Added PHP 7.2 support + minor bugfixes and performance tweaks
Note when applying this update you will have to update existing nginx vhosts to match new listening addresses (IPv6). Preferably you should update them to unix socket though and apply the changes to the tor hidden service config as well
This commit is contained in:
Daniel Winzen
@ -10,8 +10,8 @@ fastcgi_param REQUEST_URI $request_uri;
|
||||
fastcgi_param DOCUMENT_URI $document_uri;
|
||||
fastcgi_param DOCUMENT_ROOT $document_root;
|
||||
fastcgi_param SERVER_PROTOCOL $server_protocol;
|
||||
fastcgi_param REQUEST_SCHEME $scheme;
|
||||
fastcgi_param HTTPS $https if_not_empty;
|
||||
fastcgi_param REQUEST_SCHEME $php_scheme;
|
||||
fastcgi_param HTTPS $php_https if_not_empty;
|
||||
|
||||
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
|
||||
fastcgi_param SERVER_SOFTWARE nginx;
|
||||
@ -19,7 +19,7 @@ fastcgi_param SERVER_SOFTWARE nginx;
|
||||
fastcgi_param REMOTE_ADDR $remote_addr;
|
||||
fastcgi_param REMOTE_PORT $remote_port;
|
||||
fastcgi_param SERVER_ADDR $server_addr;
|
||||
fastcgi_param SERVER_PORT $server_port;
|
||||
fastcgi_param SERVER_PORT $php_port;
|
||||
fastcgi_param SERVER_NAME $server_name;
|
||||
|
||||
# PHP only, required if PHP was built with --enable-force-cgi-redirect
|
||||
|
||||
@ -6,7 +6,7 @@ pcre_jit on;
|
||||
worker_rlimit_nofile 30000;
|
||||
|
||||
events {
|
||||
worker_connections 768;
|
||||
worker_connections 20000;
|
||||
multi_accept on;
|
||||
}
|
||||
|
||||
@ -22,9 +22,9 @@ http {
|
||||
keepalive_timeout 65;
|
||||
types_hash_max_size 2048;
|
||||
server_tokens off;
|
||||
client_max_body_size 1G;
|
||||
client_max_body_size 10G;
|
||||
proxy_http_version 1.1;
|
||||
#proxy_buffering off;
|
||||
proxy_buffering off;
|
||||
|
||||
client_body_timeout 10s;
|
||||
client_header_timeout 10s;
|
||||
@ -33,7 +33,7 @@ http {
|
||||
server_names_hash_max_size 1024;
|
||||
server_name_in_redirect off;
|
||||
port_in_redirect off;
|
||||
charset UTF-8;
|
||||
charset UTF-8;
|
||||
index index.html index.htm index.php index.hosting.html;
|
||||
|
||||
include /etc/nginx/mime.types;
|
||||
@ -49,13 +49,27 @@ http {
|
||||
}
|
||||
expires $expires;
|
||||
|
||||
map $http_x_forwarded_proto $php_scheme {
|
||||
default $scheme;
|
||||
http "http";
|
||||
https "https";
|
||||
}
|
||||
map $http_x_forwarded_proto $php_https {
|
||||
default "";
|
||||
https "on";
|
||||
}
|
||||
map $http_x_forwarded_proto $php_port {
|
||||
default 80;
|
||||
https 443;
|
||||
}
|
||||
|
||||
##
|
||||
# Logging Settings
|
||||
##
|
||||
log_format custom '0.0.0.0 - $remote_user [$time_local] "$request" $status $bytes_sent "$http_referer" "$http_user_agent"';
|
||||
log_format custom '$host: 0.0.0.0 - $remote_user [$time_local] "$request" $status $bytes_sent "$http_referer" "$http_user_agent"';
|
||||
access_log /var/log/nginx/access.log custom;
|
||||
error_log /var/log/nginx/error.log notice;
|
||||
log_not_found off;
|
||||
log_not_found off;
|
||||
|
||||
##
|
||||
# Gzip Settings
|
||||
@ -74,5 +88,6 @@ http {
|
||||
##
|
||||
# Virtual Host Configs
|
||||
##
|
||||
|
||||
include /etc/nginx/sites-enabled/*;
|
||||
}
|
||||
|
||||
@ -1,13 +1,26 @@
|
||||
server {
|
||||
listen 80 default_server;
|
||||
listen [::]:80;
|
||||
server_name *.danwin1210.me;
|
||||
location / {
|
||||
return 301 https://danwin1210.me$request_uri;
|
||||
}
|
||||
}
|
||||
server {
|
||||
# add_header Content-Security-Policy "script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; default-src 'self'; frame-ancestors 'self'; disown-opener; form-action 'self'; base-uri 'none'; report-uri https://danwin1210.me/csp-report.php" always;
|
||||
add_header Content-Security-Policy "script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; default-src 'self'; frame-ancestors 'self'; disown-opener; form-action 'self'; base-uri 'none'" always;
|
||||
add_header Referrer-Policy origin-when-cross-origin always;
|
||||
add_header X-Content-Type-Options nosniff always;
|
||||
add_header X-Xss-Protection "1; mode=block" always;
|
||||
listen [::]:80 ipv6only=off fastopen=100 backlog=2048 default_server;
|
||||
listen unix:/var/run/nginx.sock backlog=2048 default_server;
|
||||
root /var/www/html;
|
||||
index index.php;
|
||||
server_name dhosting4okcs22v.onion *.dhosting4okcs22v.onion;
|
||||
server_name dhosting4okcs22v.onion *.dhosting4okcs22v.onion hosting.danwin1210.me z37pqzjrjc2zniidsdiol3zwrjpzf4rhdy2nlepcczmqrzvwuz4vbwad.onion *.z37pqzjrjc2zniidsdiol3zwrjpzf4rhdy2nlepcczmqrzvwuz4vbwad.onion;
|
||||
location / {
|
||||
try_files $uri $uri/ =404;
|
||||
location ~ \.php$ {
|
||||
include snippets/fastcgi-php.conf;
|
||||
fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;
|
||||
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
|
||||
}
|
||||
}
|
||||
location /squirrelmail {
|
||||
@ -27,7 +40,7 @@ server {
|
||||
root /usr/share/adminer;
|
||||
location ~ \.php$ {
|
||||
include snippets/fastcgi-php.conf;
|
||||
fastcgi_pass unix:/run/php/php7.1-fpm.sock;
|
||||
fastcgi_pass unix:/run/php/php7.2-fpm.sock;
|
||||
}
|
||||
}
|
||||
location /externals/jush/ {
|
||||
|
||||
@ -12,7 +12,8 @@ fastcgi_param PATH_INFO $path_info;
|
||||
fastcgi_index index.php;
|
||||
include fastcgi.conf;
|
||||
|
||||
fastcgi_read_timeout 600s;
|
||||
fastcgi_read_timeout 30m;
|
||||
#fastcgi_read_timeout 600s;
|
||||
fastcgi_max_temp_file_size 0;
|
||||
fastcgi_buffer_size 4K;
|
||||
fastcgi_buffers 64 4k;
|
||||
|
||||
Reference in New Issue
Block a user