linuxserver/docker-swag
1
0
Fork 0
mirror of https://github.com/linuxserver/docker-swag.git synced 2026-05-20 01:11:03 +09:00
Code Issues Packages Projects Releases Wiki Activity

Move dotfile denial up

Browse Source 
Signed-off-by: Eric Nemchik <eric@nemchik.com>
This commit is contained in:
Eric Nemchik
2026-05-05 16:44:32 -05:00
parent 716b1237c5
commit 22bafef661
1 changed files with 16 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
root/defaults/nginx/site-confs/default.conf.sample
View File

@@ -1,4 +1,4 @@
## Version 2026/02/08 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/site-confs/default.conf.sample ## Version 2026/05/05 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/site-confs/default.conf.sample
# redirect all traffic to https # redirect all traffic to https
server { server {
@@ -24,6 +24,18 @@ server {
root /config/www; root /config/www;
index index.html index.htm index.php; index index.html index.htm index.php;
# Allow access to the ".well-known" directory
location ^~ /.well-known {
allow all;
}
# deny access to all dotfiles
location ~ /\. {
access_log off;
log_not_found off;
return 404;
}
# enable subfolder method reverse proxy confs # enable subfolder method reverse proxy confs
include /config/nginx/proxy-confs/*.subfolder.conf; include /config/nginx/proxy-confs/*.subfolder.conf;
@@ -32,10 +44,8 @@ server {
# enable for Authelia (requires authelia-location.conf in the location block) # enable for Authelia (requires authelia-location.conf in the location block)
#include /config/nginx/authelia-server.conf; #include /config/nginx/authelia-server.conf;
# enable for Authentik (requires authentik-location.conf in the location block) # enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf; #include /config/nginx/authentik-server.conf;
location / { location / {
# enable for basic auth # enable for basic auth
#auth_basic "Restricted"; #auth_basic "Restricted";
@@ -46,10 +56,8 @@ server {
# enable for Authelia (requires authelia-server.conf in the server block) # enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf; #include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block) # enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf; #include /config/nginx/authentik-location.conf;
try_files $uri $uri/ /index.html /index.htm /index.php$is_args$args; try_files $uri $uri/ /index.html /index.htm /index.php$is_args$args;
} }
@@ -63,29 +71,16 @@ server {
# enable for Authelia (requires authelia-server.conf in the server block) # enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf; #include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block) # enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf; #include /config/nginx/authentik-location.conf;
fastcgi_split_path_info ^(.+\.php)(.*)$; fastcgi_split_path_info ^(.+\.php)(.*)$;
if (!-f $document_root$fastcgi_script_name) { return 404; } if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass 127.0.0.1:9000; fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php; fastcgi_index index.php;
include /etc/nginx/fastcgi_params; include /etc/nginx/fastcgi_params;
} }
# deny access to all dotfiles
location ~ /\. {
deny all;
log_not_found off;
access_log off;
return 404;
}
# Allow access to the ".well-known" directory
location ^~ /.well-known {
allow all;
}
} }
# enable subdomain method reverse proxy confs # enable subdomain method reverse proxy confs