bug fixes
This commit is contained in:
parent
a5a4b85c49
commit
880137bcef
3 changed files with 17 additions and 21 deletions
|
|
@ -54,7 +54,8 @@ bantime = 3600
|
||||||
EOL
|
EOL
|
||||||
|
|
||||||
# Ensure fail2ban can read the MySQL log
|
# Ensure fail2ban can read the MySQL log
|
||||||
usermod -a -G adm fail2ban
|
# Note: maybe not necessary on Ubuntu, as fail2ban runs as root
|
||||||
|
# usermod -a -G adm fail2ban
|
||||||
|
|
||||||
# Create MySQL auth filter for fail2ban
|
# Create MySQL auth filter for fail2ban
|
||||||
cat > /etc/fail2ban/filter.d/mysqld-auth.conf << EOL
|
cat > /etc/fail2ban/filter.d/mysqld-auth.conf << EOL
|
||||||
|
|
|
||||||
|
|
@ -51,7 +51,7 @@ EOF
|
||||||
echo "Created $CONFIG_FILE with $NEW_GROUP configuration."
|
echo "Created $CONFIG_FILE with $NEW_GROUP configuration."
|
||||||
|
|
||||||
# Restart SSH service to apply changes
|
# Restart SSH service to apply changes
|
||||||
systemctl restart sshd
|
systemctl restart ssh
|
||||||
echo "SSH service restarted to apply changes."
|
echo "SSH service restarted to apply changes."
|
||||||
|
|
||||||
echo "Setup complete. New group $NEW_GROUP has been created and SSHD configured for SFTP access."
|
echo "Setup complete. New group $NEW_GROUP has been created and SSHD configured for SFTP access."
|
||||||
|
|
|
||||||
|
|
@ -2,7 +2,7 @@ server {
|
||||||
listen 80;
|
listen 80;
|
||||||
listen [::]:80;
|
listen [::]:80;
|
||||||
server_name .$DOMAIN;
|
server_name .$DOMAIN;
|
||||||
return 301 https://\$host\$request_uri;
|
return 301 https://$host$request_uri;
|
||||||
}
|
}
|
||||||
|
|
||||||
server {
|
server {
|
||||||
|
|
@ -18,41 +18,36 @@ server {
|
||||||
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
|
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
|
||||||
|
|
||||||
# Determine the subdomain and set the root accordingly
|
# Determine the subdomain and set the root accordingly
|
||||||
set \$subdomain '';
|
|
||||||
if (\$host ~* ^([^.]+)\.$DOMAIN$) {
|
|
||||||
set \$subdomain \$1;
|
|
||||||
}
|
|
||||||
|
|
||||||
# Default root for subdomains
|
|
||||||
# subdomains are the default, so that we get 404s for nonexistant subdomains
|
# subdomains are the default, so that we get 404s for nonexistant subdomains
|
||||||
root $MAIN_WEB_ROOT/subdomains/\$subdomain/www;
|
set $subdomain '';
|
||||||
|
set $full_root = $MAIN_WEB_ROOT/_main/www;
|
||||||
# For the main domain, use the _main/www directory
|
if ($host ~* ^([^.]+)\.$DOMAIN$) {
|
||||||
if (\$host = $DOMAIN) {
|
set $subdomain $1;
|
||||||
root $MAIN_WEB_ROOT/_main/www;
|
set $full_root = $MAIN_WEB_ROOT/subdomains/$subdomain/www;
|
||||||
}
|
}
|
||||||
|
root $full_root;
|
||||||
|
|
||||||
# Index file names
|
# Index file names
|
||||||
index index.html index.htm index.php;
|
index index.html index.htm index.php;
|
||||||
|
|
||||||
# Try files first, then use the router.php file if it exists
|
# Try files first, then use the router.php file if it exists
|
||||||
location / {
|
location / {
|
||||||
try_files \$uri \$uri/ @router;
|
try_files $uri $uri/ @router;
|
||||||
}
|
}
|
||||||
|
|
||||||
# Use the router.php file for all nonexistant file requests if it exists
|
# Use the router.php file for all nonexistant file requests if it exists
|
||||||
location @router {
|
location @router {
|
||||||
if (!-f \$document_root/router.php) {
|
if (!-f $document_root/router.php) {
|
||||||
return 404;
|
return 404;
|
||||||
}
|
}
|
||||||
fastcgi_pass unix:/var/run/php/php-fpm.sock;
|
fastcgi_pass unix:/var/run/php/php-fpm.sock;
|
||||||
include fastcgi_params;
|
include fastcgi_params;
|
||||||
fastcgi_param SCRIPT_FILENAME \$document_root/router.php;
|
fastcgi_param SCRIPT_FILENAME $document_root/router.php;
|
||||||
}
|
}
|
||||||
|
|
||||||
# PHP Configuration
|
# PHP Configuration
|
||||||
location ~ \.php$ {
|
location ~ \.php$ {
|
||||||
try_files \$uri =404;
|
try_files $uri =404;
|
||||||
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||||
fastcgi_pass unix:/var/run/php/php-fpm.sock;
|
fastcgi_pass unix:/var/run/php/php-fpm.sock;
|
||||||
fastcgi_index index.php;
|
fastcgi_index index.php;
|
||||||
|
|
@ -75,9 +70,9 @@ server {
|
||||||
# Log to both default location and custom site directory, named by subdomain
|
# Log to both default location and custom site directory, named by subdomain
|
||||||
access_log /var/log/nginx/access.log;
|
access_log /var/log/nginx/access.log;
|
||||||
error_log /var/log/nginx/error.log;
|
error_log /var/log/nginx/error.log;
|
||||||
if (\$subdomain != '') {
|
if ($subdomain != '') {
|
||||||
access_log $MAIN_WEB_ROOT/logs/\$subdomain.access.log;
|
access_log $MAIN_WEB_ROOT/logs/$subdomain.access.log;
|
||||||
error_log $MAIN_WEB_ROOT/logs/\$subdomain.error.log;
|
error_log $MAIN_WEB_ROOT/logs/$subdomain.error.log;
|
||||||
}else {
|
}else {
|
||||||
access_log $MAIN_WEB_ROOT/logs/_main.access.log;
|
access_log $MAIN_WEB_ROOT/logs/_main.access.log;
|
||||||
error_log $MAIN_WEB_ROOT/logs/_main.error.log;
|
error_log $MAIN_WEB_ROOT/logs/_main.error.log;
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue