Wiki

Nginx:Vhost MediaWiki: Difference between revisions

Newer edit →
Kangtain (talk | contribs)
Bureaucrats, Interface administrators, Suppressors, Administrators
9,206 edits
VisualWikitext
Created page with "==SSL Origin CloudFlare== server { listen 80; listen [::]:80; listen 443 ssl http2; listen [::]:443 ssl http2; server_name kangtain.com www.kangtain.com; root /var/www/kangtain.com; index index.php; modsecurity on; modsecurity_rules_file /etc/nginx/modsec/main.conf; # Add headers to serve security related headers add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1..."
 
No edit summary
Line 1: Line 1:
==Tanpa SSL==
server {
        listen 80;
        listen [::]:80;
        server_name your-domain.com;
        root /var/www/mediawiki;
        index index.php;
   
        error_log /var/log/nginx/your-domain.com.error;
        access_log /var/log/nginx/your-domain.com.access;
        location / {
                try_files $uri $uri/ /index.php;
        }
        location ~ /.well-known {
            allow all;
        }
        location ~ /\.ht {
          deny all;
          }
        location ~ \.php$ {
            fastcgi_pass unix:/run/php/php7.4-fpm.sock;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            include fastcgi_params;
            include snippets/fastcgi-php.conf;
        }
}
==SSL Origin CloudFlare==
==SSL Origin CloudFlare==


Line 7: Line 40:
         listen [::]:443 ssl http2;
         listen [::]:443 ssl http2;
          
          
         server_name kangtain.com www.kangtain.com;
         server_name your-domain.com;
         root /var/www/kangtain.com;
         root /var/www/your-domain.com;
         index index.php;
         index index.php;
    #Jika menggunakan [[ModSecurity]]
  modsecurity on;
  modsecurity on;
  modsecurity_rules_file /etc/nginx/modsec/main.conf;
  modsecurity_rules_file /etc/nginx/modsec/main.conf;
Line 21: Line 55:
  add_header Referrer-Policy no-referrer;
  add_header Referrer-Policy no-referrer;
          
          
         ssl_certificate /etc/ssl/certs/cloudflare_kangtain.com.pem;
         ssl_certificate /etc/ssl/certs/cloudflare_your-domain.com.pem;
         ssl_certificate_key /etc/ssl/private/cloudflare_key_kangtain.com.pem;
         ssl_certificate_key /etc/ssl/private/cloudflare_key_your-domain.com.pem;
         ssl_client_certificate /etc/ssl/certs/origin-pull-ca.pem;
         ssl_client_certificate /etc/ssl/certs/origin-pull-ca.pem;
         ssl_verify_client on;
         ssl_verify_client on;
          
          
         error_log /var/log/nginx/kangtain.com.error;
         error_log /var/log/nginx/your-domain.com.error;
         access_log /var/log/nginx/kangtain.com.access;
         access_log /var/log/nginx/your-domain.com.access;
          
          
         location / {
         location / {
Line 62: Line 96:


  server {
  server {
         server_name kangtain.com;
         server_name your-domain.com;
   
   
         root /var/www/kangtain.com;
         root /var/www/your-domain.com;
         index index.php;
         index index.php;
    
    
         error_log /var/log/nginx/kangtain.com.error;
         error_log /var/log/nginx/your-domain.com.error;
         access_log /var/log/nginx/kangtain.com.access;
         access_log /var/log/nginx/your-domain.com.access;
   
   
         location / {
         location / {
Line 95: Line 129:
     listen [::]:443 ssl ipv6only=on; # managed by Certbot
     listen [::]:443 ssl ipv6only=on; # managed by Certbot
     listen 443 ssl; # managed by Certbot
     listen 443 ssl; # managed by Certbot
     ssl_certificate /etc/letsencrypt/live/kangtain.com/fullchain.pem; # managed by Certbot
     ssl_certificate /etc/letsencrypt/live/your-domain.com/fullchain.pem; # managed by Certbot
     ssl_certificate_key /etc/letsencrypt/live/kangtain.com/privkey.pem; # managed by Certbot
     ssl_certificate_key /etc/letsencrypt/live/your-domain.com/privkey.pem; # managed by Certbot
     include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
     include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
     ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
     ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
Line 104: Line 138:
   
   
   
   
     ssl_trusted_certificate /etc/letsencrypt/live/kangtain.com/chain.pem; # managed by Certbot
     ssl_trusted_certificate /etc/letsencrypt/live/your-domain.com/chain.pem; # managed by Certbot
     ssl_stapling on; # managed by Certbot
     ssl_stapling on; # managed by Certbot
     ssl_stapling_verify on; # managed by Certbot
     ssl_stapling_verify on; # managed by Certbot
Line 110: Line 144:
  }  
  }  
  server {
  server {
     if ($host = kangtain.com) {
     if ($host = your-domain.com) {
         return 301 https://$host$request_uri;
         return 301 https://$host$request_uri;
     } # managed by Certbot
     } # managed by Certbot
Line 119: Line 153:
         server_name kangtain.com;
         server_name kangtain.com;
   
   
         root /var/www/kangtain.com;
         root /var/www/your-domain.com;
         index index.php;
         index index.php;
    
    
         error_log /var/log/nginx/kangtain.com.error;
         error_log /var/log/nginx/your-domain.com.error;
         access_log /var/log/nginx/kangtain.com.access;
         access_log /var/log/nginx/your-domain.com.access;
   
   
         location / {
         location / {
Retrieved from "https://kangtain.com/wiki/index.php/Nginx:Vhost_MediaWiki"