====== Новая конфигурация для хостов nginx ======
Данные конфиги разрешают обращение только к index.php (и main.php для ЛК) в корнях админки и ЛК, запрещая доступ к любым другим php скриптам.
Данные переменные могут отличаться от ваших! \\
**server_name, ssl_certificate, ssl_certificate_key,fastcgi_pass**\\
\\
Так же стоит понимать, что в данном примере ЛК использует 80 порт (http) а админка 443 (https).\\
===== nginx.conf =====
В разделе **http** добавить:
log_format post '$remote_addr - $remote_user [$time_local] "$request" "$request_body"'
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
===== admin_vhost.conf =====
server {
listen *:443 ssl;
server_name admin.demo.isp;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
ssl_certificate /etc/nginx/conf.d/ssl/ca.crt;
ssl_certificate_key /etc/nginx/conf.d/ssl/ca.key;
access_log /var/log/nginx/admin_access.log;
error_log /var/log/nginx/admin_error.log;
root /var/www/mikbill/admin;
charset utf-8;
index index.html;
location / {
try_files $uri $uri/ /index.php?$args;
}
location = /index.php {
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/var/run/php-worker-socket;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /var/www/mikbill/admin/$fastcgi_script_name;
}
location = /robots.txt {
add_header Content-Type text/plain;
return 200 "User-agent: *\nDisallow: /\n";
}
# flash config
location = /res/config.xml {
allow all;
}
# flash locale
location ~ ^/res/locales/.*\.xml {
allow all;
}
location ~ ^/(.*)\.(php|php5)$ {
deny all;
}
location ~* ^/(.*)/.*\.(xml|sh|php|php5|phtml|log|sql|key|crt|txt)$ {
deny all;
}
}
===== stat_vhost.conf =====
server {
listen *:80;
server_name stat.demo.isp;
access_log /var/log/nginx/stat_access.log;
error_log /var/log/nginx/stat_error.log;
root /var/www/mikbill/stat;
index main.php;
location / {
try_files $uri $uri/ /index.php?$args;
}
location = /main.php {
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/var/run/php-worker-socket;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /var/www/mikbill/stat/main.php;
}
location = /index.php {
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/var/run/php-worker-socket;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /var/www/mikbill/stat/index.php;
}
location ~ ^/(.*)\.(php|php5)$ {
deny all;
}
location ~* ^/(.*)/.*\.(xml|sh|php|php5|phtml|log|sql|txt|html)$ {
deny all;
}
location = /robots.txt {
add_header Content-Type text/plain;
return 200 "User-agent: *\nDisallow: /\n";
}
}