linuxserver/docker-swag
1
0
Fork 0
mirror of https://github.com/linuxserver/docker-swag.git synced 2026-05-10 12:44:44 +09:00
Code Issues Packages Projects Releases Wiki Activity

Move dotfile denial up

Browse Source 
Signed-off-by: Eric Nemchik <eric@nemchik.com>
This commit is contained in:
Eric Nemchik
2026-05-05 16:44:32 -05:00
parent 716b1237c5
commit 22bafef661
1 changed files with 16 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
root/defaults/nginx/site-confs/default.conf.sample
View File

@@ -1,4 +1,4 @@
## Version 2026/02/08 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/site-confs/default.conf.sample
## Version 2026/05/05 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/site-confs/default.conf.sample
# redirect all traffic to https
server {
@@ -24,6 +24,18 @@ server {
root /config/www;
index index.html index.htm index.php;
# Allow access to the ".well-known" directory
location ^~ /.well-known {
allow all;
}
# deny access to all dotfiles
location ~ /\. {
access_log off;
log_not_found off;
return 404;
}
# enable subfolder method reverse proxy confs
include /config/nginx/proxy-confs/*.subfolder.conf;
@@ -32,10 +44,8 @@ server {
# enable for Authelia (requires authelia-location.conf in the location block)
#include /config/nginx/authelia-server.conf;
# enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf;
location / {
# enable for basic auth
#auth_basic "Restricted";
@@ -46,10 +56,8 @@ server {
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
try_files $uri $uri/ /index.html /index.htm /index.php$is_args$args;
}
@@ -63,29 +71,16 @@ server {
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
fastcgi_split_path_info ^(.+\.php)(.*)$;
if (!-f $document_root$fastcgi_script_name) { return 404; }
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include /etc/nginx/fastcgi_params;
}
# deny access to all dotfiles
location ~ /\. {
deny all;
log_not_found off;
access_log off;
return 404;
}
# Allow access to the ".well-known" directory
location ^~ /.well-known {
allow all;
}
}
# enable subdomain method reverse proxy confs