File: //tmp/ng_file_bk.conf
server
{
listen 80;
listen 443 ssl;
listen 443 quic;
http2 on;
server_name proship.vn www.proship.vn;
index index.php;
root /www/wwwroot/proship.vn/public_html;
#CERT-APPLY-CHECK--START
# Configuration related to file verification for SSL certificate application - Do not delete
include /www/server/panel/vhost/nginx/well-known/proship.vn.conf;
#CERT-APPLY-CHECK--END
#SSL-START SSL related configuration, do NOT delete or modify the next line of commented-out 404 rules
#error_page 404/404.html;
ssl_certificate /www/server/panel/vhost/cert/proship.vn/fullchain.pem;
ssl_certificate_key /www/server/panel/vhost/cert/proship.vn/privkey.pem;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_tickets on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
add_header Strict-Transport-Security "max-age=31536000";
add_header Alt-Svc 'quic=":443"; h3=":443"; h3-29=":443"; h3-27=":443";h3-25=":443"; h3-T050=":443"; h3-Q050=":443";h3-Q049=":443";h3-Q048=":443"; h3-Q046=":443"; h3-Q043=":443"';
error_page 497 https://$host$request_uri;
#HTTP_TO_HTTPS_START
if ($server_port !~ 443)
{
rewrite ^(/.*)$ https://$host$1 permanent;
}
#SSL-END
#ERROR-PAGE-START Error page configuration, allowed to be commented, deleted or modified
#error_page 404 /404.html;
#error_page 502 /502.html;
#ERROR-PAGE-END
#PHP-INFO-START PHP reference configuration, allowed to be commented, deleted or modified
include enable-php-00.conf;
#PHP-INFO-END
#REWRITE-START URL rewrite rule reference, any modification will invalidate the rewrite rules set by the panel
include /www/server/panel/vhost/rewrite/proship.vn.conf;
#REWRITE-END
# Forbidden files or directories
location ~ ^/(\.user.ini|\.htaccess|\.git|\.svn|\.project|LICENSE|README.md)
{
return 404;
}
# Directory verification related settings for one-click application for SSL certificate
location ~ \.well-known
{
allow all;
}
rewrite ^/sitemap_index.xml$ /index.php?sitemap=1 last;
rewrite ^/([^/]+?)-sitemap([0-9]+)?.xml$ /index.php?sitemap=$1&sitemap_n=$2 last;
location = /favicon.ico {
expires max;
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ \.(css|htc|js|js2|js3|js4)$ {
expires 31536000s; }
location ~ \.(htm|rtf|rtx|svg|svgz|txt|xsd|xsl|xml)$ {
expires 31536000s; }
location ~ \.(asf|asx|wax|wmv|wmx|avi|bmp|class|divx|doc|docx|eot|exe|gif|gz|gzip|ico|jpg|jpeg|jpe|json|mdb|mid|midi|mov|qt|mp3|m4a|mp4|m4v|mpeg|mpg|mpe|mpp|otf|odb|odc|odf|odg|odp|ods|odt|ogg|pdf|png|pot|pps|ppt|pptx|ra|ram|svg|svgz|swf|tar|tif|tiff|ttf|ttc|wav|wma|wri|xla|xls|xlsx|xlt|xlw|zip)$ {
expires 31536000s; }
location ~* .(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|mid|midi|wav|bmp|rtf)$ {
expires max;
log_not_found off;
access_log off;
}
autoindex off;
set $comment_flagged 0;
set $comment_request_method 0;
set $comment_request_uri 0;
set $comment_referrer 1;
if ($request_method ~ "POST"){
set $comment_request_method 1;
}
if ($request_uri ~ "/wp-comments-post\.php$"){
set $comment_request_method 1;
}
if ($http_referer !~ "^https?://(([^/]+\.)?site\.com|jetpack\.wordpress\.com/jetpack-comment)(/|$)"){
set $comment_referrer 0;
}
set $comment_flagged "${comment_request_method}${comment_request_uri}${comment_referrer}";
if ($comment_flagged = "111") {
return 403;
}
#location ~* /xmlrpc.php$ {
# allow 192.168.10.0/24;
# deny all;
#}
if ($request_method !~ ^(GET|POST)$ ) {
return 444;
}
location ~* /(?:uploads|files|wp-content|wp-includes|akismet)/.*.php$ {
deny all;
access_log off;
log_not_found off;
}
location ~ /\.(svn|git)/* {
deny all;
access_log off;
log_not_found off;
}
location ~ /\.ht {
deny all;
access_log off;
log_not_found off;
}
location ~ /\.user.ini {
deny all;
access_log off;
log_not_found off;
}
#location ~ ^/(?!(blog)/?) {
# deny all;
# access_log off;
# log_not_found off;
#}
location /wp-content/uploads {
types {
image/gif gif;
image/jpeg jpeg jpg;
image/png png;
text/plain txt;
}
default_type application/octet-stream;
location ~ \.php$ {
break;
}
}
location ~* /wp-includes/.*.php$ {
deny all;
access_log off;
log_not_found off;
}
location ~* /(?:uploads|files)/.*.php$ {
deny all;
access_log off;
log_not_found off;
}
location /wp-content/themes/ {
types {
image/gif gif;
image/jpeg jpeg jpg;
image/png png;
text/plain txt;
}
default_type application/octet-stream;
location ~ \.php$ {
break;
}
}
location /wp-content/plugins/ {
types {
image/gif gif;
image/jpeg jpeg jpg;
image/png png;
text/plain txt;
}
default_type application/octet-stream;
location ~ \.php$ {
break;
}
}
location = /xmlrpc.php {
deny all;
access_log off;
log_not_found off;
}
error_page 404 /404/;
location ~* ^.+.(jpg|jpeg|gif|css|png|js|svg|ico|xml|txt|eot|otf|woff|woff2|ttf)$ {
access_log off;
expires 360d;
access_log off;
log_not_found off;
}
location ~ /\.ht {
deny all;
}
#access_log /www/wwwlogs/proship.vn.access.log;
# error_log /www/wwwlogs/proship.vn.error.log;
location /
{
try_files $uri $uri/ /index.php?$args;
}
location /dang-ky
{
index index.html;
}
location ~* /uploads/.*\.php$ {
return 503;
}
location ~ \.php {
fastcgi_pass 127.0.0.1:9012;
fastcgi_index index.php;
fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;
include fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED /var/www/html$fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME /var/www/html$fastcgi_script_name;
}
}