From 880137bcef5e4e4bb41224893fdfca4850c7c210 Mon Sep 17 00:00:00 2001 From: Joby Elliott Date: Mon, 21 Oct 2024 21:29:12 -0500 Subject: [PATCH] bug fixes --- install/mysql.sh | 3 ++- install/sshd_websftpusers.sh | 2 +- site-config.conf | 33 ++++++++++++++------------------- 3 files changed, 17 insertions(+), 21 deletions(-) diff --git a/install/mysql.sh b/install/mysql.sh index 59a156c..24dd472 100644 --- a/install/mysql.sh +++ b/install/mysql.sh @@ -54,7 +54,8 @@ bantime = 3600 EOL # Ensure fail2ban can read the MySQL log -usermod -a -G adm fail2ban +# Note: maybe not necessary on Ubuntu, as fail2ban runs as root +# usermod -a -G adm fail2ban # Create MySQL auth filter for fail2ban cat > /etc/fail2ban/filter.d/mysqld-auth.conf << EOL diff --git a/install/sshd_websftpusers.sh b/install/sshd_websftpusers.sh index a763e09..5aad2b3 100644 --- a/install/sshd_websftpusers.sh +++ b/install/sshd_websftpusers.sh @@ -51,7 +51,7 @@ EOF echo "Created $CONFIG_FILE with $NEW_GROUP configuration." # Restart SSH service to apply changes -systemctl restart sshd +systemctl restart ssh echo "SSH service restarted to apply changes." echo "Setup complete. New group $NEW_GROUP has been created and SSHD configured for SFTP access." diff --git a/site-config.conf b/site-config.conf index 2676982..42c28de 100644 --- a/site-config.conf +++ b/site-config.conf @@ -2,7 +2,7 @@ server { listen 80; listen [::]:80; server_name .$DOMAIN; - return 301 https://\$host\$request_uri; + return 301 https://$host$request_uri; } server { @@ -18,41 +18,36 @@ server { ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; # Determine the subdomain and set the root accordingly - set \$subdomain ''; - if (\$host ~* ^([^.]+)\.$DOMAIN$) { - set \$subdomain \$1; - } - - # Default root for subdomains # subdomains are the default, so that we get 404s for nonexistant subdomains - root $MAIN_WEB_ROOT/subdomains/\$subdomain/www; - - # For the main domain, use the _main/www directory - if (\$host = $DOMAIN) { - root $MAIN_WEB_ROOT/_main/www; + set $subdomain ''; + set $full_root = $MAIN_WEB_ROOT/_main/www; + if ($host ~* ^([^.]+)\.$DOMAIN$) { + set $subdomain $1; + set $full_root = $MAIN_WEB_ROOT/subdomains/$subdomain/www; } + root $full_root; # Index file names index index.html index.htm index.php; # Try files first, then use the router.php file if it exists location / { - try_files \$uri \$uri/ @router; + try_files $uri $uri/ @router; } # Use the router.php file for all nonexistant file requests if it exists location @router { - if (!-f \$document_root/router.php) { + if (!-f $document_root/router.php) { return 404; } fastcgi_pass unix:/var/run/php/php-fpm.sock; include fastcgi_params; - fastcgi_param SCRIPT_FILENAME \$document_root/router.php; + fastcgi_param SCRIPT_FILENAME $document_root/router.php; } # PHP Configuration location ~ \.php$ { - try_files \$uri =404; + try_files $uri =404; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass unix:/var/run/php/php-fpm.sock; fastcgi_index index.php; @@ -75,9 +70,9 @@ server { # Log to both default location and custom site directory, named by subdomain access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log; - if (\$subdomain != '') { - access_log $MAIN_WEB_ROOT/logs/\$subdomain.access.log; - error_log $MAIN_WEB_ROOT/logs/\$subdomain.error.log; + if ($subdomain != '') { + access_log $MAIN_WEB_ROOT/logs/$subdomain.access.log; + error_log $MAIN_WEB_ROOT/logs/$subdomain.error.log; }else { access_log $MAIN_WEB_ROOT/logs/_main.access.log; error_log $MAIN_WEB_ROOT/logs/_main.error.log;