working on it ...

Filters

Explore Public Snippets

Sort by

Found 2,774 snippets

    public by AbhishekGhosh  316  0  3  0

    nginx php 7.1 default

    nginx php 7.1 default: default
    server {
        listen 80;
        listen [::]:80;
    
        server_name localhost;
    
        access_log /var/log/access.log;
        error_log /var/log/error.log;
    
        root /usr/share/nginx/html;
        index index.php;
    
        location / {
            try_files $uri $uri/ /index.php?$args;
        }
    
        location ~ \.php$ {
            try_files $uri =404;
            fastcgi_split_path_info ^(.+\.php)(/.+)$;
            fastcgi_pass unix:/run/php/php7.1-fpm.sock;
            fastcgi_index index.php;
            include fastcgi_params;
        }
    }
    
    

    public by taganay  1785  8  3  0

    tst

    test1            

    public by AbhishekGhosh  259  0  3  0

    nginx extras modules

    nginx extras modules: extras.conf
    --with-cc-opt='-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2' 
    --with-ld-opt='-Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now' 
    --prefix=/usr/share/nginx 
    --conf-path=/etc/nginx/nginx.conf 
    --http-log-path=/var/log/nginx/access.log 
    --error-log-path=/var/log/nginx/error.log 
    --lock-path=/var/lock/nginx.lock 
    --pid-path=/run/nginx.pid 
    --http-client-body-temp-path=/var/lib/nginx/body 
    --http-fastcgi-temp-path=/var/lib/nginx/fastcgi 
    --http-proxy-temp-path=/var/lib/nginx/proxy 
    --http-scgi-temp-path=/var/lib/nginx/scgi 
    --http-uwsgi-temp-path=/var/lib/nginx/uwsgi 
    --with-debug --with-pcre-jit 
    --with-ipv6 
    --with-http_ssl_module 
    --with-http_stub_status_module 
    --with-http_realip_module 
    --with-http_auth_request_module 
    --with-http_addition_module 
    --with-http_dav_module 
    --with-http_flv_module 
    --with-http_geoip_module 
    --with-http_gunzip_module 
    --with-http_gzip_static_module 
    --with-http_image_filter_module 
    --with-http_mp4_module 
    --with-http_perl_module 
    --with-http_random_index_module 
    --with-http_secure_link_module 
    --with-http_v2_module 
    --with-http_sub_module 
    --with-http_xslt_module 
    --with-mail 
    --with-mail_ssl_module 
    --with-stream 
    --with-stream_ssl_module 
    --with-threads 
    --add-module=/build/nginx-wAi2qr/nginx-1.10.0/debian/modules/headers-more-nginx-module 
    --add-module=/build/nginx-wAi2qr/nginx-1.10.0/debian/modules/nginx-auth-pam 
    --add-module=/build/nginx-wAi2qr/nginx-1.10.0/debian/modules/nginx-cache-purge 
    --add-module=/build/nginx-wAi2qr/nginx-1.10.0/debian/modules/nginx-dav-ext-module 
    --add-module=/build/nginx-wAi2qr/nginx-1.10.0/debian/modules/nginx-development-kit 
    --add-module=/build/nginx-wAi2qr/nginx-1.10.0/debian/modules/nginx-echo 
    --add-module=/build/nginx-wAi2qr/nginx-1.10.0/debian/modules/ngx-fancyindex 
    --add-module=/build/nginx-wAi2qr/nginx-1.10.0/debian/modules/nginx-http-push 
    --add-module=/build/nginx-wAi2qr/nginx-1.10.0/debian/modules/nginx-lua 
    --add-module=/build/nginx-wAi2qr/nginx-1.10.0/debian/modules/nginx-upload-progress 
    --add-module=/build/nginx-wAi2qr/nginx-1.10.0/debian/modules/nginx-upstream-fair 
    --add-module=/build/nginx-wAi2qr/nginx-1.10.0/debian/modules/ngx_http_substitutions_filter_module
    
    

    public by AbhishekGhosh  239  0  3  0

    nginx centminmod modules

    nginx centminmod modules: centminmod.conf
    --with-ld-opt='-lrt -ljemalloc -Wl,-z,relro' 
    --with-cc-opt='-m64 -mtune=native -g -O2 -fstack-protector 
    --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wno-sign-compare -Wno-string-plus-int -Wno-deprecated-declarations -Wno-unused-parameter -Wno-unused-const-variable -Wno-conditional-uninitialized -Wno-mismatched-tags -Wno-c++11-extensions -Wno-sometimes-uninitialized -Wno-parentheses-equality -Wno-tautological-compare -Wno-self-assign -Wno-deprecated-register -Wno-deprecated -Wno-invalid-source-encoding -Wno-pointer-sign -Wno-parentheses -Wno-enum-conversion' 
    --sbin-path=/usr/local/sbin/nginx 
    --conf-path=/usr/local/nginx/conf/nginx.conf 
    --with-http_ssl_module 
    --with-http_v2_module 
    --with-http_gzip_static_module 
    --with-http_stub_status_module 
    --with-http_sub_module 
    --with-http_addition_module 
    --with-http_image_filter_module 
    --with-http_secure_link_module 
    --with-http_realip_module 
    --with-http_geoip_module 
    --with-openssl-opt=enable-tlsext 
    --add-module=../ngx-fancyindex-ngx-fancyindex 
    --add-module=../ngx_cache_purge-2.3 
    --add-module=../nginx-http-concat-master 
    --add-module=../memc-nginx-module-0.17 
    --add-module=../srcache-nginx-module-0.31 
    --add-module=../ngx_devel_kit-0.3.0 
    --add-module=../set-misc-nginx-module-0.30 
    --add-module=../echo-nginx-module-0.59 
    --add-module=../redis2-nginx-module-0.13 
    --add-module=../ngx_http_redis-0.3.7 
    --add-module=../nginx_upstream_check_module-0.3.0 
    --add-module=../nginx-module-vts 
    --add-module=../headers-more-nginx-module-0.30 
    --with-openssl=../libressl-2.4.2 
    --with-libatomic 
    --with-pcre=../pcre-8.38 
    --with-pcre-jit
    
    

    public by AysadKozanoglu  128900  1  2  0

    request flood protection rate limiting nginx

    request flood protection rate limiting nginx: nginx-rate_limit_flood_protect.conf
    # To enable rate limiting simply add the following line to the top-level of your config file:
    
    # 1 request / second
    limit_req_zone $binary_remote_addr zone=login:10m rate=1r/s;
    
    # Then apply it to a location by adding a rate  limiting burst to your server block:
    
    location /account/login/ {
        # apply rate limiting
        limit_req zone=login burst=5;
    
        # boilerplate copied from location /
        proxy_pass http://myapp;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
    }
    
    
    

    public by AysadKozanoglu  1179  8  4  0

    nginx configuration file, (do not log robots.txt and favicon.ico requests)

    nginx configuration file, (do not log robots.txt and favicon.ico requests): do_not_log.conf
    # Designed to be included in any server {} block.
    location = /favicon.ico {
    	log_not_found off;
    	access_log off;
    }
    
    location = /robots.txt {
    	allow all;
    	log_not_found off;
    	access_log off;
    }
    
    
    

    public by Aysad Kozanoglu  1304  1  4  0

    fail2ban jail settings for nginx 400 444 403 404 filtering on http https

    fail2ban jail settings for nginx 400 444 403 404 filtering on http https: fail2ban_jail.conf
    #nano /etc/fail2ban/jail.conf
    #
    [nginx-4xx]
    enabled  = true
    port     = http,https
    filter   = nginx-4xx
    logpath  = /usr/local/nginx/logs/access.log
    maxretry = 4
    
    
    

    public by Aysad Kozanoglu  202226  25  3  0

    fail2ban nginx 404 400 403 444 filter /etc/fail2ban/filter.d/nginx-4xx.conf

    fail2ban nginx 404 400 403 444 filter /etc/fail2ban/filter.d/nginx-4xx.conf : nginxx.conf
    # nano /etc/fail2ban/filter.d/nginx-4xx.conf 
    #
    
    [Definition]
    failregex = ^<HOST>.*"(GET|POST).*" (404|444|403|400) .*$
    ignoreregex =
    
    
    
    

    public by Aysad Kozanoglu  87537  0  3  0

    NGINX strong Config - SIKI güvenlik ayarlari

    NGINX strong Config - SIKI güvenlik ayarlari : nginx.conf
    ### don't send the nginx version number in error pages and Server header
    server_tokens off;
    
    ### config to don't allow the browser to render the page inside an frame or iframe
    ###if you need to allow [i]frames, you can use SAMEORIGIN or even set an uri with ALLOW-FROM uri
    
    add_header X-Frame-Options SAMEORIGIN;
    
    ### when serving user-supplied content, include a X-Content-Type-Options: nosniff header along with the Content-Type: header,
    ### to disable content-type sniffing on some browsers.
    ### https://www.owasp.org/index.php/List_of_useful_HTTP_headers
    ### 'soon' on Firefox https://bugzilla.mozilla.org/show_bug.cgi?id=471020
    
    add_header X-Content-Type-Options nosniff;
    
    ### This header enables the Cross-site scripting (XSS) filter built into most recent web browsers.
    ###  It's usually enabled by default anyway, so the role of this header is to re-enable the filter for 
    ### this particular website if it was disabled by the user.
    ###  https://www.owasp.org/index.php/List_of_useful_HTTP_headers
    
    add_header X-XSS-Protection "1; mode=block";
    
    # with Content Security Policy (CSP) enabled(and a browser that supports it(http://caniuse.com/#feat=contentsecuritypolicy),
    # you can tell the browser that it can only download content from the domains you explicitly allow
    # http://www.html5rocks.com/en/tutorials/security/content-security-policy/
    # https://www.owasp.org/index.php/Content_Security_Policy
    # I need to change our application code so we can increase security by disabling 'unsafe-inline' 'unsafe-eval'
    # directives for css and js(if you have inline css or js, you will need to keep it too).
    # more: http://www.html5rocks.com/en/tutorials/security/content-security-policy/#inline-code-considered-harmful
    
    #add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' #https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net; img-src 'self' https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' https://themes.googleusercontent.com; frame-src https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com; object-src 'none'";
    
    server {
      listen 443 ssl default deferred;
      server_name .ornek.com;
    
      ssl_certificate /etc/nginx/ssl/star_ornek_com.crt;
      ssl_certificate_key /etc/nginx/ssl/star_ornek_com.key;
    
      # enable session resumption to improve https performance
      # http://vincent.bernat.im/en/blog/2011-ssl-session-reuse-rfc5077.html
      
      ssl_session_cache shared:SSL:50m;
      ssl_session_timeout 5m;
    
      # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
      
      ssl_dhparam /etc/nginx/ssl/dhparam.pem;
    
      # enables server-side protection from BEAST attacks
      # http://blog.ivanristic.com/2013/09/is-beast-still-a-threat.html
      
      ssl_prefer_server_ciphers on;
      
      # disable SSLv3(enabled by default since nginx 0.8.19) since it's less secure then TLS http://en.wikipedia.org/wiki/Secure_Sockets_Layer#SSL_3.0
      
      ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
     
      # ciphers chosen for forward secrecy and compatibility
      # http://blog.ivanristic.com/2013/08/configuring-apache-nginx-and-openssl-for-forward-secrecy.html
     
      ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
    
      # enable ocsp stapling (mechanism by which a site can convey certificate revocation information to visitors in a privacy-preserving, scalable manner)
      # http://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/
     
      resolver 8.8.8.8;
      ssl_stapling on;
      ssl_trusted_certificate /etc/nginx/ssl/star_ornek_com.crt;
    
      # config to enable HSTS(HTTP Strict Transport Security) https://developer.mozilla.org/en-US/docs/Security/HTTP_Strict_Transport_Security
      # to avoid ssl stripping https://en.wikipedia.org/wiki/SSL_stripping#SSL_stripping
      
      add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
    
      # ... the rest of your configuration
    }
    
    # redirect all http traffic to https
    server {
      listen 80;
      server_name .ornek.com;
      return 301 https://$host$request_uri;
    }
    
    

    public by jaychoo  508  2  3  0

    Setting up Nginx, uWSGI & Python3

    Setting up Nginx, uWSGI & Python3: nginx-uwsgi-python3
    ======================================
    Setting up Nginx, uWSGI and Python3
    ======================================
    
    First off, I'm traditionally a PHP developer, but am looking at moving across to Python. I really struggled to find decent documentation on how to get a server up and running for deploying Python web applications from the point of view of someone coming from PHP. The main problems I came across with documentation were:
    
    1) Only showed you how to run the server for a single web application.
    2) Only showed you how to configure the app, not the server it was running on.
    
    My preferred workflow for development is by setting up a new VM in VMware Fusion and then forwarding through all requests to that VM via /etc/hosts. This might not be the optimal way to get things up and running, but it works for me.
    
    SITE_URL refers to the primary domain for the site.
    SITE_DIR refers to the location on disk that the site is located.
    
    Typical folder structure of an app looks something like:
    
    root
        app # site code goes in here
        config
        data
            cache
            log
        libs
            vendors # frameworks and 3rd party libraries go in here
        public
            css
            img
            js
    
    ---------------------------------------
    Installing required tools
    ---------------------------------------
    We'll start by installing the required tools via apt-get.
    
    apt-get install uwsgi uwsgi-plugin-python3 nginx-full python-setuptools python-pip
    
    ---------------------------------------
    Creating the uWSGI upstart
    ---------------------------------------
    Next we need to create the upstart that will be used start the uWSGI service.
    
    vi /etc/init/uwsgi.conf
    
        # uWSGI - Manage uWSGI Application Server
        description "uWSGI Emperor Mode"
        start on (filesystem and net-device-up IFACE=lo)
        stop on runlevel [!2345]
        respawn
        exec /usr/bin/uwsgi --emperor /etc/uwsgi/vassals/sites-enabled/ --logto /var/log/uwsgi.log
    
    initctl reload-configuration
    update-alternatives --set uwsgi /usr/bin/uwsgi_python32
    
    ---------------------------------------
    Creating the site configuration file for nginx
    ---------------------------------------
    Create the configuration file for the site in the sites-available folder:
        vi /etc/nginx/sites-available/SITE_URL
    
    And then use the following to configure the site:
        upstream wsgicluster {
            server unix://tmp/SITE_URL.sock
        }
        server {
            listen 80;
            server_name SITE_URL;
            error_log SITE_DIR/data/log/error.log;
            access_log SITE_DIR/data/log/access.log;
            location / {
                    include uwsgi_params;
                    uwsgi_pass wsgicluster;
            }
            location -^/(img|js|css)/ {
                    root SITE_DIR/public;
                    expires 30d;
            }
            location = /favicon.ico {
                    log_not_found off;
            }
        }
    
    Then finally we link the sites-available configuration file to the sites-enabled:
    ln -s /etc/nginx/sites-available/SITE_URL /etc/nginx/sites-enabled/SITE_URL
    
    ---------------------------------------
    Creating the vassal for uWSGI emperor
    ---------------------------------------
    Create the folders for sites-available and sites-enabled:
        mkdir /etc/uwsgi/sites-available
        mkdir /etc/uwsgi/sites-enabled
    
    Create the configuration vassal file:
        vi /etc/uwsgi/sites-available/SITE_URL.yml
    
    And then use the following contents (you can tweak these settings):
        uwsgi:
            master: true
            processes: 1
            vaccum: true
            chmod-socket: 666
            uid: www-data
            gid: www-data
            plugins: python32
            socket: /tmp/SITE_URL.sock
            chdir: SITE_DIR
            pythonpath: SITE_DIR
            module: application
            touch-reload: SITE_DIR/application.py
    
    Finally restart the services:
        service uwsgi start
        service nginx start
    
    
    • Public Snippets
    • Channels Snippets