updated some more error config stuff

This commit is contained in:
Joby 2024-10-23 20:04:14 -06:00
parent f7d467cf75
commit 1121b1f185
2 changed files with 31 additions and 65 deletions

View file

@ -1,58 +1,9 @@
# Global error pages error_page 403 /error/403.html;
error_page 403 /403.html; error_page 404 /error/404.html;
error_page 404 /404.html; error_page 503 /error/503.html;
error_page 500 502 504 /50x.html; error_page 500 502 504 /error/50x.html;
error_page 503 /503.html;
# Global error handler locations location ^~ /error/ {
location = /403.html { alias /var/www/error-pages/;
internal; internal;
try_files }
$document_root/403.php
$document_root/403.html
/var/www/error-pages/403.php
/var/www/error-pages/403.html
=403;
fastcgi_intercept_errors on;
}
location = /404.html {
internal;
try_files
$document_root/404.php
$document_root/404.html
/var/www/error-pages/404.php
/var/www/error-pages/404.html
=404;
fastcgi_intercept_errors on;
}
location = /503.html {
internal;
try_files
$document_root/503.php
$document_root/503.html
/var/www/error-pages/503.php
/var/www/error-pages/503.html
=503;
fastcgi_intercept_errors on;
}
location = /50x.html {
internal;
try_files
$document_root/50x.php
$document_root/50x.html
/var/www/error-pages/50x.php
/var/www/error-pages/50x.html
=500;
fastcgi_intercept_errors on;
}
# PHP handling for error pages
location ~ ^/(?:403|404|503|50x)\.php$ {
internal;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_pass unix:/var/run/php/php-fpm.sock; # Adjust this path as needed
}

View file

@ -17,28 +17,43 @@ server {
ssl_certificate_key /etc/letsencrypt/live/$DOMAIN/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/$DOMAIN/privkey.pem;
include snippets/ssl.conf; include snippets/ssl.conf;
# Error page config # Default error page config
include snippets/error-pages.conf; include snippets/error-pages.conf;
# Check for banned IPs
if ($is_banned) {
return 403;
}
# Apply general rate limit # Apply general rate limit
limit_req zone=general burst=100 nodelay; limit_req zone=general burst=100 nodelay;
# Check for banned IPs
if ($is_banned) {
rewrite ^ @banned last;
}
# Content Security Policy (needs to be per-domain) # Content Security Policy (needs to be per-domain)
add_header Content-Security-Policy "default-src 'self' *.$DOMAIN; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.$DOMAIN; style-src 'self' 'unsafe-inline' *.$DOMAIN; img-src 'self' data: *.$DOMAIN; font-src 'self' data: *.$DOMAIN; connect-src 'self' *.$DOMAIN; frame-src 'self' *.$DOMAIN; media-src 'self' *.$DOMAIN; object-src 'none'; base-uri 'self'; form-action 'self' *.$DOMAIN" always; add_header Content-Security-Policy "default-src 'self' *.$DOMAIN; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.$DOMAIN; style-src 'self' 'unsafe-inline' *.$DOMAIN; img-src 'self' data: *.$DOMAIN; font-src 'self' data: *.$DOMAIN; connect-src 'self' *.$DOMAIN; frame-src 'self' *.$DOMAIN; media-src 'self' *.$DOMAIN; object-src 'none'; base-uri 'self'; form-action 'self' *.$DOMAIN" always;
# Subdomain handling # Subdomain handling
set $subdomain ''; set $subdomain '';
set $full_root "/var/www/$DOMAIN/_main/www"; set $site_root "/var/www/$DOMAIN/_main";
if ($host ~* ^([^.]+)\.$DOMAIN$) { if ($host ~* ^([^.]+)\.$DOMAIN$) {
set $subdomain $1; set $subdomain $1;
set $full_root "/var/www/$DOMAIN/subdomains/$subdomain/www"; set $site_root "/var/www/$DOMAIN/subdomains/$subdomain";
}
root "$site_root/www";
# Banned location handler
location @banned {
return 403;
}
# Site-specific error pages
error_page 403 /error/403.html;
error_page 404 /error/404.html;
error_page 503 /error/503.html;
error_page 500 502 504 /error/50x.html;
location ^~ /error/ {
alias "$site_root/error-pages/";
internal;
} }
root $full_root;
# Basic settings # Basic settings
index index.html index.htm index.php; index index.html index.htm index.php;