Skip to content

Commit

Permalink
webserver config files
Browse files Browse the repository at this point in the history
  • Loading branch information
@alexweissman
alexweissman committed Feb 16, 2017
1 parent c982d50 commit c16825d
Show file tree
Hide file tree
Showing 3 changed files with 285 additions and 0 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
# Change Log

## v4.0.3-Alpha
- Add config file for nginx (https://github.com/userfrosting/UserFrosting/issues/373)
- Add Portuguese translations (thanks to @brunomnsilva!)
- Add Arabic (MSA) translations (thanks to @abdullah.seba!)
- Add Dispatcher to db service to allow registering model events.
Expand Down
185 changes: 185 additions & 0 deletions webserver-configs/htaccess.txt
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,185 @@
# Enable this line to temporarily disable the Apache rewrite cache.
#Header set Cache-Control "max-age=0, private, no-store, no-cache, must-revalidate"

# Tell PHP that we are using Apache
SetEnv SERVER_TYPE Apache

<IfModule mod_rewrite.c>

# Tell PHP that the mod_rewrite module is ENABLED.
SetEnv HTTP_MOD_REWRITE On

RewriteEngine On

# Uncomment the next two lines to forward all HTTP to HTTPS
#RewriteCond %{HTTPS} !=on
#RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

# Forward all www. to non-www. Remove this rule if you want both available.
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ http://%1/$1 [R=301,L]

# Remove trailing slash from any non-directory path (canonicalization) - GET requests only
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_METHOD} =GET
RewriteCond %{REQUEST_URI} (.+)/$
RewriteRule ^ %1 [L,R=301]

# Dynamically rewrite base directory (see http://stackoverflow.com/questions/31062479/301-redirect-urls-that-are-also-being-rewritten)
RewriteCond $0#%{REQUEST_URI} ^([^#]*)#(.*)\1$
RewriteRule ^.*$ - [E=BASE:%2]

# Forward any requested URLs that specifically contain index.php (see http://stackoverflow.com/questions/31062479/301-redirect-urls-that-are-also-being-rewritten)
RewriteCond %{THE_REQUEST} /index\.php [NC]
RewriteRule ^index\.php(?:/(.*))?$ %{ENV:BASE}$1 [L,R=301,NC,NE]

# Send the URI to index.php (Slim routing)
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [QSA,L]

</IfModule>

# Deny access to any php.ini files
<Files php.ini>
Order allow,deny
Deny from all
</Files>

# Gzip Compression
<IfModule mod_deflate.c>
# Force compression for mangled headers.
# http://developer.yahoo.com/blogs/ydn/posts/2010/12/pushing-beyond-gzipping
<IfModule mod_setenvif.c>
<IfModule mod_headers.c>
SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding
RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding
</IfModule>
</IfModule>

# Compress all output labeled with one of the following MIME-types
# (for Apache versions below 2.3.7, you don't need to enable `mod_filter`
# and can remove the `<IfModule mod_filter.c>` and `</IfModule>` lines
# as `AddOutputFilterByType` is still in the core directives).

<IfModule mod_filter.c>
AddOutputFilterByType DEFLATE application/atom+xml \
application/javascript \
application/json \
application/rss+xml \
application/vnd.ms-fontobject \
application/x-font-ttf \
application/x-web-app-manifest+json \
application/xhtml+xml \
application/xml \
font/opentype \
image/svg+xml \
image/x-icon \
text/css \
text/html \
text/plain \
text/x-component \
text/xml
</IfModule>

</IfModule>

# ----------------------------------------------------------------------
# | Expires headers - enable this if you want browsers to cache content |
# ----------------------------------------------------------------------

# Serve resources with far-future expires headers.
#
# (!) If you don't control versioning with filename-based
# cache busting, you should consider lowering the cache times
# to something like one week.
#
# https://httpd.apache.org/docs/current/mod/mod_expires.html

#<IfModule mod_expires.c>
#
# ExpiresActive on
# ExpiresDefault "access plus 1 month"
#
# # CSS
#
# ExpiresByType text/css "access plus 1 hour"
#
#
# # Data interchange
#
# ExpiresByType application/atom+xml "access plus 1 hour"
# ExpiresByType application/rdf+xml "access plus 1 hour"
# ExpiresByType application/rss+xml "access plus 1 hour"
#
# ExpiresByType application/json "access plus 0 seconds"
# ExpiresByType application/ld+json "access plus 0 seconds"
# ExpiresByType application/schema+json "access plus 0 seconds"
# ExpiresByType application/vnd.geo+json "access plus 0 seconds"
# ExpiresByType application/xml "access plus 0 seconds"
# ExpiresByType text/xml "access plus 0 seconds"
#
#
# # Favicon (cannot be renamed!) and cursor images
#
# ExpiresByType image/vnd.microsoft.icon "access plus 1 week"
# ExpiresByType image/x-icon "access plus 1 week"
#
# # HTML
#
# ExpiresByType text/html "access plus 0 seconds"
#
#
# # JavaScript
#
# ExpiresByType application/javascript "access plus 1 hour"
# ExpiresByType application/x-javascript "access plus 1 hour"
# ExpiresByType text/javascript "access plus 1 hour"
#
#
# # Manifest files
#
# ExpiresByType application/manifest+json "access plus 1 week"
# ExpiresByType application/x-web-app-manifest+json "access plus 0 seconds"
# ExpiresByType text/cache-manifest "access plus 0 seconds"
#
#
# # Media files
#
# ExpiresByType audio/ogg "access plus 1 month"
# ExpiresByType image/bmp "access plus 1 month"
# ExpiresByType image/gif "access plus 1 month"
# ExpiresByType image/jpeg "access plus 1 month"
# ExpiresByType image/png "access plus 1 month"
# ExpiresByType image/svg+xml "access plus 1 month"
# ExpiresByType image/webp "access plus 1 month"
# ExpiresByType video/mp4 "access plus 1 month"
# ExpiresByType video/ogg "access plus 1 month"
# ExpiresByType video/webm "access plus 1 month"
#
#
# # Web fonts
#
# # Embedded OpenType (EOT)
# ExpiresByType application/vnd.ms-fontobject "access plus 1 month"
# ExpiresByType font/eot "access plus 1 month"
#
# # OpenType
# ExpiresByType font/opentype "access plus 1 month"
#
# # TrueType
# ExpiresByType application/x-font-ttf "access plus 1 month"
#
# # Web Open Font Format (WOFF) 1.0
# ExpiresByType application/font-woff "access plus 1 month"
# ExpiresByType application/x-font-woff "access plus 1 month"
# ExpiresByType font/woff "access plus 1 month"
#
# # Web Open Font Format (WOFF) 2.0
# ExpiresByType application/font-woff2 "access plus 1 month"
#
#
# # Other
#
# ExpiresByType text/x-cross-domain-policy "access plus 1 week"
#
#</IfModule>
99 changes: 99 additions & 0 deletions webserver-configs/nginx.conf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,99 @@
## This is just a starting point for configuring your application. It is not guaranteed to work out of the box.
## See https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/

## Redirect HTTP to HTTPS
## Enable this block once you've set up SSL. This will redirect all HTTP requests to HTTPS.
#server {
# listen 80;
# server_name example.com;
# return 301 https://$host$request_uri;
#}

# Default server configuration
#
server {
## Non-SSL configuration. Not recommended for production!
listen 80;
## Defines the script/file to look for when a request is made to the index of your server name.
index index.php index.html index.htm;

## Begin - Server Info
## Document root directory for your project. Should be set to the directory that contains your index.php.
root /usr/share/nginx/project/public;
server_name example.com;
## End - Server Info

## SSL configuration
## It is STRONGLY RECOMMENDED that you use SSL for all traffic to your UF site.
## Otherwise, you are potentially leaking your users' sensitive info, including passwords!
## See https://letsencrypt.org/ to find out how to get a free, trusted SSL cert for your site.
#
#listen 443 ssl spdy; # we listen ssl first with spdy second. if browser support spdy it will attempt to upgrade immediately on handshake
#listen [::]:443 ssl spdy;
## Certificate paths (example for letsencrypt)
#ssl_certificate /etc/letsencrypt/live/<cert name>/fullchain.pem;
#ssl_certificate_key /etc/letsencrypt/live/<cert name>/privkey.pem;
## Disable SSLv3(enabled by default since nginx 0.8.19) since it's less secure then TLS http://en.wikipedia.org/wiki/Secure_Sockets_Layer#SSL_3.0
#ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
## Enable session resumption to enable low latency for repeat visitors.
#ssl_session_cache shared:SSL:50m;
#ssl_session_timeout 5m;
## Enables server-side protection from BEAST attacks
#ssl_prefer_server_ciphers on;
## Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
#ssl_dhparam /etc/nginx/dhparam.pem; # google will tell you how to make this
## Ciphers chosen for forward secrecy and compatibility
#ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
## Enable ocsp stapling (mechanism by which a site can convey certificate revocation information to visitors in a privacy-preserving, scalable manner)
#resolver 8.8.8.8;
#ssl_stapling on;
#ssl_trusted_certificate /etc/letsencrypt/live/<cert name>/fullchain.pem; # same as your ssl_certificate path
## Config to enable HSTS(HTTP Strict Transport Security) https://developer.mozilla.org/en-US/docs/Security/HTTP_Strict_Transport_Security
#add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";

access_log /var/log/nginx/access.log;

add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
## This header enables the Cross-site scripting (XSS) filter built into most recent web browsers.
add_header X-XSS-Protection "1; mode=block"; #optional

## handle php requests.
location ~ \.(php)$ {
# Throw away any requests to execute PHP scripts in other directories
location ~ \..*/.*\.php$ {
return 404;
}
# regex to split $uri to $fastcgi_script_name and $fastcgi_path
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_keep_conn on;
# For FPM (PHP 5.x)
fastcgi_pass unix:/var/run/php5-fpm.sock;
# For FPM (PHP 7)
#fastcgi_pass unix:/run/php/php7.0-fpm.sock;
# For traditional PHP FastCGI (php5-cgi or php7.0-cgi)
#fastcgi_pass 127.0.0.1:9000;
# For HHVM
#fastcgi_pass unix:/var/run/hhvm/hhvm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}

## we can cache some static files
location ~* \.[^png|gif|jpg|jpeg|ico|css|js|woff|ttf|otf|woff2|eot]$ {
include /etc/nginx/mime.types;
expires max;
}

## Begin - Index
## for subfolders, simply adjust:
## `location /subfolder {`
## and the rewrite to use `/subfolder/index.php`
location / {
include /etc/nginx/mime.types;
index index.php;
try_files $uri $uri/ /index.php?$query_string;
}
## End - Index
}

0 comments on commit c16825d

Please sign in to comment.