aboutsummaryrefslogtreecommitdiffhomepage
path: root/doc
diff options
context:
space:
mode:
authorArthurHoaro <arthur@hoa.ro>2020-11-07 14:27:49 +0100
committerArthurHoaro <arthur@hoa.ro>2020-11-07 14:27:49 +0100
commitce901a58289c72bf7f4dc3515a2be70562cd618b (patch)
tree73ad1883bcdbb1ac5c15e4aa9472b53ebde763d4 /doc
parent8c5f6c786d00310b2e863aa316927effb7bfeedb (diff)
downloadShaarli-ce901a58289c72bf7f4dc3515a2be70562cd618b.tar.gz
Shaarli-ce901a58289c72bf7f4dc3515a2be70562cd618b.tar.zst
Shaarli-ce901a58289c72bf7f4dc3515a2be70562cd618b.zip
Reviewed nginx configuration
Both in documentation and Docker image. For security purpose, it no longer allow to access static files through the main nginx *location*. Static files are served if their extension matches the whitelist. As a side effect, we no longer need specific restrictions, and therefore it fixes the nginx part of #1608.
Diffstat (limited to 'doc')
-rw-r--r--doc/md/Server-configuration.md23
1 files changed, 3 insertions, 20 deletions
diff --git a/doc/md/Server-configuration.md b/doc/md/Server-configuration.md
index 4e74d80b..5b8aff53 100644
--- a/doc/md/Server-configuration.md
+++ b/doc/md/Server-configuration.md
@@ -296,7 +296,7 @@ server {
296 location / { 296 location / {
297 # default index file when no file URI is requested 297 # default index file when no file URI is requested
298 index index.php; 298 index index.php;
299 try_files $uri /index.php$is_args$args; 299 try_files _ /index.php$is_args$args;
300 } 300 }
301 301
302 location ~ (index)\.php$ { 302 location ~ (index)\.php$ {
@@ -309,23 +309,7 @@ server {
309 include fastcgi.conf; 309 include fastcgi.conf;
310 } 310 }
311 311
312 location ~ \.php$ { 312 location ~ /doc/html/ {
313 # deny access to all other PHP scripts
314 # disable this if you host other PHP applications on the same virtualhost
315 deny all;
316 }
317
318 location ~ /\. {
319 # deny access to dotfiles
320 deny all;
321 }
322
323 location ~ ~$ {
324 # deny access to temp editor files, e.g. "script.php~"
325 deny all;
326 }
327
328 location ~ /doc/ {
329 default_type "text/html"; 313 default_type "text/html";
330 try_files $uri $uri/ $uri.html =404; 314 try_files $uri $uri/ $uri.html =404;
331 } 315 }
@@ -336,13 +320,12 @@ server {
336 } 320 }
337 321
338 # allow client-side caching of static files 322 # allow client-side caching of static files
339 location ~* \.(?:ico|css|js|gif|jpe?g|png)$ { 323 location ~* \.(?:ico|css|js|gif|jpe?g|png|ttf|oet|woff2?)$ {
340 expires max; 324 expires max;
341 add_header Cache-Control "public, must-revalidate, proxy-revalidate"; 325 add_header Cache-Control "public, must-revalidate, proxy-revalidate";
342 # HTTP 1.0 compatibility 326 # HTTP 1.0 compatibility
343 add_header Pragma public; 327 add_header Pragma public;
344 } 328 }
345
346} 329}
347``` 330```
348 331