updated some more error config stuff
This commit is contained in:
parent
f7d467cf75
commit
1121b1f185
2 changed files with 31 additions and 65 deletions
|
|
@ -1,58 +1,9 @@
|
|||
# Global error pages
|
||||
error_page 403 /403.html;
|
||||
error_page 404 /404.html;
|
||||
error_page 500 502 504 /50x.html;
|
||||
error_page 503 /503.html;
|
||||
error_page 403 /error/403.html;
|
||||
error_page 404 /error/404.html;
|
||||
error_page 503 /error/503.html;
|
||||
error_page 500 502 504 /error/50x.html;
|
||||
|
||||
# Global error handler locations
|
||||
location = /403.html {
|
||||
location ^~ /error/ {
|
||||
alias /var/www/error-pages/;
|
||||
internal;
|
||||
try_files
|
||||
$document_root/403.php
|
||||
$document_root/403.html
|
||||
/var/www/error-pages/403.php
|
||||
/var/www/error-pages/403.html
|
||||
=403;
|
||||
fastcgi_intercept_errors on;
|
||||
}
|
||||
|
||||
location = /404.html {
|
||||
internal;
|
||||
try_files
|
||||
$document_root/404.php
|
||||
$document_root/404.html
|
||||
/var/www/error-pages/404.php
|
||||
/var/www/error-pages/404.html
|
||||
=404;
|
||||
fastcgi_intercept_errors on;
|
||||
}
|
||||
|
||||
location = /503.html {
|
||||
internal;
|
||||
try_files
|
||||
$document_root/503.php
|
||||
$document_root/503.html
|
||||
/var/www/error-pages/503.php
|
||||
/var/www/error-pages/503.html
|
||||
=503;
|
||||
fastcgi_intercept_errors on;
|
||||
}
|
||||
|
||||
location = /50x.html {
|
||||
internal;
|
||||
try_files
|
||||
$document_root/50x.php
|
||||
$document_root/50x.html
|
||||
/var/www/error-pages/50x.php
|
||||
/var/www/error-pages/50x.html
|
||||
=500;
|
||||
fastcgi_intercept_errors on;
|
||||
}
|
||||
|
||||
# PHP handling for error pages
|
||||
location ~ ^/(?:403|404|503|50x)\.php$ {
|
||||
internal;
|
||||
include fastcgi_params;
|
||||
fastcgi_param SCRIPT_FILENAME $request_filename;
|
||||
fastcgi_pass unix:/var/run/php/php-fpm.sock; # Adjust this path as needed
|
||||
}
|
||||
}
|
||||
|
|
@ -17,28 +17,43 @@ server {
|
|||
ssl_certificate_key /etc/letsencrypt/live/$DOMAIN/privkey.pem;
|
||||
include snippets/ssl.conf;
|
||||
|
||||
# Error page config
|
||||
# Default error page config
|
||||
include snippets/error-pages.conf;
|
||||
|
||||
# Check for banned IPs
|
||||
if ($is_banned) {
|
||||
return 403;
|
||||
}
|
||||
|
||||
# Apply general rate limit
|
||||
limit_req zone=general burst=100 nodelay;
|
||||
|
||||
# Check for banned IPs
|
||||
if ($is_banned) {
|
||||
rewrite ^ @banned last;
|
||||
}
|
||||
|
||||
# Content Security Policy (needs to be per-domain)
|
||||
add_header Content-Security-Policy "default-src 'self' *.$DOMAIN; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.$DOMAIN; style-src 'self' 'unsafe-inline' *.$DOMAIN; img-src 'self' data: *.$DOMAIN; font-src 'self' data: *.$DOMAIN; connect-src 'self' *.$DOMAIN; frame-src 'self' *.$DOMAIN; media-src 'self' *.$DOMAIN; object-src 'none'; base-uri 'self'; form-action 'self' *.$DOMAIN" always;
|
||||
|
||||
# Subdomain handling
|
||||
set $subdomain '';
|
||||
set $full_root "/var/www/$DOMAIN/_main/www";
|
||||
set $site_root "/var/www/$DOMAIN/_main";
|
||||
if ($host ~* ^([^.]+)\.$DOMAIN$) {
|
||||
set $subdomain $1;
|
||||
set $full_root "/var/www/$DOMAIN/subdomains/$subdomain/www";
|
||||
set $site_root "/var/www/$DOMAIN/subdomains/$subdomain";
|
||||
}
|
||||
root "$site_root/www";
|
||||
|
||||
# Banned location handler
|
||||
location @banned {
|
||||
return 403;
|
||||
}
|
||||
|
||||
# Site-specific error pages
|
||||
error_page 403 /error/403.html;
|
||||
error_page 404 /error/404.html;
|
||||
error_page 503 /error/503.html;
|
||||
error_page 500 502 504 /error/50x.html;
|
||||
location ^~ /error/ {
|
||||
alias "$site_root/error-pages/";
|
||||
internal;
|
||||
}
|
||||
root $full_root;
|
||||
|
||||
# Basic settings
|
||||
index index.html index.htm index.php;
|
||||
|
|
|
|||
Loading…
Reference in a new issue