working on it ...


Explore Public Snippets

Sort by

Found 2,774 snippets

    public by AbhishekGhosh  316  0  3  0

    nginx php 7.1 default

    nginx php 7.1 default: default
    server {
        listen 80;
        listen [::]:80;
        server_name localhost;
        access_log /var/log/access.log;
        error_log /var/log/error.log;
        root /usr/share/nginx/html;
        index index.php;
        location / {
            try_files $uri $uri/ /index.php?$args;
        location ~ \.php$ {
            try_files $uri =404;
            fastcgi_split_path_info ^(.+\.php)(/.+)$;
            fastcgi_pass unix:/run/php/php7.1-fpm.sock;
            fastcgi_index index.php;
            include fastcgi_params;

    public by taganay  1785  8  3  0



    public by AbhishekGhosh  259  0  3  0

    nginx extras modules

    nginx extras modules: extras.conf
    --with-cc-opt='-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2' 
    --with-ld-opt='-Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now' 
    --with-debug --with-pcre-jit 

    public by AbhishekGhosh  239  0  3  0

    nginx centminmod modules

    nginx centminmod modules: centminmod.conf
    --with-ld-opt='-lrt -ljemalloc -Wl,-z,relro' 
    --with-cc-opt='-m64 -mtune=native -g -O2 -fstack-protector 
    --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wno-sign-compare -Wno-string-plus-int -Wno-deprecated-declarations -Wno-unused-parameter -Wno-unused-const-variable -Wno-conditional-uninitialized -Wno-mismatched-tags -Wno-c++11-extensions -Wno-sometimes-uninitialized -Wno-parentheses-equality -Wno-tautological-compare -Wno-self-assign -Wno-deprecated-register -Wno-deprecated -Wno-invalid-source-encoding -Wno-pointer-sign -Wno-parentheses -Wno-enum-conversion' 

    public by AysadKozanoglu  128900  1  2  0

    request flood protection rate limiting nginx

    request flood protection rate limiting nginx: nginx-rate_limit_flood_protect.conf
    # To enable rate limiting simply add the following line to the top-level of your config file:
    # 1 request / second
    limit_req_zone $binary_remote_addr zone=login:10m rate=1r/s;
    # Then apply it to a location by adding a rate  limiting burst to your server block:
    location /account/login/ {
        # apply rate limiting
        limit_req zone=login burst=5;
        # boilerplate copied from location /
        proxy_pass http://myapp;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;

    public by AysadKozanoglu  1179  8  4  0

    nginx configuration file, (do not log robots.txt and favicon.ico requests)

    nginx configuration file, (do not log robots.txt and favicon.ico requests): do_not_log.conf
    # Designed to be included in any server {} block.
    location = /favicon.ico {
    	log_not_found off;
    	access_log off;
    location = /robots.txt {
    	allow all;
    	log_not_found off;
    	access_log off;

    public by Aysad Kozanoglu  1304  1  4  0

    fail2ban jail settings for nginx 400 444 403 404 filtering on http https

    fail2ban jail settings for nginx 400 444 403 404 filtering on http https: fail2ban_jail.conf
    #nano /etc/fail2ban/jail.conf
    enabled  = true
    port     = http,https
    filter   = nginx-4xx
    logpath  = /usr/local/nginx/logs/access.log
    maxretry = 4

    public by Aysad Kozanoglu  202226  25  3  0

    fail2ban nginx 404 400 403 444 filter /etc/fail2ban/filter.d/nginx-4xx.conf

    fail2ban nginx 404 400 403 444 filter /etc/fail2ban/filter.d/nginx-4xx.conf : nginxx.conf
    # nano /etc/fail2ban/filter.d/nginx-4xx.conf 
    failregex = ^<HOST>.*"(GET|POST).*" (404|444|403|400) .*$
    ignoreregex =

    public by Aysad Kozanoglu  87537  0  3  0

    NGINX strong Config - SIKI güvenlik ayarlari

    NGINX strong Config - SIKI güvenlik ayarlari : nginx.conf
    ### don't send the nginx version number in error pages and Server header
    server_tokens off;
    ### config to don't allow the browser to render the page inside an frame or iframe
    ###if you need to allow [i]frames, you can use SAMEORIGIN or even set an uri with ALLOW-FROM uri
    add_header X-Frame-Options SAMEORIGIN;
    ### when serving user-supplied content, include a X-Content-Type-Options: nosniff header along with the Content-Type: header,
    ### to disable content-type sniffing on some browsers.
    ### 'soon' on Firefox
    add_header X-Content-Type-Options nosniff;
    ### This header enables the Cross-site scripting (XSS) filter built into most recent web browsers.
    ###  It's usually enabled by default anyway, so the role of this header is to re-enable the filter for 
    ### this particular website if it was disabled by the user.
    add_header X-XSS-Protection "1; mode=block";
    # with Content Security Policy (CSP) enabled(and a browser that supports it(,
    # you can tell the browser that it can only download content from the domains you explicitly allow
    # I need to change our application code so we can increase security by disabling 'unsafe-inline' 'unsafe-eval'
    # directives for css and js(if you have inline css or js, you will need to keep it too).
    # more:
    #add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' #; img-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; frame-src; object-src 'none'";
    server {
      listen 443 ssl default deferred;
      ssl_certificate /etc/nginx/ssl/star_ornek_com.crt;
      ssl_certificate_key /etc/nginx/ssl/star_ornek_com.key;
      # enable session resumption to improve https performance
      ssl_session_cache shared:SSL:50m;
      ssl_session_timeout 5m;
      # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
      ssl_dhparam /etc/nginx/ssl/dhparam.pem;
      # enables server-side protection from BEAST attacks
      ssl_prefer_server_ciphers on;
      # disable SSLv3(enabled by default since nginx 0.8.19) since it's less secure then TLS
      ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
      # ciphers chosen for forward secrecy and compatibility
      # enable ocsp stapling (mechanism by which a site can convey certificate revocation information to visitors in a privacy-preserving, scalable manner)
      ssl_stapling on;
      ssl_trusted_certificate /etc/nginx/ssl/star_ornek_com.crt;
      # config to enable HSTS(HTTP Strict Transport Security)
      # to avoid ssl stripping
      add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
      # ... the rest of your configuration
    # redirect all http traffic to https
    server {
      listen 80;
      return 301 https://$host$request_uri;

    public by jaychoo  508  2  3  0

    Setting up Nginx, uWSGI & Python3

    Setting up Nginx, uWSGI & Python3: nginx-uwsgi-python3
    Setting up Nginx, uWSGI and Python3
    First off, I'm traditionally a PHP developer, but am looking at moving across to Python. I really struggled to find decent documentation on how to get a server up and running for deploying Python web applications from the point of view of someone coming from PHP. The main problems I came across with documentation were:
    1) Only showed you how to run the server for a single web application.
    2) Only showed you how to configure the app, not the server it was running on.
    My preferred workflow for development is by setting up a new VM in VMware Fusion and then forwarding through all requests to that VM via /etc/hosts. This might not be the optimal way to get things up and running, but it works for me.
    SITE_URL refers to the primary domain for the site.
    SITE_DIR refers to the location on disk that the site is located.
    Typical folder structure of an app looks something like:
        app # site code goes in here
            vendors # frameworks and 3rd party libraries go in here
    Installing required tools
    We'll start by installing the required tools via apt-get.
    apt-get install uwsgi uwsgi-plugin-python3 nginx-full python-setuptools python-pip
    Creating the uWSGI upstart
    Next we need to create the upstart that will be used start the uWSGI service.
    vi /etc/init/uwsgi.conf
        # uWSGI - Manage uWSGI Application Server
        description "uWSGI Emperor Mode"
        start on (filesystem and net-device-up IFACE=lo)
        stop on runlevel [!2345]
        exec /usr/bin/uwsgi --emperor /etc/uwsgi/vassals/sites-enabled/ --logto /var/log/uwsgi.log
    initctl reload-configuration
    update-alternatives --set uwsgi /usr/bin/uwsgi_python32
    Creating the site configuration file for nginx
    Create the configuration file for the site in the sites-available folder:
        vi /etc/nginx/sites-available/SITE_URL
    And then use the following to configure the site:
        upstream wsgicluster {
            server unix://tmp/SITE_URL.sock
        server {
            listen 80;
            server_name SITE_URL;
            error_log SITE_DIR/data/log/error.log;
            access_log SITE_DIR/data/log/access.log;
            location / {
                    include uwsgi_params;
                    uwsgi_pass wsgicluster;
            location -^/(img|js|css)/ {
                    root SITE_DIR/public;
                    expires 30d;
            location = /favicon.ico {
                    log_not_found off;
    Then finally we link the sites-available configuration file to the sites-enabled:
    ln -s /etc/nginx/sites-available/SITE_URL /etc/nginx/sites-enabled/SITE_URL
    Creating the vassal for uWSGI emperor
    Create the folders for sites-available and sites-enabled:
        mkdir /etc/uwsgi/sites-available
        mkdir /etc/uwsgi/sites-enabled
    Create the configuration vassal file:
        vi /etc/uwsgi/sites-available/SITE_URL.yml
    And then use the following contents (you can tweak these settings):
            master: true
            processes: 1
            vaccum: true
            chmod-socket: 666
            uid: www-data
            gid: www-data
            plugins: python32
            socket: /tmp/SITE_URL.sock
            chdir: SITE_DIR
            pythonpath: SITE_DIR
            module: application
            touch-reload: SITE_DIR/
    Finally restart the services:
        service uwsgi start
        service nginx start
    • Public Snippets
    • Channels Snippets