From a20fee50810ebf010a47681f1fde871da3665a6e Mon Sep 17 00:00:00 2001
From: RedHood <red@hood.su>
Date: Sun, 6 Dec 2020 01:07:37 +1000
Subject: [PATCH] =?UTF-8?q?=D0=9F=D0=B5=D1=80=D0=B2=D0=B0=D1=8F=20=D1=84?=
 =?UTF-8?q?=D0=B8=D0=BA=D1=81=D0=B0=D1=86=D0=B8=D1=8F=20(=D1=87=D0=B5?=
 =?UTF-8?q?=D1=82=D0=B2=D1=91=D1=80=D1=82=D0=B0=D1=8F=20=D1=87=D0=B0=D1=81?=
 =?UTF-8?q?=D1=82=D1=8C)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../system/web/Nginx_1.17_vhost.conf          | 109 ++++++++++++++++++
 .../skillparts/system/web/assets/.gitignore   |   2 +
 2 files changed, 111 insertions(+)
 create mode 100644 mirzaev/skillparts/system/web/Nginx_1.17_vhost.conf
 create mode 100644 mirzaev/skillparts/system/web/assets/.gitignore

diff --git a/mirzaev/skillparts/system/web/Nginx_1.17_vhost.conf b/mirzaev/skillparts/system/web/Nginx_1.17_vhost.conf
new file mode 100644
index 0000000..689e574
--- /dev/null
+++ b/mirzaev/skillparts/system/web/Nginx_1.17_vhost.conf
@@ -0,0 +1,109 @@
+# ----------------------------
+# Host config
+# ----------------------------
+
+server {
+
+listen                        %ip%:%httpport% default;
+listen                        %ip%:%httpsport% ssl http2 default;
+
+server_name                   catalog.loc %aliases%;
+root                          '%hostdir%';
+limit_conn                    addr 64;
+autoindex                     off;
+index                         index.php index.html index.htm;
+
+ssl_certificate               '%sprogdir%/userdata/config/cert_files/server.crt';
+ssl_certificate_key           '%sprogdir%/userdata/config/cert_files/server.key';
+# ssl_trusted_certificate     '';
+
+# Force HTTPS
+# add_header Strict-Transport-Security 'max-age=2592000' always;
+# if ($scheme ~* ^(?!https).*$) {
+#    return 301 https://$host$request_uri;
+# }
+
+# Force www.site.com => site.com
+# if ($host ~* ^www\.(.+)$) {
+#    return 301 $scheme://$1$request_uri;
+# }
+
+# Disable access to backup/config/command/log files
+# if ($uri ~* ^.+\.(?:bak|co?nf|in[ci]|log|orig|sh|sql|tar|sql|t?gz|cmd|bat)$) {
+#    return 404;
+# }
+
+# Disable access to hidden files/folders
+if ($uri ~* /\.(?!well-known)) {
+    return 404;
+}
+
+# Disable MIME sniffing
+add_header X-Content-Type-Options 'nosniff' always;
+
+location ~* ^.+\.(?:css(\.map)?|js(\.map)?|jpe?g|png|gif|ico|cur|heic|webp|tiff?|mp3|m4a|aac|ogg|midi?|wav|mp4|mov|webm|mpe?g|avi|ogv|flv|wmv|svgz?|ttf|ttc|otf|eot|woff2?)$ {
+        expires 1d;
+        access_log off;
+}
+
+location / {
+    # Force index.php routing (if not found)
+    try_files $uri $uri/ /index.php$is_args$args;
+
+    # Force index.php routing (all requests)
+    # rewrite ^/(.*)$ /index.php?/$1 last;
+
+    location ~ \.php$ {
+        try_files      $fastcgi_script_name =404;
+
+        # limit_conn   addr 16;
+        # limit_req    zone=flood        burst=32 nodelay;
+
+        # add_header   X-Frame-Options   'SAMEORIGIN' always;
+        # add_header   Referrer-Policy   'no-referrer-when-downgrade' always;
+
+        # CSP syntax: <host-source> <scheme-source>(http: https: data: mediastream: blob: filesystem:) 'self' 'unsafe-inline' 'unsafe-eval' 'none'
+        # Content-Security-Policy-Report-Only (report-uri https://site.com/csp/)
+        # add_header   Content-Security-Policy  "default-src 'self'; connect-src 'self'; font-src 'self'; frame-src 'self'; img-src 'self'; manifest-src 'self'; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; base-uri 'none'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests" always;
+
+        fastcgi_pass   backend;
+        include        '%sprogdir%/userdata/config/nginx_fastcgi_params.txt';
+    }
+}
+
+# Service configuration (do not edit!)
+# ----------------------------
+location /openserver/ {
+    root      '%sprogdir%/modules/system/html';
+    autoindex off;
+    index     index.php index.html index.htm;
+
+    %allow%allow all;
+    allow 127.0.0.0/8;
+    allow ::1/128;
+    allow %ips%;
+    deny all;
+
+    location ~* ^/openserver/.+\.(?:css(\.map)?|js(\.map)?|jpe?g|png|gif|ico|cur|heic|webp|tiff?|mp3|m4a|aac|ogg|midi?|wav|mp4|mov|webm|mpe?g|avi|ogv|flv|wmv|svgz?|ttf|ttc|otf|eot|woff2?)$ {
+        expires 1d;
+        access_log off;
+    }
+
+    location /openserver/server-status {
+        stub_status on;
+    }
+
+    location ~ ^/openserver/.*\.php$ {
+        try_files      $fastcgi_script_name =404;
+        fastcgi_index  index.php;
+        fastcgi_pass   backend;
+        include        '%sprogdir%/userdata/config/nginx_fastcgi_params.txt';
+    }
+}
+# End service configuration
+# ----------------------------
+}
+
+# ----------------------------
+# End host config
+# ----------------------------
diff --git a/mirzaev/skillparts/system/web/assets/.gitignore b/mirzaev/skillparts/system/web/assets/.gitignore
new file mode 100644
index 0000000..d6b7ef3
--- /dev/null
+++ b/mirzaev/skillparts/system/web/assets/.gitignore
@@ -0,0 +1,2 @@
+*
+!.gitignore