update Nginx config

2026-04-11 07:29:09 +00:00 · 2019-08-14 06:01:09 +07:00
parent 0806d9b5a7
commit badd4158eb
3 changed files with 192 additions and 172 deletions
--- a/etc/nginx/includes/error_pages.conf
+++ b/etc/nginx/includes/error_pages.conf
@@ -9,41 +9,43 @@ error_page 503 /503.html;
 error_page 504 /504.html;

 location = /403.html {
-	access_log off;
-	internal;
+    root /usr/share/nginx/html/error_pages;
+    #access_log off;
+    internal;
 }

 location = /404.html {
-	access_log off;
-	internal;
+    root /usr/share/nginx/html/error_pages;
+    #access_log off;
+    internal;
 }

 location = /500.html {
-	allow all;
-	access_log off;
-	internal;
+    root /usr/share/nginx/html/error_pages;
+    #access_log off;
+    internal;
 }

 location = /502.html {
-	allow all;
-	access_log off;
-	internal;
+    root /usr/share/nginx/html/error_pages;
+    #access_log off;
+    internal;
 }

 location = /503.html {
-	allow all;
-	access_log off;
-	internal;
+    root /usr/share/nginx/html/error_pages;
+    #access_log off;
+    internal;
 }

 location = /504.html {
-	allow all;
-	access_log off;
-	internal;
+    root /usr/share/nginx/html/error_pages;
+    #access_log off;
+    internal;
 }

 location = /50x.html {
-	allow all;
-	access_log off;
-	internal;
+    root /usr/share/nginx/html/error_pages;
+    #access_log off;
+    internal;
 }
--- a/etc/nginx/nginx.conf
+++ b/etc/nginx/nginx.conf
@@ -7,94 +7,95 @@ pid /run/nginx.pid;
 include /etc/nginx/modules-enabled/*.conf;

 events {
-	worker_connections 4096;
-	use epoll;
-	multi_accept on;
+    worker_connections 4096;
+    use epoll;
+    multi_accept on;
 }

 http {
-	# Hide nginx version information.
-	server_tokens off;
+    # Hide nginx version information.
+    server_tokens off;
+    etag off;

-	# Define the MIME types for files.
-	include /etc/nginx/mime.types;
+    # Define the MIME types for files.
+    include /etc/nginx/mime.types;

-	default_type application/octet-stream;
+    default_type application/octet-stream;

    # Charset.
    include /etc/nginx/charset;

    # Logging.
-	# Format to use in log files.
-	log_format main '$remote_addr - $remote_user [$time_local] $request '
+    # Format to use in log files.
+    log_format main '$remote_addr - $remote_user [$time_local] $request '
                '"$status" $body_bytes_sent "$http_referer" '
                '"$http_user_agent" "$http_x_forwarded_for" "$gzip_ratio"'
                ' "$connection" "$connection_requests" "$request_time"';
-	access_log /var/log/nginx/access.log combined buffer=32k;
-	error_log /var/log/nginx/error.log debug;
+    access_log /var/log/nginx/access.log combined buffer=32k;
+    error_log /var/log/nginx/error.log debug;

-	# Optimization settings.
-	keepalive_timeout 60;
-	keepalive_requests 100000;
+    # Optimization settings.
+    keepalive_timeout 60;
+    keepalive_requests 100000;

    aio threads;
-	sendfile on;
-	tcp_nopush on;
-	tcp_nodelay on;
-	server_names_hash_max_size 128;
-	server_names_hash_bucket_size 128;
-	client_header_buffer_size 128k;
-	client_body_buffer_size 128k;
-	client_body_in_file_only off;
-	client_max_body_size 20m;
-	connection_pool_size 256;
-	ignore_invalid_headers on;
-	large_client_header_buffers 4 4k;
-	output_buffers 1 32k;
-	postpone_output 1460;
-	request_pool_size 32k;
-	#map_hash_bucket_size 64;
-	#types_hash_max_size 2048;
-	client_header_timeout 60s;
-	client_body_timeout 60s;
-	send_timeout 60s;
-	reset_timedout_connection on;
+    sendfile on;
+    tcp_nopush on;
+    tcp_nodelay on;
+    server_names_hash_max_size 128;
+    server_names_hash_bucket_size 128;
+    client_header_buffer_size 128k;
+    client_body_buffer_size 128k;
+    client_body_in_file_only off;
+    client_max_body_size 20m;
+    connection_pool_size 256;
+    ignore_invalid_headers on;
+    large_client_header_buffers 4 4k;
+    output_buffers 1 32k;
+    postpone_output 1460;
+    request_pool_size 32k;
+    #map_hash_bucket_size 64;
+    #types_hash_max_size 2048;
+    client_header_timeout 60s;
+    client_body_timeout 60s;
+    send_timeout 60s;
+    reset_timedout_connection on;

-	# Uncomment for nginx proxy backends to prevent redirects to backend port.
-	#port_in_redirect off;
+    # Uncomment for nginx proxy backends to prevent redirects to backend port.
+    #port_in_redirect off;

-	# Cache informations about FDs, frequently accessed files.
-	# can boost performance, but you need to test those values.
-	open_file_cache max=1024 inactive=20s;
-	open_file_cache_valid 30s;
-	open_file_cache_min_uses 5;
-	open_file_cache_errors off;
+    # Cache informations about FDs, frequently accessed files.
+    # can boost performance, but you need to test those values.
+    open_file_cache max=1024 inactive=20s;
+    open_file_cache_valid 30s;
+    open_file_cache_min_uses 5;
+    open_file_cache_errors off;

-	# Enable Compression.
+    # Enable Compression.
    # gzip (default) or brotli (requires Nginx installed with brotli module).
    include /etc/nginx/comp_gzip;

-	# Enable FastCGI and Proxy Cache.
-	# Uncomment to enable FastCGI cache. If disabled, do not use the cached vhost setting.
-	include /etc/nginx/fastcgi_cache;
+    # Enable FastCGI and Proxy Cache.
+    # Uncomment to enable FastCGI cache. If disabled, do not use the cached vhost setting.
+    include /etc/nginx/fastcgi_cache;

-	# Uncomment to enable Proxy cache. Enables only if Nginx runs as proxy server.
-	#include /etc/nginx/proxy_cache;
+    # Uncomment to enable Proxy cache. Enables only if Nginx runs as proxy server.
+    #include /etc/nginx/proxy_cache;

-	# Upstream, ex: for Node.JS application server.
-	include /etc/nginx/upstream;
+    # Upstream, ex: for Node.JS application server.
+    include /etc/nginx/upstream;

-	# SSL map.
-	include /etc/nginx/fastcgi_https_map;
+    # SSL map.
+    include /etc/nginx/fastcgi_https_map;

-	# Let NGINX get the real client IP for its access logs. You can move this to server{} block.
-	# Uncomment if you're using frontend http accelerator or loadbalancer such as haproxy/varnish.
-	#include /etc/nginx/http_proxy_ips;
-	# Uncomment if you're using frontend CloudFlare CDN.
-	include /etc/nginx/http_cloudflare_ips;
+    # Let NGINX get the real client IP for its access logs. You can move this to server{} block.
+    # Uncomment if you're using frontend http accelerator or loadbalancer such as haproxy/varnish.
+    #include /etc/nginx/http_proxy_ips;
+    # Uncomment if you're using frontend CloudFlare CDN.
+    include /etc/nginx/http_cloudflare_ips;

-	# Virtual host configurations.
-	index index.php index.html index.htm;
-	include /etc/nginx/conf.d/*.conf;
-	include /etc/nginx/sites-enabled/*;
+    # Virtual host configurations.
+    index index.php index.html index.htm;
+    include /etc/nginx/conf.d/*.conf;
+    include /etc/nginx/sites-enabled/*;
 }
--- a/etc/nginx/sites-available/default
+++ b/etc/nginx/sites-available/default
@@ -12,34 +12,30 @@
 ##

 server {
-	listen 80 default_server;
-	listen [::]:80 default_server;
+    listen 80 default_server;
+    listen [::]:80 default_server;

-	# Make site accessible from http://localhost/
-	server_name localhost.localdomain;
+    # Make site accessible from http://localhost.localdomain/
+    server_name localhost.localdomain;

-	root /usr/share/nginx/html;
-	index index.php index.html index.htm;
+    root /usr/share/nginx/html;
+    index index.php index.html index.htm;

-	# Log Settings.
-	access_log /var/log/nginx/localhost.access.log;
-	error_log /var/log/nginx/localhost.error.log;
+    # Log Settings.
+    access_log /var/log/nginx/localhost.access.log;
+    error_log /var/log/nginx/localhost.error.log;

-	location / {
-		# First attempt to serve request as file, then
-		# as directory, then fall back to index.html
-		try_files $uri $uri/ /index.html;
+    location / {
+        # First attempt to serve request as file, then
+        # as directory, then fall back to index.html
+        try_files $uri $uri/ /index.html;

-		# Uncomment to enable naxsi on this location
-		#include /etc/nginx/naxsi.rules
+        # Uncomment to enable naxsi on this location
+        #include /etc/nginx/naxsi.rules;

-		# Uncomment to enable auto index
-		autoindex off;
-	}
-
-	location ~ ^/lcp {
-		deny all;
-	}
+        # Uncomment to enable auto index
+        autoindex off;
+    }

    # PHP-FPM status monitoring
    location ~ ^/(status|ping)$ {
@@ -54,80 +50,101 @@ server {
    }

    # Default PHP set to 7.3
-	location ~ \.php$ {
+    location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/run/php/php7.3-fpm.sock;
-		fastcgi_index index.php;
-
-		include /etc/nginx/fastcgi_params;
-	}
-
-    location ~ \.php56$ {
-        fastcgi_split_path_info ^(.+\.php56)(/.+)$;
-        fastcgi_pass unix:/run/php/php5.6-fpm.sock;
        fastcgi_index index.php;
-
        include /etc/nginx/fastcgi_params;
    }

-    location ~ \.php70$ {
-        fastcgi_split_path_info ^(.+\.php70)(/.+)$;
-        fastcgi_pass unix:/run/php/php7.0-fpm.sock;
+    location ~ \.php73$ {
+        fastcgi_split_path_info ^(.+\.php)(/.+)$;
+        fastcgi_pass unix:/run/php/php7.3-fpm.sock;
        fastcgi_index index.php;
-
-        include /etc/nginx/fastcgi_params;
-    }
-
-    location ~ \.php71$ {
-        fastcgi_split_path_info ^(.+\.php71)(/.+)$;
-        fastcgi_pass unix:/run/php/php7.1-fpm.sock;
-        fastcgi_index index.php;
-
        include /etc/nginx/fastcgi_params;
    }

    location ~ \.php72$ {
-        fastcgi_split_path_info ^(.+\.php72)(/.+)$;
+        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/run/php/php7.2-fpm.sock;
        fastcgi_index index.php;
-
        include /etc/nginx/fastcgi_params;
    }

-	# Deny access to .htaccess files, if Apache's document root
-	# concurs with Nginx's one
-	#
-	location ~ /\.ht {
-		deny all;
-	}
+    location ~ \.php71$ {
+        fastcgi_split_path_info ^(.+\.php)(/.+)$;
+        fastcgi_pass unix:/run/php/php7.1-fpm.sock;
+        fastcgi_index index.php;
+        include /etc/nginx/fastcgi_params;
+    }
+
+    location ~ \.php70$ {
+        fastcgi_split_path_info ^(.+\.php)(/.+)$;
+        fastcgi_pass unix:/run/php/php7.0-fpm.sock;
+        fastcgi_index index.php;
+        include /etc/nginx/fastcgi_params;
+    }
+
+    location ~ \.php56$ {
+        fastcgi_split_path_info ^(.+\.php)(/.+)$;
+        fastcgi_pass unix:/run/php/php5.6-fpm.sock;
+        fastcgi_index index.php;
+        include /etc/nginx/fastcgi_params;
+    }
+
+    # Deny access to lcp directory.
+    location ~ ^/lcp {
+        deny all;
+    }
+
+    # Deny access to .htaccess files, if Apache's document root
+    # concurs with Nginx's one
+    #
+    location ~ /\.ht {
+        deny all;
+    }
 }

 ## LEMPer Web-based Administration
 server {
-	listen 8082;
-	listen [::]:8082;
+    listen 8082;
+    listen [::]:8082;

-	# Make site accessible from http://localhost.localdomain/
-	server_name localhost.localdomain;
+    # Make site accessible from http://localhost.localdomain:8082/
+    server_name localhost.localdomain;

-	root /usr/share/nginx/html/lcp;
-	index index.php index.html index.htm;
+    root /usr/share/nginx/html;
+    index index.php index.html index.htm;

-	# Log Settings.
-	access_log /var/log/nginx/localhost.access.log;
-	error_log /var/log/nginx/localhost.error.log;
+    # Log Settings.
+    access_log /var/log/nginx/localhost.access.log;
+    error_log /var/log/nginx/localhost.error.log;

-	location / {
-		# First attempt to serve request as file, then
-		# as directory, then fall back to index.html
-		try_files $uri $uri/ /index.html;
+    location / {
+        # First attempt to serve request as file, then
+        # as directory, then fall back to index.html
+        try_files $uri $uri/ /index.html;

-		# Uncomment to enable naxsi on this location
-		#include /etc/nginx/naxsi.rules
+        # Uncomment to enable naxsi on this location
+        #include /etc/nginx/naxsi.rules;

-		# Uncomment to enable auto index
-		autoindex off;
-	}
+        # Uncomment to enable auto index
+        autoindex off;
+    }
+
+    location ~ ^/dbadminer {
+        #root /usr/share/nginx/html/lcp/dbadminer;
+        try_files $uri $uri/ /index.php?$args;
+        #include /etc/nginx/naxsi.rules;
+        autoindex off;
+    }
+
+    location ~ ^/filemanager {
+        #root /usr/share/nginx/html/lcp/filemanager;
+        try_files $uri $uri/ /index.php?$args;
+        #include /etc/nginx/naxsi.rules;
+        autoindex off;
+    }

    # Pass the PHP scripts to FastCGI server listening on Unix socket.
    #
@@ -146,34 +163,34 @@ server {
        fastcgi_pass unix:/run/php/php7.3-fpm.sock;
    }

-	# Deny access to .htaccess files, if Apache's document root
-	# concurs with Nginx's one
-	#
-	location ~ /\.ht {
-		deny all;
-	}
+    # Deny access to .htaccess files, if Apache's document root
+    # concurs with Nginx's one
+    #
+    location ~ /\.ht {
+        deny all;
+    }
 }

 # HTTPS server
 #
 #server {
-#	listen 443 ssl http2;
-#	server_name localhost;
+#    listen 443 ssl http2;
+#    server_name localhost;
 #
-#	root html;
-#	index index.html index.htm;
+#    root html;
+#    index index.html index.htm;
 #
-#	ssl on;
-#	ssl_certificate cert.pem;
-#	ssl_certificate_key cert.key;
+#    ssl on;
+#    ssl_certificate cert.pem;
+#    ssl_certificate_key cert.key;
 #
-#	ssl_session_timeout 5m;
+#    ssl_session_timeout 5m;
 #
-#	ssl_protocols SSLv3 TLSv1;
-#	ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
-#	ssl_prefer_server_ciphers on;
+#    ssl_protocols SSLv3 TLSv1;
+#    ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
+#    ssl_prefer_server_ciphers on;
 #
-#	location / {
-#		try_files $uri $uri/ /index.html;
-#	}
+#    location / {
+#        try_files $uri $uri/ /index.html;
+#    }
 #}