diff options
Diffstat (limited to 'doc/md/Server-configuration.md')
-rw-r--r-- | doc/md/Server-configuration.md | 42 |
1 files changed, 15 insertions, 27 deletions
diff --git a/doc/md/Server-configuration.md b/doc/md/Server-configuration.md index 4e74d80b..a49b6033 100644 --- a/doc/md/Server-configuration.md +++ b/doc/md/Server-configuration.md | |||
@@ -193,19 +193,24 @@ sudo nano /etc/apache2/sites-available/shaarli.mydomain.org.conf | |||
193 | Require all granted | 193 | Require all granted |
194 | </Directory> | 194 | </Directory> |
195 | 195 | ||
196 | <LocationMatch "/\."> | 196 | # BE CAREFUL: directives order matter! |
197 | # Prevent accessing dotfiles | ||
198 | RedirectMatch 404 ".*" | ||
199 | </LocationMatch> | ||
200 | 197 | ||
201 | <LocationMatch "\.(?:ico|css|js|gif|jpe?g|png)$"> | 198 | <FilesMatch ".*\.(?!(ico|css|js|gif|jpe?g|png|ttf|oet|woff2?)$)[^\.]*$"> |
199 | Require all denied | ||
200 | </FilesMatch> | ||
201 | |||
202 | <Files "index.php"> | ||
203 | Require all granted | ||
204 | </Files> | ||
205 | |||
206 | <FilesMatch "\.(?:ico|css|js|gif|jpe?g|png|ttf|oet|woff2)$"> | ||
202 | # allow client-side caching of static files | 207 | # allow client-side caching of static files |
203 | Header set Cache-Control "max-age=2628000, public, must-revalidate, proxy-revalidate" | 208 | Header set Cache-Control "max-age=2628000, public, must-revalidate, proxy-revalidate" |
204 | </LocationMatch> | 209 | </FilesMatch> |
210 | |||
205 | 211 | ||
206 | # serve the Shaarli favicon from its custom location | 212 | # serve the Shaarli favicon from its custom location |
207 | Alias favicon.ico /var/www/shaarli.mydomain.org/images/favicon.ico | 213 | Alias favicon.ico /var/www/shaarli.mydomain.org/images/favicon.ico |
208 | |||
209 | </VirtualHost> | 214 | </VirtualHost> |
210 | ``` | 215 | ``` |
211 | 216 | ||
@@ -296,7 +301,7 @@ server { | |||
296 | location / { | 301 | location / { |
297 | # default index file when no file URI is requested | 302 | # default index file when no file URI is requested |
298 | index index.php; | 303 | index index.php; |
299 | try_files $uri /index.php$is_args$args; | 304 | try_files _ /index.php$is_args$args; |
300 | } | 305 | } |
301 | 306 | ||
302 | location ~ (index)\.php$ { | 307 | location ~ (index)\.php$ { |
@@ -309,23 +314,7 @@ server { | |||
309 | include fastcgi.conf; | 314 | include fastcgi.conf; |
310 | } | 315 | } |
311 | 316 | ||
312 | location ~ \.php$ { | 317 | location ~ /doc/html/ { |
313 | # deny access to all other PHP scripts | ||
314 | # disable this if you host other PHP applications on the same virtualhost | ||
315 | deny all; | ||
316 | } | ||
317 | |||
318 | location ~ /\. { | ||
319 | # deny access to dotfiles | ||
320 | deny all; | ||
321 | } | ||
322 | |||
323 | location ~ ~$ { | ||
324 | # deny access to temp editor files, e.g. "script.php~" | ||
325 | deny all; | ||
326 | } | ||
327 | |||
328 | location ~ /doc/ { | ||
329 | default_type "text/html"; | 318 | default_type "text/html"; |
330 | try_files $uri $uri/ $uri.html =404; | 319 | try_files $uri $uri/ $uri.html =404; |
331 | } | 320 | } |
@@ -336,13 +325,12 @@ server { | |||
336 | } | 325 | } |
337 | 326 | ||
338 | # allow client-side caching of static files | 327 | # allow client-side caching of static files |
339 | location ~* \.(?:ico|css|js|gif|jpe?g|png)$ { | 328 | location ~* \.(?:ico|css|js|gif|jpe?g|png|ttf|oet|woff2?)$ { |
340 | expires max; | 329 | expires max; |
341 | add_header Cache-Control "public, must-revalidate, proxy-revalidate"; | 330 | add_header Cache-Control "public, must-revalidate, proxy-revalidate"; |
342 | # HTTP 1.0 compatibility | 331 | # HTTP 1.0 compatibility |
343 | add_header Pragma public; | 332 | add_header Pragma public; |
344 | } | 333 | } |
345 | |||
346 | } | 334 | } |
347 | ``` | 335 | ``` |
348 | 336 | ||