diff --git a/mirzaev/skillparts/system/web/Nginx_1.17_vhost.conf b/mirzaev/skillparts/system/web/Nginx_1.17_vhost.conf new file mode 100644 index 0000000..689e574 --- /dev/null +++ b/mirzaev/skillparts/system/web/Nginx_1.17_vhost.conf @@ -0,0 +1,109 @@ +# ---------------------------- +# Host config +# ---------------------------- + +server { + +listen %ip%:%httpport% default; +listen %ip%:%httpsport% ssl http2 default; + +server_name catalog.loc %aliases%; +root '%hostdir%'; +limit_conn addr 64; +autoindex off; +index index.php index.html index.htm; + +ssl_certificate '%sprogdir%/userdata/config/cert_files/server.crt'; +ssl_certificate_key '%sprogdir%/userdata/config/cert_files/server.key'; +# ssl_trusted_certificate ''; + +# Force HTTPS +# add_header Strict-Transport-Security 'max-age=2592000' always; +# if ($scheme ~* ^(?!https).*$) { +# return 301 https://$host$request_uri; +# } + +# Force www.site.com => site.com +# if ($host ~* ^www\.(.+)$) { +# return 301 $scheme://$1$request_uri; +# } + +# Disable access to backup/config/command/log files +# if ($uri ~* ^.+\.(?:bak|co?nf|in[ci]|log|orig|sh|sql|tar|sql|t?gz|cmd|bat)$) { +# return 404; +# } + +# Disable access to hidden files/folders +if ($uri ~* /\.(?!well-known)) { + return 404; +} + +# Disable MIME sniffing +add_header X-Content-Type-Options 'nosniff' always; + +location ~* ^.+\.(?:css(\.map)?|js(\.map)?|jpe?g|png|gif|ico|cur|heic|webp|tiff?|mp3|m4a|aac|ogg|midi?|wav|mp4|mov|webm|mpe?g|avi|ogv|flv|wmv|svgz?|ttf|ttc|otf|eot|woff2?)$ { + expires 1d; + access_log off; +} + +location / { + # Force index.php routing (if not found) + try_files $uri $uri/ /index.php$is_args$args; + + # Force index.php routing (all requests) + # rewrite ^/(.*)$ /index.php?/$1 last; + + location ~ \.php$ { + try_files $fastcgi_script_name =404; + + # limit_conn addr 16; + # limit_req zone=flood burst=32 nodelay; + + # add_header X-Frame-Options 'SAMEORIGIN' always; + # add_header Referrer-Policy 'no-referrer-when-downgrade' always; + + # CSP syntax: (http: https: data: mediastream: blob: filesystem:) 'self' 'unsafe-inline' 'unsafe-eval' 'none' + # Content-Security-Policy-Report-Only (report-uri https://site.com/csp/) + # add_header Content-Security-Policy "default-src 'self'; connect-src 'self'; font-src 'self'; frame-src 'self'; img-src 'self'; manifest-src 'self'; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; base-uri 'none'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests" always; + + fastcgi_pass backend; + include '%sprogdir%/userdata/config/nginx_fastcgi_params.txt'; + } +} + +# Service configuration (do not edit!) +# ---------------------------- +location /openserver/ { + root '%sprogdir%/modules/system/html'; + autoindex off; + index index.php index.html index.htm; + + %allow%allow all; + allow 127.0.0.0/8; + allow ::1/128; + allow %ips%; + deny all; + + location ~* ^/openserver/.+\.(?:css(\.map)?|js(\.map)?|jpe?g|png|gif|ico|cur|heic|webp|tiff?|mp3|m4a|aac|ogg|midi?|wav|mp4|mov|webm|mpe?g|avi|ogv|flv|wmv|svgz?|ttf|ttc|otf|eot|woff2?)$ { + expires 1d; + access_log off; + } + + location /openserver/server-status { + stub_status on; + } + + location ~ ^/openserver/.*\.php$ { + try_files $fastcgi_script_name =404; + fastcgi_index index.php; + fastcgi_pass backend; + include '%sprogdir%/userdata/config/nginx_fastcgi_params.txt'; + } +} +# End service configuration +# ---------------------------- +} + +# ---------------------------- +# End host config +# ---------------------------- diff --git a/mirzaev/skillparts/system/web/assets/.gitignore b/mirzaev/skillparts/system/web/assets/.gitignore new file mode 100644 index 0000000..d6b7ef3 --- /dev/null +++ b/mirzaev/skillparts/system/web/assets/.gitignore @@ -0,0 +1,2 @@ +* +!.gitignore