diff options
Diffstat (limited to 'doc/md/Server-configuration.md')
| -rw-r--r-- | doc/md/Server-configuration.md | 41 |
1 files changed, 17 insertions, 24 deletions
diff --git a/doc/md/Server-configuration.md b/doc/md/Server-configuration.md index 8cb39934..a49b6033 100644 --- a/doc/md/Server-configuration.md +++ b/doc/md/Server-configuration.md | |||
| @@ -193,19 +193,24 @@ sudo nano /etc/apache2/sites-available/shaarli.mydomain.org.conf | |||
| 193 | Require all granted | 193 | Require all granted |
| 194 | </Directory> | 194 | </Directory> |
| 195 | 195 | ||
| 196 | <LocationMatch "/\."> | 196 | # BE CAREFUL: directives order matter! |
| 197 | # Prevent accessing dotfiles | ||
| 198 | RedirectMatch 404 ".*" | ||
| 199 | </LocationMatch> | ||
| 200 | 197 | ||
| 201 | <LocationMatch "\.(?:ico|css|js|gif|jpe?g|png)$"> | 198 | <FilesMatch ".*\.(?!(ico|css|js|gif|jpe?g|png|ttf|oet|woff2?)$)[^\.]*$"> |
| 199 | Require all denied | ||
| 200 | </FilesMatch> | ||
| 201 | |||
| 202 | <Files "index.php"> | ||
| 203 | Require all granted | ||
| 204 | </Files> | ||
| 205 | |||
| 206 | <FilesMatch "\.(?:ico|css|js|gif|jpe?g|png|ttf|oet|woff2)$"> | ||
| 202 | # allow client-side caching of static files | 207 | # allow client-side caching of static files |
| 203 | Header set Cache-Control "max-age=2628000, public, must-revalidate, proxy-revalidate" | 208 | Header set Cache-Control "max-age=2628000, public, must-revalidate, proxy-revalidate" |
| 204 | </LocationMatch> | 209 | </FilesMatch> |
| 210 | |||
| 205 | 211 | ||
| 206 | # serve the Shaarli favicon from its custom location | 212 | # serve the Shaarli favicon from its custom location |
| 207 | Alias favicon.ico /var/www/shaarli.mydomain.org/images/favicon.ico | 213 | Alias favicon.ico /var/www/shaarli.mydomain.org/images/favicon.ico |
| 208 | |||
| 209 | </VirtualHost> | 214 | </VirtualHost> |
| 210 | ``` | 215 | ``` |
| 211 | 216 | ||
| @@ -296,7 +301,7 @@ server { | |||
| 296 | location / { | 301 | location / { |
| 297 | # default index file when no file URI is requested | 302 | # default index file when no file URI is requested |
| 298 | index index.php; | 303 | index index.php; |
| 299 | try_files $uri /index.php$is_args$args; | 304 | try_files _ /index.php$is_args$args; |
| 300 | } | 305 | } |
| 301 | 306 | ||
| 302 | location ~ (index)\.php$ { | 307 | location ~ (index)\.php$ { |
| @@ -309,20 +314,9 @@ server { | |||
| 309 | include fastcgi.conf; | 314 | include fastcgi.conf; |
| 310 | } | 315 | } |
| 311 | 316 | ||
| 312 | location ~ \.php$ { | 317 | location ~ /doc/html/ { |
| 313 | # deny access to all other PHP scripts | 318 | default_type "text/html"; |
| 314 | # disable this if you host other PHP applications on the same virtualhost | 319 | try_files $uri $uri/ $uri.html =404; |
| 315 | deny all; | ||
| 316 | } | ||
| 317 | |||
| 318 | location ~ /\. { | ||
| 319 | # deny access to dotfiles | ||
| 320 | deny all; | ||
| 321 | } | ||
| 322 | |||
| 323 | location ~ ~$ { | ||
| 324 | # deny access to temp editor files, e.g. "script.php~" | ||
| 325 | deny all; | ||
| 326 | } | 320 | } |
| 327 | 321 | ||
| 328 | location = /favicon.ico { | 322 | location = /favicon.ico { |
| @@ -331,13 +325,12 @@ server { | |||
| 331 | } | 325 | } |
| 332 | 326 | ||
| 333 | # allow client-side caching of static files | 327 | # allow client-side caching of static files |
| 334 | location ~* \.(?:ico|css|js|gif|jpe?g|png)$ { | 328 | location ~* \.(?:ico|css|js|gif|jpe?g|png|ttf|oet|woff2?)$ { |
| 335 | expires max; | 329 | expires max; |
| 336 | add_header Cache-Control "public, must-revalidate, proxy-revalidate"; | 330 | add_header Cache-Control "public, must-revalidate, proxy-revalidate"; |
| 337 | # HTTP 1.0 compatibility | 331 | # HTTP 1.0 compatibility |
| 338 | add_header Pragma public; | 332 | add_header Pragma public; |
| 339 | } | 333 | } |
| 340 | |||
| 341 | } | 334 | } |
| 342 | ``` | 335 | ``` |
| 343 | 336 | ||