Fix single tick page. Fix nginx root configs. Add apache configs.
This commit is contained in:
parent
6852eaa35e
commit
4fd9315f06
0
examples/README.md
Normal file
0
examples/README.md
Normal file
59
examples/apache/root/.htaccess
Normal file
59
examples/apache/root/.htaccess
Normal file
@ -0,0 +1,59 @@
|
||||
# Enable mod_rewrite
|
||||
RewriteEngine On
|
||||
|
||||
# Security headers
|
||||
# The first rule is to prevent including in a frame on a different domain.
|
||||
# Remove it if you want to do that.
|
||||
Header always set X-Frame-Options "SAMEORIGIN"
|
||||
Header always set X-XSS-Protection "1; mode=block"
|
||||
Header always set X-Content-Type-Options "nosniff"
|
||||
|
||||
# Directory index
|
||||
# (Not actually used because everything gets handled by a rewrite rule
|
||||
# , but I'm keeping it for clarity about what's going on.)
|
||||
DirectoryIndex index.php
|
||||
|
||||
# Deny access to hidden files (e.g. .htaccess)
|
||||
<FilesMatch "^\.">
|
||||
Require all denied
|
||||
</FilesMatch>
|
||||
|
||||
# Cache static files (excluding css/custom which goes through PHP)
|
||||
# Note that I don't actually serve most of this (just css)
|
||||
# but this prevents requests for static content from getting to the PHP handler.
|
||||
#
|
||||
# The /css/custom directory is excluded from this in a RewriteCond below:
|
||||
# RewriteCond %{REQUEST_URI} !^/tkr/css/custom/
|
||||
#
|
||||
# Those requests are handled by the PHP app to serve custom css
|
||||
<FilesMatch "\.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$">
|
||||
ExpiresActive On
|
||||
ExpiresDefault "access plus 1 year"
|
||||
Header set Cache-Control "public, max-age=31536000, immutable"
|
||||
</FilesMatch>
|
||||
|
||||
# Process PHP files
|
||||
<FilesMatch "\.php$">
|
||||
SetHandler application/x-httpd-php
|
||||
</FilesMatch>
|
||||
|
||||
# Skip rewriting if already in /tkr/public/ (prevents infinite loops)
|
||||
RewriteRule ^tkr/public/ - [L]
|
||||
|
||||
# Block direct access to all .php files
|
||||
# but allow internal rewrites to index.php
|
||||
RewriteCond %{THE_REQUEST} \.php [NC]
|
||||
RewriteRule ^.*\.php$ - [R=404,L]
|
||||
|
||||
# Block access to sensitive directories
|
||||
RewriteRule ^(storage|src|templates|uploads|config)(/.*)?$ - [F,L]
|
||||
|
||||
# If it's a static file that exists in /tkr/public, serve it directly
|
||||
# (but exclude css/custom which should go through PHP)
|
||||
RewriteCond %{REQUEST_URI} !^/css/custom/
|
||||
RewriteCond %{DOCUMENT_ROOT}/tkr/public%{REQUEST_URI} -f
|
||||
RewriteRule ^(.*)$ /tkr/public/$1 [L]
|
||||
|
||||
# Send everything else to the front controller
|
||||
# (/tkr/public/index.php)
|
||||
RewriteRule ^.*$ /tkr/public/index.php [L]
|
61
examples/apache/subfolder/.htaccess
Normal file
61
examples/apache/subfolder/.htaccess
Normal file
@ -0,0 +1,61 @@
|
||||
# Enable mod_rewrite
|
||||
RewriteEngine On
|
||||
|
||||
# Security headers
|
||||
# The first rule is to prevent including in a frame on a different domain.
|
||||
# Remove it if you want to do that.
|
||||
Header always set X-Frame-Options "SAMEORIGIN"
|
||||
Header always set X-XSS-Protection "1; mode=block"
|
||||
Header always set X-Content-Type-Options "nosniff"
|
||||
|
||||
# Directory index
|
||||
DirectoryIndex index.php
|
||||
|
||||
# Deny access to hidden files (e.g. .htaccess)
|
||||
<FilesMatch "^\.">
|
||||
Require all denied
|
||||
</FilesMatch>
|
||||
|
||||
# Cache static files (excluding css/custom which goes through PHP)
|
||||
# Note that I don't actually serve most of this (just css)
|
||||
# but this prevents requests for static content from getting to the PHP handler.
|
||||
#
|
||||
# The /css/custom directory is excluded from this in a RewriteCond below:
|
||||
# RewriteCond %{REQUEST_URI} !^/tkr/css/custom/
|
||||
#
|
||||
# Those requests are handled by the PHP app to serve custom css
|
||||
<FilesMatch "\.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$">
|
||||
ExpiresActive On
|
||||
ExpiresDefault "access plus 1 year"
|
||||
Header set Cache-Control "public, max-age=31536000, immutable"
|
||||
</FilesMatch>
|
||||
|
||||
# Process PHP files
|
||||
<FilesMatch "\.php$">
|
||||
SetHandler application/x-httpd-php
|
||||
</FilesMatch>
|
||||
|
||||
# Skip rewriting if already in /tkr/public/ (prevents infinite loops)
|
||||
RewriteRule ^tkr/public/ - [L]
|
||||
|
||||
# Block direct access to all .php files
|
||||
# but allow internal rewrites to index.php
|
||||
RewriteCond %{THE_REQUEST} \.php [NC]
|
||||
RewriteRule ^.*\.php$ - [R=404,L]
|
||||
|
||||
# Block access to sensitive directories under /tkr
|
||||
RewriteRule ^tkr/(storage|src|templates|uploads|config)(/.*)?$ - [F,L]
|
||||
|
||||
# Handle /tkr requests
|
||||
# (keep the path after /tkr for the next directive)
|
||||
RewriteCond %{REQUEST_URI} ^/tkr(/.*)?$
|
||||
|
||||
# If it's a static file that exists in /tkr/public, serve it directly
|
||||
# (e.g. /tkr/public/css/tkr.css)
|
||||
RewriteCond %{REQUEST_URI} !^/tkr/css/custom/
|
||||
RewriteCond %{DOCUMENT_ROOT}/tkr/public%1 -f
|
||||
RewriteRule ^tkr(/.*)?$ /tkr/public$1 [L]
|
||||
|
||||
# Send everything else to the front controller
|
||||
# (/tkr/public/index.php)
|
||||
RewriteRule ^tkr(/.*)?$ /tkr/public/index.php [L]
|
@ -1,33 +0,0 @@
|
||||
services:
|
||||
nginx:
|
||||
image: nginx:alpine
|
||||
container_name: nginx-server
|
||||
ports:
|
||||
- "80:80"
|
||||
volumes:
|
||||
- ./public:/var/www/html/tkr/public
|
||||
- ./examples/nginx/folder.conf:/etc/nginx/conf.d/default.conf
|
||||
depends_on:
|
||||
- php
|
||||
restart: unless-stopped
|
||||
|
||||
php:
|
||||
image: php:8.2-fpm-alpine
|
||||
container_name: php-fpm
|
||||
volumes:
|
||||
- ./config:/var/www/html/tkr/config
|
||||
- ./public:/var/www/html/tkr/public
|
||||
- ./src:/var/www/html/tkr/src
|
||||
- ./storage:/var/www/html/tkr/storage
|
||||
- ./templates:/var/www/html/tkr/templates
|
||||
command: >
|
||||
sh -c "
|
||||
chown -R www-data:www-data /var/www/html/tkr/storage &&
|
||||
chmod -R 775 /var/www/html/tkr/storage &&
|
||||
php-fpm
|
||||
"
|
||||
restart: unless-stopped
|
||||
|
||||
volumes:
|
||||
src:
|
||||
driver: local
|
@ -1,36 +0,0 @@
|
||||
server {
|
||||
#listen 80 default_server;
|
||||
listen 80;
|
||||
root /app/public;
|
||||
|
||||
index index.php;
|
||||
|
||||
# Security headers
|
||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
||||
add_header X-XSS-Protection "1; mode=block" always;
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
|
||||
# Deny access to hidden files
|
||||
location ~ /\. {
|
||||
deny all;
|
||||
access_log off;
|
||||
log_not_found off;
|
||||
}
|
||||
|
||||
location ~ \.php$ {
|
||||
fastcgi_pass php:9000;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param REQUEST_METHOD $request_method;
|
||||
fastcgi_param CONTENT_TYPE $content_type;
|
||||
fastcgi_param CONTENT_LENGTH $content_length;
|
||||
include fastcgi_params;
|
||||
}
|
||||
|
||||
location / {
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
|
||||
location ~* \.(htaccess|env|ini|log|bak)$ {
|
||||
deny all;
|
||||
}
|
||||
}
|
78
examples/nginx/root/nginx.conf
Normal file
78
examples/nginx/root/nginx.conf
Normal file
@ -0,0 +1,78 @@
|
||||
server {
|
||||
listen 80;
|
||||
server_name localhost;
|
||||
|
||||
root /var/www/html/tkr/public;
|
||||
index index.php;
|
||||
|
||||
# Security headers
|
||||
# The first rule is to prevent including in a frame on a different domain.
|
||||
# Remove it if you want to do that.
|
||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
||||
add_header X-XSS-Protection "1; mode=block" always;
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
|
||||
# Deny access to hidden files
|
||||
location ~ /\. {
|
||||
deny all;
|
||||
access_log off;
|
||||
log_not_found off;
|
||||
}
|
||||
|
||||
# PHP routing - everything goes through index.php
|
||||
location / {
|
||||
# Cache static files
|
||||
# Note that I don't actually serve most of this (just css)
|
||||
# but this prevents requests for static content from getting to the PHP handler.
|
||||
#
|
||||
# I've excluded /css/custom so that requests for uploaded css can be handled by the PHP app.
|
||||
# That lets me store uploaded content outside of the document root,
|
||||
# so it isn't served directly.
|
||||
location ~* ^/(?!css/custom/).+\.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
|
||||
expires 1y;
|
||||
add_header Cache-Control "public, immutable";
|
||||
try_files $uri =404;
|
||||
}
|
||||
|
||||
# index.php is the entry point
|
||||
# It needs to be sent to php-fpm
|
||||
# But if someone tries to directly access index.php, that file will throw a 404
|
||||
# so bots and scanners can't tell this is a php app
|
||||
location = /index.php {
|
||||
fastcgi_pass php:9000;
|
||||
fastcgi_param SCRIPT_FILENAME /var/www/html/tkr/public/index.php;
|
||||
include fastcgi_params;
|
||||
|
||||
fastcgi_param REQUEST_METHOD $request_method;
|
||||
fastcgi_param REQUEST_URI $request_uri;
|
||||
fastcgi_param QUERY_STRING $query_string;
|
||||
}
|
||||
|
||||
# Block attempts to access all other .php files directly
|
||||
# (these are bots and scanners)
|
||||
location ~ ^/.+\.php$ {
|
||||
return 404;
|
||||
}
|
||||
|
||||
# forward other requests to the fallback block,
|
||||
# which sends them to php-fpm for handling
|
||||
try_files $uri $uri/ @tkr_fallback;
|
||||
}
|
||||
|
||||
# Fallback for /tkr routing - all non-file requests (e.g. /login) go to index.php
|
||||
location @tkr_fallback {
|
||||
fastcgi_pass php:9000;
|
||||
fastcgi_param SCRIPT_FILENAME /var/www/html/tkr/public/index.php;
|
||||
include fastcgi_params;
|
||||
|
||||
fastcgi_param REQUEST_METHOD $request_method;
|
||||
fastcgi_param REQUEST_URI $request_uri;
|
||||
fastcgi_param QUERY_STRING $query_string;
|
||||
}
|
||||
|
||||
# Deny access to sensitive directories
|
||||
location ~ ^/(storage|src|templates|uploads|config) {
|
||||
deny all;
|
||||
return 404;
|
||||
}
|
||||
}
|
@ -6,6 +6,8 @@ server {
|
||||
index index.html;
|
||||
|
||||
# Security headers
|
||||
# The first rule is to prevent including in a frame on a different domain.
|
||||
# Remove it if you want to do that.
|
||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
||||
add_header X-XSS-Protection "1; mode=block" always;
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
@ -44,7 +46,6 @@ server {
|
||||
fastcgi_param SCRIPT_FILENAME /var/www/html/tkr/public/index.php;
|
||||
include fastcgi_params;
|
||||
|
||||
# Additional FastCGI params
|
||||
fastcgi_param REQUEST_METHOD $request_method;
|
||||
fastcgi_param REQUEST_URI $request_uri;
|
||||
fastcgi_param QUERY_STRING $query_string;
|
||||
@ -67,14 +68,13 @@ server {
|
||||
fastcgi_param SCRIPT_FILENAME /var/www/html/tkr/public/index.php;
|
||||
include fastcgi_params;
|
||||
|
||||
# Additional FastCGI params
|
||||
fastcgi_param REQUEST_METHOD $request_method;
|
||||
fastcgi_param REQUEST_URI $request_uri;
|
||||
fastcgi_param QUERY_STRING $query_string;
|
||||
}
|
||||
|
||||
# Deny access to sensitive directories
|
||||
location ~ ^/tkr/(storage|src|templates|vendor|uploads|config) {
|
||||
location ~ ^/tkr/(storage|src|templates|uploads|config) {
|
||||
deny all;
|
||||
return 404;
|
||||
}
|
5
templates/partials/tick.php
Normal file
5
templates/partials/tick.php
Normal file
@ -0,0 +1,5 @@
|
||||
<?php /** @var ConfigModel $config */ ?>
|
||||
<?php /** @var Date $tickTime */ ?>
|
||||
<?php /** @var string $tick */ ?>
|
||||
<h1>Tick from <?= $tickTime->format('Y-m-d H:i:s'); ?></h1>
|
||||
<p><?= $tick ?></p>
|
@ -1,15 +0,0 @@
|
||||
<?php /** @var ConfigModel $config */ ?>
|
||||
<?php /** @var Date $tickTime */ ?>
|
||||
<?php /** @var string $tick */ ?>
|
||||
<!DOCTYPE html>
|
||||
<html lang="en">
|
||||
<head>
|
||||
<?php include TEMPLATES_DIR . '/partials/head.php'?>
|
||||
</head>
|
||||
<body>
|
||||
<?php include TEMPLATES_DIR . '/partials/navbar.php'?>
|
||||
<!DOCTYPE html>
|
||||
<h1>Tick from <?= $tickTime->format('Y-m-d H:i:s'); ?></h1>
|
||||
<p><?= $tick ?></p>
|
||||
</body>
|
||||
</html>
|
Loading…
x
Reference in New Issue
Block a user