Vai al contenuto

4.x [Nginx] Conf File IPS

Recommended Posts


ho trovato un interessante configurazione per NGINX fatta per IPS4

il link di github è questo

(è specifica per centmindmod)


# IPB4 Working NGINX site conf file
# Tested on IPB and Centminmod 123.09beta01
# This file is for a FORCED SSL site.  Non-SSL requests will be directed to SSL.
# Replace with your IP address or domain name.

# Information gathered from
# / Information pulled from multiple guides.  Thx eva2000!
# Makoto on IPB Forum via version 3.4.8 guide.
# Base building forum thread:
# Anyone else not mentioned who helped modify and create this file:  Thanks!

# Redirect to HTTPS from port 80
# Redirect from www to non-www with forced SSL
server {
    listen  80;
    return 301$request_uri;
    # Access and Error Logs
    access_log /home/nginx/domains/ combined buffer=256k flush=60m;
    error_log /home/nginx/domains/;

server {
    listen 443 ssl http2;
    root /home/nginx/domains/;
    ssl_dhparam /usr/local/nginx/conf/ssl/;
    ssl_certificate      /usr/local/nginx/conf/ssl/;
    ssl_certificate_key  /usr/local/nginx/conf/ssl/;
    include /usr/local/nginx/conf/ssl_include.conf;
    # Mozilla Recommended
    ssl_prefer_server_ciphers   on;

    # add_header Alternate-Protocol  443:npn-spdy/3;
    # HTTP Public Key Pinning Header uncomment only one that applies include or exclude domains.
    # You'd want to include subdomains if you're using SSL wildcard certificates
    # include subdomain
    # add_header Public-Key-Pins 'pin-sha256="kUtRfCe0JWOz1gw4DOGvf15QCfSLkIrlu+eOpf/PFOg="; pin-sha256="7nF+BczNEgtaZKE9fU80QwigQ+9Ip5S4AhR8CYM/U70="; max-age=86400; includeSubDomains';
    # exclude subdomains
    # add_header Public-Key-Pins 'pin-sha256="kUtRfCe0JWOz1gw4DOGvf15QCfSLkIrlu+eOpf/PFOg="; pin-sha256="7nF+BczNEgtaZKE9fU80QwigQ+9Ip5S4AhR8CYM/U70="; max-age=86400';
    add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
    add_header X-Frame-Options SAMEORIGIN;
    add_header X-Content-Type-Options "nosniff" always;
    # spdy_headers_comp 5;
    ssl_buffer_size 1400;
    ssl_session_tickets on;

    # enable ocsp stapling
    # resolver valid=10m;
    # resolver_timeout 10s;
    # ssl_stapling on;
    # ssl_stapling_verify on;
    # ssl_trusted_certificate /usr/local/nginx/conf/ssl/;

    # ngx_pagespeed & ngx_pagespeed handler
    # include /usr/local/nginx/conf/pagespeed.conf;
    # include /usr/local/nginx/conf/pagespeedhandler.conf;
    # include /usr/local/nginx/conf/pagespeedstatslog.conf;

    # add_header X-Xss-Protection "1; mode=block" always;
    # add_header X-Xss-Protection "1; mode=block" always;
    # add_header X-Content-Type-Options "nosniff" always;

    # Limit Connections Per IP Address
    # Modified from default to allow Admin directory to have more connections
    # Modified in nginx.conf
    # limit_conn_zone $limitconn_map zone=limit_per_ip:16m;
    # ssi  on;

    # Access and Error Logs
    access_log /home/nginx/domains/ combined buffer=256k flush=60m;
    error_log /home/nginx/domains/;

    # Prevent access to ./directories and files
    location ~ (?:^|/)\. {
        deny all;

    location / {

        # block common exploits, sql injections etc
        include /usr/local/nginx/conf/block.conf;

        # Enables directory listings when index file not found
        # autoindex  on;

        # Shows file listing times as local time
        autoindex_localtime on;

        try_files    $uri $uri/ /index.php;

    location ~^(/page/).*(\.php)$ {
        try_files  $uri $uri/ /index.php;
    # Mask fake admin directory
    # Must comment this during install.  Uncomment after you change the name of the admin directory.
    location ~^/admin/(.*)$ {
        deny all;
    # Secure real admin directory
    # Replace /your_admin_renamed_directory/ with your renamed directory.
    #location /your_admin_renamed_directory/ {
    #    auth_basic "Private";
    #    auth_basic_user_file /usr/local/nginx/conf/htpasswd_admin_php;
    #        include /usr/local/nginx/conf/php.conf;
    #        allow;
    #        allow YOURIPADDRESS;
    #        deny all;
    # IP.Board PHP/CGI Protection

    # Allow access to interface files
    location ~^(/applications/*/interface/).*(\.php)$ {
      allow all;

    location ~^(/uploads/).*(\.php)$ {
        deny     all;
    location ~^(/system/).*(\.php)$ {
        deny     all;
    location ~^(/datastore/).*(\.php)$ {
        deny     all;
    location ~^(/plugins/).*(\.php)$ {
        deny     all;
    location ~^(/applications/blog/).*(\.php)$ {
        deny     all;
    location ~^(/applications/calendar/).*(\.php)$ {
        deny     all;
    location ~^(/applications/chat/).*(\.php)$ {
        deny     all;
    location ~^(/applications/cms/).*(\.php)$ {
        deny     all;

    location ~^(/applications/core/).*(\.php)$ {
        deny     all;
    location ~^(/applications/downloads/).*(\.php)$ {
        deny     all;
    location ~^(/applications/forums/).*(\.php)$ {
        deny     all;
    location ~^(/applications/gallery/).*(\.php)$ {
        deny     all;
    location ~^(/applications/nexus/).*(\.php)$ {
        deny     all;

    include /usr/local/nginx/conf/staticfiles.conf;
    include /usr/local/nginx/conf/php.conf;
    include /usr/local/nginx/conf/drop.conf;
    #include /usr/local/nginx/conf/errorpage.conf;
    include /usr/local/nginx/conf/vts_server.conf;


Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Crea un account o accedi per lasciare un commento

You need to be a member in order to leave a comment

Crea un account

Iscriviti per un nuovo account nella nostra comunità. È facile!

Registra un nuovo account


Sei già registrato? Accedi qui.

Accedi Ora