billing:secure_04052020

Новая конфигурация для хостов nginx

Данные конфиги разрешают обращение только к index.php (и main.php для ЛК) в корнях админки и ЛК, запрещая доступ к любым другим php скриптам.

Данные переменные могут отличаться от ваших!
server_name, ssl_certificate, ssl_certificate_key,fastcgi_pass

Так же стоит понимать, что в данном примере ЛК использует 80 порт (http) а админка 443 (https).

В разделе http добавить:

log_format  post  '$remote_addr - $remote_user [$time_local] "$request" "$request_body"'
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
server {
    listen *:443 ssl;
    server_name admin.demo.isp;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers   on;
    ssl_certificate         /etc/nginx/conf.d/ssl/ca.crt;
    ssl_certificate_key     /etc/nginx/conf.d/ssl/ca.key;

    access_log /var/log/nginx/admin_access.log;
    error_log /var/log/nginx/admin_error.log;
    root /var/www/mikbill/admin;

    charset utf-8;
    index index.html;
    location / {
        try_files $uri $uri/ /index.php?$args;
    }

    location = /index.php {
        access_log  /var/log/nginx/admin_access.log  post;
        include /etc/nginx/fastcgi_params;
        fastcgi_pass  unix:/var/run/php-worker-socket;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME /var/www/mikbill/admin/$fastcgi_script_name;
    }

    location = /robots.txt {
        add_header  Content-Type  text/plain;
        return 200 "User-agent: *\nDisallow: /\n";
    }
    
    # flash config
    location = /res/config.xml {
	allow all;
    }

    # flash locale
    location ~ ^/res/locales/.*\.xml {
	allow all;
    }
    
    location ~ ^/(.*)\.(php|php5)$ {
        deny all;
    }

    location ~* ^/(.*)/.*\.(xml|sh|php|php5|phtml|log|sql|key|crt|txt)$ {
        deny all;
    }
}
server {
    listen *:80;
    server_name stat.demo.isp;

    access_log /var/log/nginx/stat_access.log;
    error_log /var/log/nginx/stat_error.log;
    root /var/www/mikbill/stat;

    index main.php;
    location / {
        try_files $uri $uri/ /index.php?$args;
    }

    location = /main.php {
        include /etc/nginx/fastcgi_params;
        fastcgi_pass  unix:/var/run/php-worker-socket;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME /var/www/mikbill/stat/main.php;
    }

    location = /index.php {
	access_log  /var/log/nginx/stat_access.log  post;

        include /etc/nginx/fastcgi_params;
        fastcgi_pass  unix:/var/run/php-worker-socket;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME /var/www/mikbill/stat/index.php;
    }

    location ~ ^/(.*)\.(php|php5)$ {
        deny all;
    }

    location ~* ^/(.*)/.*\.(xml|sh|php|php5|phtml|log|sql|txt|html)$ {
        deny all;
    }
    
    location = /robots.txt {
        add_header  Content-Type  text/plain;
        return 200 "User-agent: *\nDisallow: /\n";
    }
}
  • billing/secure_04052020.txt
  • Последнее изменение: 3 нед. назад
  • Александр Дудяк