a bunch collection of scripts) that usually I use to deploy and manage Debian-based/Ubuntu LEMP stack. LEMPer is _ServerPilot_, _CloudWays_, _RunCloud_, _WordOps_, and _EasyEngine_ alternative crafted to support wide-range PHP framework (not only WordPress).
[![Build Status](https://travis-ci.org/joglomedia/LEMPer.svg?branch=1.3.0)](https://travis-ci.org/joglomedia/LEMPer)
......@@ -9,14 +9,14 @@ LEMPer stands for Linux, Engine-X (Nginx), MariaDB and PHP installer written in
* Nginx from [Ondrej's repository](https://launchpad.net/~ondrej/+archive/ubuntu/nginx)
* Nginx build from [source](https://github.com/nginx/nginx) with [Mod PageSpeed](https://github.com/apache/incubator-pagespeed-ngx) module.
* Nginx with FastCGI cache enable & disable feature (via LEMPer CLI).
* Nginx pre-configured optimization for low-end VPS/cloud server. Need reliable VPS/cloud server? Get one [here](https://eslabs.id/digitalocean/) or [here](https://eslabs.id/upcloud/).
* Nginx pre-configured optimization for low-end VPS/cloud server. Need reliable VPS/cloud server? Get one [here](https://eslabs.id/upcloud/) or [here](https://eslabs.id/digitalocean/).
* Nginx virtual host (vhost) configuration optimized for WordPress, and several PHP Framework.
* Supported PHP Framework and CMS: default (vanilla PHP), framework (codeigniter, laravel, lumen, phalcon, symfony), CMS (drupal, mautic, roundcube, sendy, wordpress, wordpress-ms), and more coming soon.
* Multiple PHP version 5.6 [EOL], 7.0 [EOL], 7.1, 7.2, 7.3, 7.4 [Beta] from [Ondrej's repository](https://launchpad.net/~ondrej/+archive/ubuntu/php).
* Multiple PHP version 5.6 [EOL], 7.0 [EOL], 7.1, 7.2, 7.3, 7.4 from [Ondrej's repository](https://launchpad.net/~ondrej/+archive/ubuntu/php).
* PHP sets as user running the PHP script (via FPM's pool). Feel the faster Nginx with secure multi-user environment like a top-notch shared hosting.
* PHP Zend OPcache.
* PHP Loader (ionCube & SourceGuardian).
* MariaDB 10 (MySQL drop-in replacement).
* SQL database with MariaDB 10 (MySQL drop-in replacement).
* In-memory database with Redis.
* Memory cache with Memcached.
* NoSQL database with MongoDB *NEW*.
......@@ -33,8 +33,7 @@ LEMPer stands for Linux, Engine-X (Nginx), MariaDB and PHP installer written in
### Installing LEMP stack
```bash
sudo apt-get install git
git clone -q https://github.com/joglomedia/LEMPer.git; cd LEMPer; cp -f .env.dist .env; sudo ./lemper.sh --install
sudo apt-get install git && git clone -q https://github.com/joglomedia/LEMPer.git && cd LEMPer && cp -f .env.dist .env && sudo ./lemper.sh --install
```
### Removing LEMP stack
......@@ -45,7 +44,7 @@ sudo ./lemper.sh --remove
## LEMPer Command Line Administration Tool
LEMPer comes with friendly command line tool which will make your LEMP stack administration much more easier. These command line tool called Lemper CLI (lemper-cli) for creating new virtual host and managing existing LEMP stack.
LEMPer comes with friendly command line tool which will make your LEMP stack administration much easier. These command line tool called Lemper CLI (lemper-cli) for creating new virtual host and managing existing LEMP stack.
### lemper-cli Usage
......@@ -67,7 +66,7 @@ for more help
sudo lemper-cli --help
```
Note: Lemper CLI will automagically add a new PHP-FPM user's pool configuration if it doesn't exists. Your jos is add the user account, first.
Note: Lemper CLI will automagically add a new PHP-FPM user's pool configuration if it doesn't exists. You must add the user account first.
## Web-based Administration
......@@ -94,7 +93,7 @@ http://YOUR_DOMAIN_NAME:8082/lcp/filemanager
* ~~Custom build latest [Nginx](https://nginx.org/en/) from source~~
* ~~Add [Let's Encrypt SSL](https://letsencrypt.org/)~~
* ~~Add network security (iptable rules, firewall configurator, else?)~~
* Add enhanced security (AppArmor, cgroups, jailkit (chrooted/jail users), else?)
* Add enhanced security (AppArmor, cgroups, jailkit (chrooted/jail users), fail2ban, else?)
* Add file backup tool (Borg, Restic, Rclone, Rsnapshot, else?)
* ~~Add database backup tool (Mariabackup, Percona Xtrabackup, else?)~~
* Add server monitoring (Amplify, Monit, Nagios, else?)
......@@ -105,7 +104,7 @@ http://YOUR_DOMAIN_NAME:8082/lcp/filemanager
Please send your PR on the Github repository to help improve this script.
## TLDR
## TL;DR
If you're looking for mature, feature rich, advanced, and 24/7 premium service, please don't use this script.
......
......@@ -17,11 +17,11 @@
set -e
# Version control
# Version control.
APP_NAME=$(basename "$0")
APP_VERSION="1.3.0"
# Export stack configuration.
# Export LEMPer stack configuration.
if [ -f "/etc/lemper/lemper.conf" ]; then
# Clean environemnt first.
# shellcheck source=/etc/lemper/lemper.conf
......@@ -38,9 +38,19 @@ else
exit 1
fi
# Set default variables.
LEMPER_USERNAME=${LEMPER_USERNAME:-"lemper"}
LEMPER_PASSWORD=${LEMPER_PASSWORD:-""}
MYSQL_ROOT_PASS=${MYSQL_ROOT_PASS:-""}
# App library directory.
APP_LIB_DIR="/usr/local/lib/lemper"
##
# Show usage
# output to STDERR.
#
function cmd_help() {
cat <<- _EOF_
${APP_NAME^} ${APP_VERSION}
......@@ -60,11 +70,17 @@ _EOF_
exit 0
}
##
# Show version.
#
function cmd_version() {
echo "$APP_NAME version $APP_VERSION"
exit 0
}
##
# Create new webapp.
#
function cmd_create() {
if [ -x "$APP_LIB_DIR/lemper-create" ]; then
"$APP_LIB_DIR/lemper-create" "$@"
......@@ -79,6 +95,14 @@ function cmd_vhost() {
cmd_create "$@"
}
# Aliases to create.
function cmd_site() {
cmd_create "$@"
}
##
# Manage existing webapp.
#
function cmd_manage() {
if [ -x "$APP_LIB_DIR/lemper-manage" ]; then
"$APP_LIB_DIR/lemper-manage" "$@"
......@@ -88,24 +112,34 @@ function cmd_manage() {
fi
}
function cmd_tfm() {
if [ -x "$APP_LIB_DIR/lemper-tfm" ]; then
"$APP_LIB_DIR/lemper-tfm" "$@"
##
# Manage database.
#
function cmd_db() {
if [ -x "$APP_LIB_DIR/lemper-db" ]; then
"$APP_LIB_DIR/lemper-db" "$@"
else
echo "Oops, lemper tfm subcommand module couldn't be loaded."
echo "Oops, lemper db (database) subcommand module couldn't be loaded."
exit 1
fi
}
function cmd_db() {
if [ -x "$APP_LIB_DIR/lemper-db" ]; then
"$APP_LIB_DIR/lemper-db" "$@"
##
# TinyFileManager add user.
#
function cmd_tfm() {
if [ -x "$APP_LIB_DIR/lemper-tfm" ]; then
"$APP_LIB_DIR/lemper-tfm" "$@"
else
echo "Oops, lemper db (database) subcommand module couldn't be loaded."
echo "Oops, lemper tfm subcommand module couldn't be loaded."
exit 1
fi
}
##
# Main App
#
SUBCOMMAND="${1}"
case ${SUBCOMMAND} in
"" | "help" )
......
......@@ -4,39 +4,40 @@
# Allow "Well-Known URIs" as per RFC 5785/8615.
location ~ ^/.well-known/ {
allow all;
access_log off;
log_not_found off;
}
# Allow "Well-Known URIs" as per RFC 5785/8615.
location ~ ^/.well-known/acme-challenge/ {
allow all;
access_log off;
log_not_found off;
}
# Deny all attempts to access tmp directory.
location ~ ^/tmp/ {
deny all;
}
# Deny all direct access to framework directory.
location ~ ^/(app|application|system)/ {
# Deny all direct access to framework/system directory.
location ~ ^/(app|application|bin|etc|lcp|SQL|system|tmp|var)/ {
deny all;
access_log off;
log_not_found off;
}
# Deny access to "hidden" files and directories whose names begin with a
# period. This includes directories used by version control systems such
# as Subversion or Git to store control files.
# Deny access to "hidden" files and directories whose names begin with a period.
location ~ (^|/)\. {
deny all;
access_log off;
log_not_found off;
}
# Deny all attempts to access error and access log file.
location ~ /(error|access)\_log$ {
deny all;
access_log off;
log_not_found off;
}
# Deny access to changelog, license, readme file.
location ~* /(changelog|license|readme)\.(html|md|rst|txt)$ {
location ~* /(changelog|install|license|readme|upgrading)\.(html|md|rst|txt)$ {
deny all;
access_log off;
log_not_found off;
......@@ -45,6 +46,8 @@ location ~* /(changelog|license|readme)\.(html|md|rst|txt)$ {
# Deny access to PHP composer's file inside vendor directory.
location ~* /vendor/.*\.php$ {
deny all;
access_log off;
log_not_found off;
}
# Deny access to yml, twig, markdown, init file access.
......@@ -67,25 +70,46 @@ location ~* /(composer|Gruntfile|package)\.(js|json|lock)$ {
# (or to pass to firewall utilities such as fail2ban).
location ~* /(?:uploads|files)/.*\.php$ {
deny all;
access_log off;
log_not_found off;
}
# Deny access to PHP file inside site files directory.
location ~* ^/sites/.*/private/ {
deny all;
access_log off;
log_not_found off;
}
location ~* ^/sites/[^/]+/files/.*\.php$ {
deny all;
access_log off;
log_not_found off;
}
# Deny access to wp-config file.
location ~ /wp-config.php {
location = /wp-config.php {
deny all;
access_log off;
log_not_found off;
}
# Deny access to xmlrpc file.
# Do note that this will cause WordPress plugins that rely on xmlrpc.php
# to completely fail, please use with caution.
#location = /xmlrpc.php {
# deny all;
# access_log off;
# log_not_found off;
# return 444; # close the connection without sending a response.
#}
# Deny access to backup db file.
location ~ ^/wp-content/backup-db/ {
deny all;
access_log off;
log_not_found off;
return 404;
}
## You may add your own access rules and restrictions here...
# Generated by LEMPer.sh
user www-data;
pid /run/nginx.pid;
worker_processes auto;
worker_rlimit_nofile 100000;
pid /run/nginx.pid;
# Load dynamic modules (requires Nginx installed from source).
# Load dynamic modules (requires Nginx to be installed from source).
include /etc/nginx/modules-enabled/*.conf;
events {
......@@ -14,69 +16,63 @@ events {
http {
# Hide nginx version information.
more_set_headers "Server: LEMPer";
server_tokens off;
etag off;
# Define the MIME types for files.
include /etc/nginx/mime.types;
# Override server name, requires headers-more-nginx-module enabled.
more_set_headers "Server: LEMPer";
# Default MIME types for files.
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Charset.
include /etc/nginx/charset;
# Logging.
# Format to use in log files.
# Limits request.
limit_req_log_level warn;
limit_req_zone $binary_remote_addr zone=login:10m rate=10r/m;
# Logging format.
log_format main '$remote_addr - $remote_user [$time_local] $request '
'"$status" $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" "$gzip_ratio"'
' "$connection" "$connection_requests" "$request_time"';
access_log /var/log/nginx/access.log combined buffer=32k;
# To boost I/O on HDD we can disable access logs by default, can be enabled per vhost.
access_log off;
# Default error log set to debug level, can be changed per vhost.
error_log /var/log/nginx/error.log debug;
# Optimization settings.
keepalive_timeout 120;
keepalive_requests 100000;
# Cache informations about FDs, frequently accessed files.
# can boost performance, but you need to test those values.
open_file_cache max=200000 inactive=20s;
open_file_cache_valid 30s;
open_file_cache_min_uses 2;
open_file_cache_errors on;
# Optimization settings.
aio threads;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
server_names_hash_max_size 128;
server_names_hash_bucket_size 128;
client_header_buffer_size 128k;
client_body_buffer_size 128k;
client_body_in_file_only off;
client_header_buffer_size 32k;
client_max_body_size 20m;
connection_pool_size 256;
ignore_invalid_headers on;
large_client_header_buffers 4 4k;
output_buffers 1 32k;
postpone_output 1460;
request_pool_size 32k;
#map_hash_bucket_size 64;
#types_hash_max_size 2048;
client_header_timeout 60s;
client_body_timeout 60s;
send_timeout 60s;
reset_timedout_connection on;
# Uncomment for nginx proxy backends to prevent redirects to backend port.
#port_in_redirect off;
types_hash_max_size 2048;
# Cache informations about FDs, frequently accessed files.
# can boost performance, but you need to test those values.
open_file_cache max=1024 inactive=20s;
open_file_cache_valid 30s;
open_file_cache_min_uses 3;
open_file_cache_errors off;
# Connection tuning.
reset_timedout_connection on;
client_body_timeout 10s;
client_header_timeout 10s;
send_timeout 2s;
keepalive_timeout 30s;
keepalive_requests 100000;
# Enable Compression.
# gzip (default) or brotli (requires Nginx installed with brotli module).
include /etc/nginx/comp_gzip;
# Enable FastCGI and Proxy Cache.
# Uncomment to enable FastCGI cache. If disabled, do not use the cached vhost setting.
include /etc/nginx/fastcgi_cache;
......@@ -92,14 +88,14 @@ http {
# Let NGINX get the real client IP for its access logs. You can move this to server{} block.
# Uncomment if you're using frontend http accelerator or loadbalancer such as haproxy/varnish.
#include /etc/nginx/http_proxy_ips;
# Uncomment if you're using frontend CloudFlare CDN.
# Uncomment if you're using CloudFlare CDN.
include /etc/nginx/http_cloudflare_ips;
# Mod Ngx_PageSpeed (always uncomment this).
# Mod Ngx_PageSpeed, requires ngx-pagespeed module enabled.
#include /etc/nginx/mod_pagespeed;
# Virtual host configurations.
#index index.php index.html index.htm;
# Load vhost configs.
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# http://wiki.nginx.org/Pitfalls
# http://wiki.nginx.org/QuickStart
# http://wiki.nginx.org/Configuration
#
# Generally, you will want to move this file somewhere, and start with a clean
# file but keep this around for reference. Or just disable in sites-enabled.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##
# Generated by LEMPer.sh
server {
listen 80 default_server;
listen [::]:80 default_server;
# Make site accessible from http://localhost.localdomain/
server_name localhost.localdomain;
root /usr/share/nginx/html;
index index.php index.html index.htm;
#include /etc/nginx/includes/ssl.conf;
#ssl_certificate /etc/letsencrypt/live/localhost.localdomain/fullchain.pem;
#ssl_certificate_key /etc/letsencrypt/live/localhost.localdomain/privkey.pem;
#ssl_trusted_certificate /etc/letsencrypt/live/localhost.localdomain/fullchain.pem;
# Log Settings.
access_log /var/log/nginx/localhost.access.log;
error_log /var/log/nginx/localhost.error.log;
# Error page directives.
include /etc/nginx/includes/error_pages.conf;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to index.html
try_files $uri $uri/ /index.html;
root /usr/share/nginx/html;
index index.php index.html index.htm;
# Uncomment to enable naxsi on this location
#include /etc/nginx/naxsi.rules;
include /etc/nginx/includes/rules_security.conf;
include /etc/nginx/includes/rules_staticfiles.conf;
include /etc/nginx/includes/rules_restriction.conf;
#include /etc/nginx/includes/rules_fastcgi_cache.conf;
# Uncomment to enable auto index
autoindex off;
}
include /etc/nginx/vhost/site_default.conf;
# PHP-FPM status monitoring
location ~ ^/(status|ping)$ {
include /etc/nginx/fastcgi_params;
......@@ -52,8 +35,6 @@ server {
auth_basic_user_file /srv/.htpasswd;
}
# Pass the PHP scripts to FastCGI server listening on Unix socket.
#
location ~ \.(php|php73)$ {
try_files $uri =404;
......@@ -119,17 +100,9 @@ server {
fastcgi_pass unix:/run/php/php5.6-fpm.sock;
}
# Deny access to lcp directory.
location ~ ^/lcp {
deny all;
}
include /etc/nginx/includes/error_pages.conf;
# Deny access to .htaccess files, if Apache's document root
# concurs with Nginx's one
#
location ~ /\.ht {
deny all;
}
#include /etc/nginx/includes/fcgiwrap.conf;
}
## LEMPer Web-based Administration
......@@ -137,7 +110,6 @@ server {
listen 8082;
listen [::]:8082;
# Make site accessible from http://localhost.localdomain:8082/
server_name localhost.localdomain;
root /usr/share/nginx/html;
......@@ -147,9 +119,6 @@ server {
access_log /var/log/nginx/localhost.access.log;
error_log /var/log/nginx/localhost.error.log;
# Error page directives.
include /etc/nginx/includes/error_pages.conf;
location /lcp {
try_files $uri $uri/ /index.php?$args;
......@@ -248,34 +217,9 @@ server {
fastcgi_pass unix:/run/php/php5.6-fpm.sock;
}
# Deny access to .htaccess files, if Apache's document root
# concurs with Nginx's one
#
location ~ /\.ht {
deny all;
}
include /etc/nginx/includes/error_pages.conf;
#include /etc/nginx/includes/fcgiwrap.conf;
}
# HTTPS server
#
#server {
# listen 443 ssl http2;
# server_name localhost;
#
# root html;
# index index.html index.htm;
#
# ssl on;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
#
# ssl_session_timeout 5m;
#
# ssl_protocols SSLv3 TLSv1;
# ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
# ssl_prefer_server_ciphers on;
#
# location / {
# try_files $uri $uri/ /index.html;
# }
#}
## SSL redirection here.
......@@ -2,7 +2,6 @@
# Designed to be included in any server {} block.
location / {
#index index.php index.html index.htm;
try_files $uri $uri/ /index.php?$args;
# Uncomment to enable naxsi on this location
......
## Default rewrite rules.
## Default site rewrite rules.
# Designed to be included in any server {} block.
location / {
......
## Drupal site rules.
## Drupal rewrite rules.
# Designed to be included in any server {} block.
# This order might seem weird - this is attempted to match last if rules below fail.
# http://wiki.nginx.org/HttpCoreModule
location / {
# try_files $uri @rewrite; # For Drupal <= 6
try_files $uri /index.php?$query_string; # For Drupal >= 7
# try_files $uri $uri/ @rewrite; # For Drupal <= 6
try_files $uri $uri/ /index.php?$query_string; # For Drupal >= 7
# Uncomment to enable naxsi on this location
#include /etc/nginx/naxsi.rules
......
## Laravel PHP Frameworks rewrite rules.
# Designed to be included in any server {} block.
# This order might seem weird - this is attempted to match last if rules below fail.
# http://wiki.nginx.org/HttpCoreModule
location / {
# try to serve file directly, fallback to index.php
try_files $uri $uri/ /index.php?$query_string;
try_files $uri $uri/ /index.php?$query_string;
# Uncomment to enable naxsi on this location
#include /etc/nginx/naxsi.rules
......
......@@ -8,7 +8,7 @@ rewrite ^/index.php/(.*) /$1 permanent;
rewrite ^/(vendor|translations|build)/.* /index.php break;
location / {
try_files $uri /index.php$is_args$args;
try_files $uri $uri/ /index.php$is_args$args;
# Uncomment to enable naxsi on this location
#include /etc/nginx/naxsi.rules
......
## Roundcube webmail site rules.
## Roundcube webmail rewrite rules.
# Designed to be included in any server {} block.
location / {
......@@ -16,11 +16,3 @@ location / {
# Shows file listing times as local time.
#autoindex_localtime on;
}
location ~ ^/(README|README.md|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ {
deny all;
}
location ~ ^/(bin|SQL)/ {
deny all;
}