質問編集履歴
6
ssl.conf内容更新
test
CHANGED
File without changes
|
test
CHANGED
@@ -206,10 +206,6 @@
|
|
206
206
|
|
207
207
|
}
|
208
208
|
|
209
|
-
#include shib_fastcgi_params;
|
210
|
-
|
211
|
-
#include shib_clear_headers;
|
212
|
-
|
213
209
|
fastcgi_pass 127.0.0.1:9000;
|
214
210
|
|
215
211
|
fastcgi_index index.php;
|
@@ -226,16 +222,10 @@
|
|
226
222
|
|
227
223
|
fastcgi_read_timeout 120s;
|
228
224
|
|
229
|
-
#include naxsi.d/wordpress/*.conf;
|
230
|
-
|
231
225
|
}
|
232
226
|
|
233
227
|
include conf.d/security.conf;
|
234
228
|
|
235
|
-
#add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains;preload;' always;
|
236
|
-
|
237
|
-
#include naxsi.d/wordpress/*.conf;
|
238
|
-
|
239
229
|
}
|
240
230
|
|
241
231
|
|
@@ -250,10 +240,6 @@
|
|
250
240
|
|
251
241
|
}
|
252
242
|
|
253
|
-
#include shib_fastcgi_params;
|
254
|
-
|
255
|
-
#include shib_clear_headers;
|
256
|
-
|
257
243
|
fastcgi_pass 127.0.0.1:9000;
|
258
244
|
|
259
245
|
fastcgi_index index.php;
|
@@ -344,12 +330,6 @@
|
|
344
330
|
|
345
331
|
include conf.d/security.conf;
|
346
332
|
|
347
|
-
#add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains;preload;' always;
|
348
|
-
|
349
|
-
#include naxsi.d/wordpress/*.conf;
|
350
|
-
|
351
|
-
|
352
|
-
|
353
333
|
}
|
354
334
|
|
355
335
|
|
@@ -442,8 +422,6 @@
|
|
442
422
|
|
443
423
|
}
|
444
424
|
|
445
|
-
|
446
|
-
|
447
425
|
}
|
448
426
|
|
449
427
|
```
|
5
ssl.conf内容更新
test
CHANGED
File without changes
|
test
CHANGED
@@ -426,7 +426,7 @@
|
|
426
426
|
|
427
427
|
}
|
428
428
|
|
429
|
-
location ~* /
|
429
|
+
location ~* /AAA/.*.(png|jpe?g)$ {
|
430
430
|
|
431
431
|
add_header Vary Accept;
|
432
432
|
|
4
ssl.confの内容を更新
test
CHANGED
File without changes
|
test
CHANGED
@@ -36,10 +36,98 @@
|
|
36
36
|
|
37
37
|
```ssl.conf
|
38
38
|
|
39
|
+
server {
|
40
|
+
|
41
|
+
listen 443 ssl http2;
|
42
|
+
|
43
|
+
server_name hoge.com;
|
44
|
+
|
45
|
+
ssl_certificate /etc/letsencrypt/live/hoge.com/fullchain.pem; # managed by Certbot
|
46
|
+
|
47
|
+
ssl_certificate_key /etc/letsencrypt/live/hoge.com/privkey.pem; # managed by Certbot
|
48
|
+
|
49
|
+
ssl_dhparam /etc/kusanagi.d/ssl/dhparam.key;
|
50
|
+
|
51
|
+
ssl_session_tickets on;
|
52
|
+
|
53
|
+
ssl_session_ticket_key /etc/kusanagi.d/ssl_sess_ticket.key;
|
54
|
+
|
55
|
+
ssl_session_cache shared:SSL:1m;
|
56
|
+
|
57
|
+
ssl_session_timeout 5m;
|
58
|
+
|
59
|
+
ssl_protocols TLSv1.2 TLSv1.3;
|
60
|
+
|
61
|
+
ssl_ciphers "AES128+ECDHE:AES256+ECDHE:AES128+EDH:AES256+EDH:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4!CAMELLIA!AES128-SHA!AES128-SHA256!AES128-GCM-SHA256:!AES256-GCM-SHA384:!AES256-SHA256:!AES256-SHA!AES256-CCM8!AES256-CCM!AES128-CCM!ARIA128-GCM-SHA256!AES128-CCM8!ARIA256-GCM-SHA384";
|
62
|
+
|
63
|
+
ssl_prefer_server_ciphers on;
|
64
|
+
|
65
|
+
access_log /home/kusanagi/aaa/log/nginx/ssl_access.log main;
|
66
|
+
|
67
|
+
error_log /home/kusanagi/aaa/log/nginx/ssl_error.log warn;
|
68
|
+
|
69
|
+
|
70
|
+
|
71
|
+
charset UTF-8;
|
72
|
+
|
73
|
+
client_max_body_size 50M;
|
74
|
+
|
75
|
+
root /home/kusanagi/aaa/DocumentRoot;
|
76
|
+
|
77
|
+
index index.php index.html index.htm;
|
78
|
+
|
79
|
+
|
80
|
+
|
81
|
+
location = /50x.html {
|
82
|
+
|
83
|
+
return 403;
|
84
|
+
|
85
|
+
}
|
86
|
+
|
87
|
+
|
88
|
+
|
89
|
+
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
|
90
|
+
|
91
|
+
|
92
|
+
|
39
93
|
location / {
|
40
94
|
|
41
95
|
try_files $uri $uri/ /index.php?$args;
|
42
96
|
|
97
|
+
|
98
|
+
|
99
|
+
# B-start index.phpの内容がダウンロードされる
|
100
|
+
|
101
|
+
location ~ .php(.*)$ {
|
102
|
+
|
103
|
+
if ($request_uri ~* "^(.*/)index.php(.*)$") {
|
104
|
+
|
105
|
+
return 301 $1$2;
|
106
|
+
|
107
|
+
}
|
108
|
+
|
109
|
+
}
|
110
|
+
|
111
|
+
# B-end
|
112
|
+
|
113
|
+
}
|
114
|
+
|
115
|
+
|
116
|
+
|
117
|
+
location = /favicon.ico {
|
118
|
+
|
119
|
+
log_not_found off;
|
120
|
+
|
121
|
+
access_log off;
|
122
|
+
|
123
|
+
}
|
124
|
+
|
125
|
+
|
126
|
+
|
127
|
+
location ~* /.well-known {
|
128
|
+
|
129
|
+
allow all;
|
130
|
+
|
43
131
|
}
|
44
132
|
|
45
133
|
|
@@ -56,14 +144,306 @@
|
|
56
144
|
|
57
145
|
|
58
146
|
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
|
64
|
-
|
65
|
-
|
66
|
-
|
67
|
-
|
147
|
+
location ~* /. {
|
148
|
+
|
149
|
+
deny all;
|
150
|
+
|
151
|
+
}
|
152
|
+
|
153
|
+
|
154
|
+
|
155
|
+
location ~* /(?:uploads|files)/.*.php$ {
|
156
|
+
|
157
|
+
deny all;
|
158
|
+
|
159
|
+
}
|
160
|
+
|
161
|
+
|
162
|
+
|
163
|
+
location ~* .(jpg|jpeg|gif|png|css|js|swf|ico|pdf|svg|eot|ttf|woff)$ {
|
164
|
+
|
165
|
+
expires 60d;
|
166
|
+
|
167
|
+
access_log off;
|
168
|
+
|
169
|
+
}
|
170
|
+
|
171
|
+
|
172
|
+
|
173
|
+
# A-start
|
174
|
+
|
175
|
+
#if ($request_uri ~* "^(.*/)index.php(.*)$") {
|
176
|
+
|
177
|
+
# return 301 $1$2;
|
178
|
+
|
179
|
+
#}
|
180
|
+
|
181
|
+
# A-end
|
182
|
+
|
183
|
+
|
184
|
+
|
185
|
+
location ~* /wp-login.php|/wp-admin/((?!(admin-ajax.php|images/)).)*$ {
|
186
|
+
|
187
|
+
satisfy any;
|
188
|
+
|
189
|
+
allow 0.0.0.0/0;
|
190
|
+
|
191
|
+
allow 127.0.0.1;
|
192
|
+
|
193
|
+
deny all;
|
194
|
+
|
195
|
+
auth_basic "basic authentication";
|
196
|
+
|
197
|
+
auth_basic_user_file "/home/kusanagi/.htpasswd";
|
198
|
+
|
199
|
+
location ~ [^/].php(/|$) {
|
200
|
+
|
201
|
+
fastcgi_split_path_info ^(.+?.php)(/.*)$;
|
202
|
+
|
203
|
+
if (!-f $document_root$fastcgi_script_name) {
|
204
|
+
|
205
|
+
return 404;
|
206
|
+
|
207
|
+
}
|
208
|
+
|
209
|
+
#include shib_fastcgi_params;
|
210
|
+
|
211
|
+
#include shib_clear_headers;
|
212
|
+
|
213
|
+
fastcgi_pass 127.0.0.1:9000;
|
214
|
+
|
215
|
+
fastcgi_index index.php;
|
216
|
+
|
217
|
+
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
218
|
+
|
219
|
+
include fastcgi_params;
|
220
|
+
|
221
|
+
fastcgi_buffers 256 128k;
|
222
|
+
|
223
|
+
fastcgi_buffer_size 128k;
|
224
|
+
|
225
|
+
fastcgi_intercept_errors on;
|
226
|
+
|
227
|
+
fastcgi_read_timeout 120s;
|
228
|
+
|
229
|
+
#include naxsi.d/wordpress/*.conf;
|
230
|
+
|
231
|
+
}
|
232
|
+
|
233
|
+
include conf.d/security.conf;
|
234
|
+
|
235
|
+
#add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains;preload;' always;
|
236
|
+
|
237
|
+
#include naxsi.d/wordpress/*.conf;
|
238
|
+
|
239
|
+
}
|
240
|
+
|
241
|
+
|
242
|
+
|
243
|
+
location ~ [^/].php(/|$) {
|
244
|
+
|
245
|
+
fastcgi_split_path_info ^(.+?.php)(/.*)$;
|
246
|
+
|
247
|
+
if (!-f $document_root$fastcgi_script_name) {
|
248
|
+
|
249
|
+
return 404;
|
250
|
+
|
251
|
+
}
|
252
|
+
|
253
|
+
#include shib_fastcgi_params;
|
254
|
+
|
255
|
+
#include shib_clear_headers;
|
256
|
+
|
257
|
+
fastcgi_pass 127.0.0.1:9000;
|
258
|
+
|
259
|
+
fastcgi_index index.php;
|
260
|
+
|
261
|
+
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
262
|
+
|
263
|
+
include fastcgi_params;
|
264
|
+
|
265
|
+
fastcgi_buffers 256 128k;
|
266
|
+
|
267
|
+
fastcgi_buffer_size 128k;
|
268
|
+
|
269
|
+
fastcgi_intercept_errors on;
|
270
|
+
|
271
|
+
fastcgi_read_timeout 120s;
|
272
|
+
|
273
|
+
|
274
|
+
|
275
|
+
set $do_not_cache 1; ## page cache
|
276
|
+
|
277
|
+
set $device "pc";
|
278
|
+
|
279
|
+
|
280
|
+
|
281
|
+
if ($request_method = POST) {
|
282
|
+
|
283
|
+
set $do_not_cache 1;
|
284
|
+
|
285
|
+
}
|
286
|
+
|
287
|
+
|
288
|
+
|
289
|
+
if ($query_string != "") {
|
290
|
+
|
291
|
+
set $do_not_cache 1;
|
292
|
+
|
293
|
+
}
|
294
|
+
|
295
|
+
|
296
|
+
|
297
|
+
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") {
|
298
|
+
|
299
|
+
set $do_not_cache 1;
|
300
|
+
|
301
|
+
}
|
302
|
+
|
303
|
+
|
304
|
+
|
305
|
+
if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php|wp-.*.php|/feed/|index.php|wp-comments-popup.php|wp-links-opml.php|wp-locations.php|sitemap(_index)?.xml|[a-z0-9_-]+-sitemap([0-9]+)?.xml)") {
|
306
|
+
|
307
|
+
set $do_not_cache 1;
|
308
|
+
|
309
|
+
}
|
310
|
+
|
311
|
+
|
312
|
+
|
313
|
+
if ($http_user_agent ~* " Android |(iPad|Android; Tablet; .+Firefox") {
|
314
|
+
|
315
|
+
set $device "tablet";
|
316
|
+
|
317
|
+
}
|
318
|
+
|
319
|
+
|
320
|
+
|
321
|
+
if ($http_user_agent ~* "Android .+ Mobile|(iPhone|(iPod|IEMobile|Android; Mobile; .+Firefox|Windows Phone") {
|
322
|
+
|
323
|
+
set $device "smart";
|
324
|
+
|
325
|
+
}
|
326
|
+
|
327
|
+
|
328
|
+
|
329
|
+
fastcgi_cache wpcache;
|
330
|
+
|
331
|
+
fastcgi_cache_key "$device:$request_method:$scheme://$host$request_uri";
|
332
|
+
|
333
|
+
fastcgi_cache_valid 200 10m;
|
334
|
+
|
335
|
+
fastcgi_no_cache $do_not_cache;
|
336
|
+
|
337
|
+
fastcgi_cache_bypass $do_not_cache;
|
338
|
+
|
339
|
+
|
340
|
+
|
341
|
+
add_header X-F-Cache $upstream_cache_status;
|
342
|
+
|
343
|
+
add_header X-Signature KUSANAGI;
|
344
|
+
|
345
|
+
include conf.d/security.conf;
|
346
|
+
|
347
|
+
#add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains;preload;' always;
|
348
|
+
|
349
|
+
#include naxsi.d/wordpress/*.conf;
|
350
|
+
|
351
|
+
|
352
|
+
|
353
|
+
}
|
354
|
+
|
355
|
+
|
356
|
+
|
357
|
+
location ~ /fcache-purge/([^/]+)(/.*) {
|
358
|
+
|
359
|
+
allow 127.0.0.1;
|
360
|
+
|
361
|
+
deny all;
|
362
|
+
|
363
|
+
fastcgi_cache_purge wpcache "$1:GET:$scheme://$host$2";
|
364
|
+
|
365
|
+
}
|
366
|
+
|
367
|
+
|
368
|
+
|
369
|
+
# WebP Express rules
|
370
|
+
|
371
|
+
# --------------------
|
372
|
+
|
373
|
+
location ~* /wp/wp-content/.*.(png|jpe?g)$ {
|
374
|
+
|
375
|
+
add_header Vary Accept;
|
376
|
+
|
377
|
+
expires 365d;
|
378
|
+
|
379
|
+
if ($http_accept !~* "webp"){
|
380
|
+
|
381
|
+
break;
|
382
|
+
|
383
|
+
}
|
384
|
+
|
385
|
+
try_files
|
386
|
+
|
387
|
+
/wp/wp-content/webp-express/webp-images/doc-root/$uri.webp
|
388
|
+
|
389
|
+
$uri.webp
|
390
|
+
|
391
|
+
/wp/wp-content/plugins/webp-express/wod/webp-on-demand.php?xsource=x$request_filename&wp-content=wp-content
|
392
|
+
|
393
|
+
;
|
394
|
+
|
395
|
+
}
|
396
|
+
|
397
|
+
|
398
|
+
|
399
|
+
# Route requests for non-existing webps to the converter
|
400
|
+
|
401
|
+
location ~* /wp/wp-content/.*.(png|jpe?g).webp$ {
|
402
|
+
|
403
|
+
try_files
|
404
|
+
|
405
|
+
$uri
|
406
|
+
|
407
|
+
/wp/wp-content/plugins/webp-express/wod/webp-realizer.php?wp-content=wp-content
|
408
|
+
|
409
|
+
;
|
410
|
+
|
411
|
+
}
|
412
|
+
|
413
|
+
# ------------------- (WebP Express rules ends here)
|
414
|
+
|
415
|
+
|
416
|
+
|
417
|
+
# WebP extra folder rules
|
418
|
+
|
419
|
+
# -------------------------
|
420
|
+
|
421
|
+
location ~* /images/.*.(png|jpe?g)$ {
|
422
|
+
|
423
|
+
add_header Vary Accept;
|
424
|
+
|
425
|
+
try_files $uri$webp_suffix $uri =404;
|
426
|
+
|
427
|
+
}
|
428
|
+
|
429
|
+
location ~* /STYLICS/.*.(png|jpe?g)$ {
|
430
|
+
|
431
|
+
add_header Vary Accept;
|
432
|
+
|
433
|
+
try_files $uri$webp_suffix $uri =404;
|
434
|
+
|
435
|
+
}
|
436
|
+
|
437
|
+
location ~* /common/images/.*.(png|jpe?g)$ {
|
438
|
+
|
439
|
+
add_header Vary Accept;
|
440
|
+
|
441
|
+
try_files $uri$webp_suffix $uri =404;
|
442
|
+
|
443
|
+
}
|
444
|
+
|
445
|
+
|
446
|
+
|
447
|
+
}
|
68
448
|
|
69
449
|
```
|
3
誤記修正
test
CHANGED
@@ -1 +1 @@
|
|
1
|
-
|
1
|
+
NGINXでindex.php無しの正規化をかけるとphpMyAdminログイン画面が表示され続ける
|
test
CHANGED
File without changes
|
2
誤記修正
test
CHANGED
@@ -1 +1 @@
|
|
1
|
-
NGINXでindex.php無しの正規化をかけるとphpMyAdminログイン画面が表示され続ける
|
1
|
+
ごきNGINXでindex.php無しの正規化をかけるとphpMyAdminログイン画面が表示され続ける
|
test
CHANGED
@@ -40,8 +40,6 @@
|
|
40
40
|
|
41
41
|
try_files $uri $uri/ /index.php?$args;
|
42
42
|
|
43
|
-
#include naxsi.d/wordpress/*.conf;
|
44
|
-
|
45
43
|
}
|
46
44
|
|
47
45
|
|
1
コード修正
test
CHANGED
File without changes
|
test
CHANGED
@@ -38,7 +38,7 @@
|
|
38
38
|
|
39
39
|
location / {
|
40
40
|
|
41
|
-
try_files $uri $uri/ /ndex.php?$args;
|
41
|
+
try_files $uri $uri/ /index.php?$args;
|
42
42
|
|
43
43
|
#include naxsi.d/wordpress/*.conf;
|
44
44
|
|
@@ -50,7 +50,7 @@
|
|
50
50
|
|
51
51
|
# Outer Word Press Files
|
52
52
|
|
53
|
-
root /home/kusanagi/
|
53
|
+
root /home/kusanagi/aaa/DocumentRoot;
|
54
54
|
|
55
55
|
index index.php index.html index.htm;
|
56
56
|
|