B
Bjorn Laltarith
Guest
Hello there, ive used solution from HERE but for some reason my ZnoteAAC wont work, every time i get 404 error message (or whatever is configured there to be instead of plain and simple 404 message).
No matter what i try to change i can only make it worse and get 403 forbidden or nothing at all.
I cant even get the "info.php trick to work.
phpMyAdmin works just fine tho.
This is my "/etc/nginx/sites-available/default" code
Help please
No matter what i try to change i can only make it worse and get 403 forbidden or nothing at all.
I cant even get the "info.php trick to work.
phpMyAdmin works just fine tho.
This is my "/etc/nginx/sites-available/default" code
Code:
limit_req_zone $binary_remote_addr zone=req_zone:10m rate=60r/m;
server {
listen 80 default_server;
listen 443 ssl default_server;
listen [::]:80 default_server;
server_name _;
root /home/otsmanager/www/public_html;
index index.html intex.htm index.nginx-debian.html index.php;
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers off;
ssl_ciphers TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_ecdh_curve X25519:prime256v1:secp384r1;
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
# https://wiki.mozilla.org/Security/Server_Side_TLS#OCSP_Stapling
# https://tools.ietf.org/html/rfc6066#section-8
# https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_stapling
#
# (1) Use Cloudflare 1.1.1.1 DNS resolver
# https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/
#
# (2) Use Google 8.8.8.8 DNS resolver
# https://developers.google.com/speed/public-dns/docs/using
#
# (3) Use Dyn DNS resolver
# https://help.dyn.com/internet-guide-setup/
ssl_stapling on;
ssl_stapling_verify on;
resolver
# (1)
1.1.1.1 1.0.0.1 [2606:4700:4700::1111] [2606:4700:4700::1001]
# (2)
8.8.8.8 8.8.4.4 [2001:4860:4860::8888] [2001:4860:4860::8844]
# (3)
# 216.146.35.35 216.146.36.36
valid=60s;
resolver_timeout 2s;
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
client_max_body_size 64M;
error_page 404 @notfound;
# mask known ZnoteAAC directories
location /LUA {
deny all;
return 404;
}
location /engine/cache {
deny all;
return 404;
}
location /special {
allow 127.0.0.1;
deny all;
}
# mask known MyAAC directories
location /cache {
deny all;
return 404;
}
location /logs {
deny all;
return 404;
}
location /migrations {
deny all;
return 404;
}
location /plugins {
deny all;
return 404;
}
location /system {
deny all;
return 404;
}
# our regular locations
location /test {
index index.html index.php;
try_files $uri $uri/ /index.php?$args;
}
location ~* \.(gif|jpg|jpeg|png|bmp|js|css)$ {
expires max;
}
location ~ \.php$ {
limit_req zone=req_zone burst=10 nodelay;
try_files $fastcgi_script_name =404;
fastcgi_pass unix:/var/run/php/php-fpm-otsmanager.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;
include fastcgi_params;
# Bypass the fact that try_files resets $fastcgi_path_info
# see: http://trac.nginx.org/nginx/ticket/321
set $path_info $fastcgi_path_info;
fastcgi_param PATH_INFO $path_info;
}
location @notfound {
return 404 "The page or file you requested was not found. If this is your server, make sure you placed it in the right directory.";
add_header Content-Type text/plain always;
}
# phpMyAdmin
location /pma3380 {
alias /usr/share/phpmyadmin;
client_max_body_size 64M;
index index.html index.php;
try_files $uri $uri/ /index.php?$args;
location ~ \.php$ {
limit_req zone=req_zone burst=10 nodelay;
try_files $fastcgi_script_name =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_index index.php;
fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
fastcgi_param SCRIPT_FILENAME $request_filename;
include fastcgi_params;
# Bypass the fact that try_files resets $fastcgi_path_info
# see: http://trac.nginx.org/nginx/ticket/321
set $path_info $fastcgi_path_info;
fastcgi_param PATH_INFO $path_info;
}
location ~* \.(gif|jpg|jpeg|png|js|css)$ {
expires max;
}
location /pma3380/libraries {
deny all;
}
location /pma3380/setup {
deny all;
}
}
# Cloudflare
real_ip_header CF-Connecting-IP;
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 103.21.244.0/22;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 103.31.4.0/22;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 108.162.192.0/18;
set_real_ip_from 190.93.240.0/20;
set_real_ip_from 188.114.96.0/20;
set_real_ip_from 197.234.240.0/22;
set_real_ip_from 198.41.128.0/17;
set_real_ip_from 162.158.0.0/15;
set_real_ip_from 104.16.0.0/13;
set_real_ip_from 104.24.0.0/14;
set_real_ip_from 172.64.0.0/13;
set_real_ip_from 131.0.72.0/22;
set_real_ip_from 2400:cb00::/32;
set_real_ip_from 2606:4700::/32;
set_real_ip_from 2803:f800::/32;
set_real_ip_from 2405:b500::/32;
set_real_ip_from 2405:8100::/32;
set_real_ip_from 2a06:98c0::/29;
set_real_ip_from 2c0f:f248::/32;
include /etc/nginx/default.d/*.conf;
}
Help please
Last edited by a moderator: