Function for applying nginx limits

This commit is contained in:
Bob Mottram 2016-02-21 11:42:23 +00:00
parent e686bef00a
commit 4ef3c39280
1 changed files with 42 additions and 93 deletions

View File

@ -1437,6 +1437,29 @@ function set_default_onion_domains {
fi fi
} }
function nginx_disable_sniffing {
domain_name=$1
filename=/etc/nginx/sites-available/$domain_name
echo ' add_header X-Frame-Options DENY;' >> $filename
echo ' add_header X-Content-Type-Options nosniff;' >> $filename
echo '' >> $filename
}
function nginx_limits {
domain_name=$1
max_body='20m'
if [ $2 ]; then
max_body=$2
fi
filename=/etc/nginx/sites-available/$domain_name
echo " client_max_body_size ${max_body};" >> $filename
echo ' client_body_buffer_size 128k;' >> $filename
echo '' >> $filename
echo ' limit_conn conn_limit_per_ip 10;' >> $filename
echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> $filename
echo '' >> $filename
}
function nginx_http_redirect { function nginx_http_redirect {
# redirect port 80 to https # redirect port 80 to https
domain_name=$1 domain_name=$1
@ -1448,9 +1471,7 @@ function nginx_http_redirect {
echo " root /var/www/${domain_name}/htdocs;" >> $filename echo " root /var/www/${domain_name}/htdocs;" >> $filename
echo ' access_log off;' >> $filename echo ' access_log off;' >> $filename
echo " error_log /var/log/nginx/${domain_name}_error.log $WEBSERVER_LOG_LEVEL;" >> $filename echo " error_log /var/log/nginx/${domain_name}_error.log $WEBSERVER_LOG_LEVEL;" >> $filename
echo ' limit_conn conn_limit_per_ip 10;' >> $filename nginx_limits $domain_name
echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> $filename
echo '' >> $filename
echo ' rewrite ^ https://$server_name$request_uri? permanent;' >> $filename echo ' rewrite ^ https://$server_name$request_uri? permanent;' >> $filename
echo '}' >> $filename echo '}' >> $filename
echo '' >> $filename echo '' >> $filename
@ -1471,14 +1492,6 @@ function nginx_ssl {
echo " ssl_ciphers '$SSL_CIPHERS';" >> $filename echo " ssl_ciphers '$SSL_CIPHERS';" >> $filename
} }
function nginx_disable_sniffing {
domain_name=$1
filename=/etc/nginx/sites-available/$domain_name
echo ' add_header X-Frame-Options DENY;' >> $filename
echo ' add_header X-Content-Type-Options nosniff;' >> $filename
echo '' >> $filename
}
function set_repo_commit { function set_repo_commit {
repo_dir=$1 repo_dir=$1
repo_commit_name=$2 repo_commit_name=$2
@ -6506,8 +6519,7 @@ function install_owncloud {
echo ' access_log off;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo ' access_log off;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo " error_log /var/log/nginx/${OWNCLOUD_DOMAIN_NAME}_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo " error_log /var/log/nginx/${OWNCLOUD_DOMAIN_NAME}_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME nginx_limits $OWNCLOUD_DOMAIN_NAME '10G'
echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
nginx_ssl $OWNCLOUD_DOMAIN_NAME nginx_ssl $OWNCLOUD_DOMAIN_NAME
nginx_disable_sniffing $OWNCLOUD_DOMAIN_NAME nginx_disable_sniffing $OWNCLOUD_DOMAIN_NAME
@ -6521,8 +6533,6 @@ function install_owncloud {
echo ' allow all;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo ' allow all;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' client_max_body_size 10G; # set max upload size' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' client_body_buffer_size 128k;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' fastcgi_buffers 64 4K;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo ' fastcgi_buffers 64 4K;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo ' rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
@ -6582,9 +6592,7 @@ function install_owncloud {
echo ' access_log off;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo ' access_log off;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo " error_log /var/log/nginx/${OWNCLOUD_DOMAIN_NAME}_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo " error_log /var/log/nginx/${OWNCLOUD_DOMAIN_NAME}_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME nginx_limits $OWNCLOUD_DOMAIN_NAME '10G'
echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
nginx_disable_sniffing $OWNCLOUD_DOMAIN_NAME nginx_disable_sniffing $OWNCLOUD_DOMAIN_NAME
echo ' add_header Strict-Transport-Security max-age=15768000;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo ' add_header Strict-Transport-Security max-age=15768000;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' # if you want to be able to access the site via HTTP' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo ' # if you want to be able to access the site via HTTP' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
@ -6596,8 +6604,6 @@ function install_owncloud {
echo ' allow all;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo ' allow all;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' client_max_body_size 10G; # set max upload size' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' client_body_buffer_size 128k;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' fastcgi_buffers 64 4K;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo ' fastcgi_buffers 64 4K;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo ' rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
@ -6906,8 +6912,7 @@ function install_gogs {
echo ' access_log off;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME echo ' access_log off;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo " error_log /var/log/nginx/${GIT_DOMAIN_NAME}_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME echo " error_log /var/log/nginx/${GIT_DOMAIN_NAME}_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
nginx_disable_sniffing $GIT_DOMAIN_NAME nginx_disable_sniffing $GIT_DOMAIN_NAME
echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME nginx_limits $GIT_DOMAIN_NAME
echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' location / {' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME echo ' location / {' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' proxy_pass http://localhost:3000;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME echo ' proxy_pass http://localhost:3000;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
@ -6926,9 +6931,7 @@ function install_gogs {
echo ' access_log off;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME echo ' access_log off;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo " error_log /var/log/nginx/${GIT_DOMAIN_NAME}_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME echo " error_log /var/log/nginx/${GIT_DOMAIN_NAME}_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME nginx_limits $GIT_DOMAIN_NAME '10G'
echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
nginx_ssl $GIT_DOMAIN_NAME nginx_ssl $GIT_DOMAIN_NAME
nginx_disable_sniffing $GIT_DOMAIN_NAME nginx_disable_sniffing $GIT_DOMAIN_NAME
echo ' add_header Strict-Transport-Security max-age=0;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME echo ' add_header Strict-Transport-Security max-age=0;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
@ -6937,8 +6940,6 @@ function install_gogs {
echo ' proxy_pass http://localhost:3000;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME echo ' proxy_pass http://localhost:3000;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' client_max_body_size 10G; # set max upload size' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' client_body_buffer_size 128k;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' fastcgi_buffers 64 4K;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME echo ' fastcgi_buffers 64 4K;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' error_page 403 /core/templates/403.php;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME echo ' error_page 403 /core/templates/403.php;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
@ -6961,9 +6962,7 @@ function install_gogs {
echo ' access_log off;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME echo ' access_log off;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo " error_log /var/log/nginx/${GIT_DOMAIN_NAME}_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME echo " error_log /var/log/nginx/${GIT_DOMAIN_NAME}_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME nginx_limits $GIT_DOMAIN_NAME '10G'
echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
nginx_disable_sniffing $GIT_DOMAIN_NAME nginx_disable_sniffing $GIT_DOMAIN_NAME
echo ' add_header Strict-Transport-Security max-age=0;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME echo ' add_header Strict-Transport-Security max-age=0;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
@ -6971,8 +6970,6 @@ function install_gogs {
echo ' proxy_pass http://localhost:3000;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME echo ' proxy_pass http://localhost:3000;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' client_max_body_size 10G; # set max upload size' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' client_body_buffer_size 128k;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' fastcgi_buffers 64 4K;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME echo ' fastcgi_buffers 64 4K;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' error_page 403 /core/templates/403.php;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME echo ' error_page 403 /core/templates/403.php;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
@ -7661,14 +7658,9 @@ function install_wiki {
echo " error_log /var/log/nginx/${WIKI_DOMAIN_NAME}_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo " error_log /var/log/nginx/${WIKI_DOMAIN_NAME}_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' charset utf-8;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' charset utf-8;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' client_max_body_size 20m;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' client_body_buffer_size 128k;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
nginx_disable_sniffing $WIKI_DOMAIN_NAME nginx_disable_sniffing $WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME nginx_limits $WIKI_DOMAIN_NAME
echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location / {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' location / {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
@ -7740,12 +7732,7 @@ function install_wiki {
echo " error_log /var/log/nginx/${WIKI_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo " error_log /var/log/nginx/${WIKI_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' charset utf-8;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' charset utf-8;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' client_max_body_size 20m;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME nginx_limits $WIKI_DOMAIN_NAME
echo ' client_body_buffer_size 128k;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
nginx_ssl $WIKI_DOMAIN_NAME nginx_ssl $WIKI_DOMAIN_NAME
nginx_disable_sniffing $WIKI_DOMAIN_NAME nginx_disable_sniffing $WIKI_DOMAIN_NAME
echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
@ -7824,12 +7811,7 @@ function install_wiki {
echo " error_log /var/log/nginx/${WIKI_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo " error_log /var/log/nginx/${WIKI_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' charset utf-8;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' charset utf-8;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' client_max_body_size 20m;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME nginx_limits $WIKI_DOMAIN_NAME
echo ' client_body_buffer_size 128k;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
nginx_disable_sniffing $WIKI_DOMAIN_NAME nginx_disable_sniffing $WIKI_DOMAIN_NAME
echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
@ -7994,14 +7976,8 @@ function install_blog {
echo " error_log /var/log/nginx/${FULLBLOG_DOMAIN_NAME}_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo " error_log /var/log/nginx/${FULLBLOG_DOMAIN_NAME}_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' charset utf-8;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' charset utf-8;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' client_max_body_size 20m;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME nginx_limits $FULLBLOG_DOMAIN_NAME
echo ' client_body_buffer_size 128k;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
nginx_disable_sniffing $FULLBLOG_DOMAIN_NAME nginx_disable_sniffing $FULLBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # Always redirect the login page to https' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' # Always redirect the login page to https' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' location /login {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' location /login {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' rewrite ^ https://$server_name$request_uri?;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' rewrite ^ https://$server_name$request_uri?;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
@ -8078,12 +8054,7 @@ function install_blog {
echo " error_log /var/log/nginx/${FULLBLOG_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo " error_log /var/log/nginx/${FULLBLOG_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' charset utf-8;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' charset utf-8;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' client_max_body_size 20m;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME nginx_limits $FULLBLOG_DOMAIN_NAME
echo ' client_body_buffer_size 128k;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
nginx_ssl $FULLBLOG_DOMAIN_NAME nginx_ssl $FULLBLOG_DOMAIN_NAME
nginx_disable_sniffing $FULLBLOG_DOMAIN_NAME nginx_disable_sniffing $FULLBLOG_DOMAIN_NAME
echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
@ -8162,12 +8133,7 @@ function install_blog {
echo " error_log /var/log/nginx/${FULLBLOG_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo " error_log /var/log/nginx/${FULLBLOG_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' charset utf-8;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' charset utf-8;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' client_max_body_size 20m;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME nginx_limits $FULLBLOG_DOMAIN_NAME
echo ' client_body_buffer_size 128k;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
nginx_disable_sniffing $FULLBLOG_DOMAIN_NAME nginx_disable_sniffing $FULLBLOG_DOMAIN_NAME
echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
@ -8392,8 +8358,7 @@ function install_rss_reader {
echo ' }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
nginx_disable_sniffing $RSS_READER_DOMAIN_NAME nginx_disable_sniffing $RSS_READER_DOMAIN_NAME
echo ' client_max_body_size 15m;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME nginx_limits $RSS_READER_DOMAIN_NAME '15m'
echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
echo ' set $mobile_rewrite do_not_perform;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo ' set $mobile_rewrite do_not_perform;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
echo ' ## chi http_user_agent for mobile / smart phones ##' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo ' ## chi http_user_agent for mobile / smart phones ##' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
@ -8657,6 +8622,7 @@ function install_gnu_social {
echo ' # Security' >> $microblog_nginx_site echo ' # Security' >> $microblog_nginx_site
nginx_ssl $MICROBLOG_DOMAIN_NAME nginx_ssl $MICROBLOG_DOMAIN_NAME
nginx_disable_sniffing $MICROBLOG_DOMAIN_NAME nginx_disable_sniffing $MICROBLOG_DOMAIN_NAME
nginx_limits $MICROBLOG_DOMAIN_NAME '15m'
echo ' add_header Strict-Transport-Security max-age=15768000;' >> $microblog_nginx_site echo ' add_header Strict-Transport-Security max-age=15768000;' >> $microblog_nginx_site
echo '' >> $microblog_nginx_site echo '' >> $microblog_nginx_site
echo ' # Logs' >> $microblog_nginx_site echo ' # Logs' >> $microblog_nginx_site
@ -8689,8 +8655,6 @@ function install_gnu_social {
echo ' location ~ /\.(ht|git) {' >> $microblog_nginx_site echo ' location ~ /\.(ht|git) {' >> $microblog_nginx_site
echo ' deny all;' >> $microblog_nginx_site echo ' deny all;' >> $microblog_nginx_site
echo ' }' >> $microblog_nginx_site echo ' }' >> $microblog_nginx_site
echo '' >> $microblog_nginx_site
echo ' client_max_body_size 15m;' >> $microblog_nginx_site
echo '}' >> $microblog_nginx_site echo '}' >> $microblog_nginx_site
else else
echo -n '' > $microblog_nginx_site echo -n '' > $microblog_nginx_site
@ -8731,7 +8695,7 @@ function install_gnu_social {
echo ' }' >> $microblog_nginx_site echo ' }' >> $microblog_nginx_site
echo '' >> $microblog_nginx_site echo '' >> $microblog_nginx_site
nginx_disable_sniffing $MICROBLOG_DOMAIN_NAME nginx_disable_sniffing $MICROBLOG_DOMAIN_NAME
echo ' client_max_body_size 15m;' >> $microblog_nginx_site nginx_limits $MICROBLOG_DOMAIN_NAME '15m'
echo '}' >> $microblog_nginx_site echo '}' >> $microblog_nginx_site
configure_php configure_php
@ -9110,13 +9074,8 @@ function install_hubzilla {
echo " error_log /var/log/nginx/${HUBZILLA_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo " error_log /var/log/nginx/${HUBZILLA_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' index index.php;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' index index.php;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' charset utf-8;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' charset utf-8;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' client_max_body_size 20m;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' client_body_buffer_size 128k;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' access_log off;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' access_log off;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME nginx_limits $HUBZILLA_DOMAIN_NAME
echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
nginx_ssl $HUBZILLA_DOMAIN_NAME nginx_ssl $HUBZILLA_DOMAIN_NAME
nginx_disable_sniffing $HUBZILLA_DOMAIN_NAME nginx_disable_sniffing $HUBZILLA_DOMAIN_NAME
echo ' add_header Strict-Transport-Security max-age=15768000;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' add_header Strict-Transport-Security max-age=15768000;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
@ -9187,13 +9146,8 @@ function install_hubzilla {
echo " error_log /var/log/nginx/${HUBZILLA_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo " error_log /var/log/nginx/${HUBZILLA_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' index index.php;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' index index.php;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' charset utf-8;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' charset utf-8;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' client_max_body_size 20m;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' client_body_buffer_size 128k;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' access_log off;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' access_log off;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME nginx_limits $HUBZILLA_DOMAIN_NAME
echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
nginx_disable_sniffing $HUBZILLA_DOMAIN_NAME nginx_disable_sniffing $HUBZILLA_DOMAIN_NAME
echo ' add_header Strict-Transport-Security max-age=15768000;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' add_header Strict-Transport-Security max-age=15768000;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
@ -9477,8 +9431,7 @@ function install_mediagoblin {
echo " server_name $MEDIAGOBLIN_DOMAIN_NAME;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo " server_name $MEDIAGOBLIN_DOMAIN_NAME;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' access_log off;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' access_log off;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo " error_log /var/log/nginx/${MEDIAGOBLIN_DOMAIN_NAME}_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo " error_log /var/log/nginx/${MEDIAGOBLIN_DOMAIN_NAME}_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME nginx_limits $MEDIAGOBLIN_DOMAIN_NAME
echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' location / {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' location / {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' proxy_pass http://localhost:6543;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' proxy_pass http://localhost:6543;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
@ -9500,9 +9453,7 @@ function install_mediagoblin {
echo ' access_log off;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' access_log off;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo " error_log /var/log/nginx/${MEDIAGOBLIN_DOMAIN_NAME}_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo " error_log /var/log/nginx/${MEDIAGOBLIN_DOMAIN_NAME}_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME nginx_limits $MEDIAGOBLIN_DOMAIN_NAME '10G'
echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
nginx_ssl $MEDIAGOBLIN_DOMAIN_NAME nginx_ssl $MEDIAGOBLIN_DOMAIN_NAME
nginx_disable_sniffing $MEDIAGOBLIN_DOMAIN_NAME nginx_disable_sniffing $MEDIAGOBLIN_DOMAIN_NAME
echo ' add_header Strict-Transport-Security max-age=0;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' add_header Strict-Transport-Security max-age=0;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
@ -9511,8 +9462,6 @@ function install_mediagoblin {
echo ' proxy_pass http://localhost:6543;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' proxy_pass http://localhost:6543;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' client_max_body_size 10G; # set max upload size' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' client_body_buffer_size 128k;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' fastcgi_buffers 64 4K;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' fastcgi_buffers 64 4K;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' error_page 403 /core/templates/403.php;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' error_page 403 /core/templates/403.php;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME