%PDF-
%PDF-
Mini Shell
Mini Shell
# Expires map
map $sent_http_content_type $expires_monami {
default off;
text/html epoch;
text/css 24h;
application/javascript 24h;
application/x-javascript 24h;
application/octet-stream 7d;
~image/ 30d;
}
server {
listen 10.27.27.5:443 ssl http2;
server_name www.knihkupectvi-monami.cz;
root /www/knihkupectvi-monami.cz/www.knihkupectvi-monami.cz;
include ssl_params;
ssl_certificate /etc/certificates/knihkupectvi-monami.cz.pem; # managed by Certbot
ssl_certificate_key /etc/certificates/knihkupectvi-monami.cz.key; # managed by Certbot
# error_page 404 /404.php;
index index.php;
set $cache_uri $request_uri;
# POST requests and urls with a query string should always go to PHP
if ($request_method = POST) {
set $cache_uri 'null cache';
}
if ($query_string != "") {
set $cache_uri 'null cache';
}
# Don't cache uris containing the following segments
if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php|wp-.*.php|/feed/|index.php|wp-comments-popup.php|wp-links-opml.php|wp-locations.php|sitemap(_index)?.xml|[a-z0-9_-]+-sitemap([0-9]+)?.xml)") {
set $cache_uri 'null cache';
}
# Don't use the cache for logged in users or recent commenters
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_logged_in") {
set $cache_uri 'null cache';
}
# Use cached or actual file if they exists, otherwise pass request to WordPress
location / {
try_files /.cache/supercache/$http_host/$cache_uri/index-https.html /.cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php ;
}
# location / {
# # This is cool because no php is touched for static content.
# # include the "?$args" part so non-default permalinks doesn't break when using query string
# try_files $uri $uri/ /index.php?$args;
# #try_files $uri $uri/ /index.php?q=$uri&$args;
# }
location ~ \.php$ {
include fastcgi_params;
fastcgi_pass 127.0.0.1:7083;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /www/knihkupectvi-monami.cz/www.knihkupectvi-monami.cz$fastcgi_script_name;
}
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
}
server {
listen 10.27.27.5:80; listen 127.0.0.1;
server_name knihkupectvi-monami.cz;
return 301 https://www.knihkupectvi-monami.cz$request_uri;
}
server {
listen 10.27.27.5:443 ssl http2;
server_name knihkupectvi-monami.cz;
ssl_certificate /etc/certificates/knihkupectvi-monami.cz.pem; # managed by Certbot
ssl_certificate_key /etc/certificates/knihkupectvi-monami.cz.key; # managed by Certbot
return 301 https://www.knihkupectvi-monami.cz$request_uri;
}
server {
listen 10.27.27.5:80; listen 127.0.0.1;
server_name www.knihkupectvi-monami.cz;
return 301 https://www.knihkupectvi-monami.cz$request_uri;
}
server {
listen 10.27.27.5:80;
server_name demo.knihkupectvi-monami.cz;
# include ssl_params;
# ssl_certificate /home/waritko/cert/varak_net.pem;
# ssl_certificate_key /home/waritko/cert/varak_net.key;
# add_header "Public-Key-Pins-Report-Only" "pin-sha256=\"DEfB6oZEqmVbw7xhj3OT9urxywTO046j4eXuwPGbiBU=\"; pin-sha256=\"yeZsqWj0RbVofoH5G1eVLjgyrq7CVZIQGuuVVaOw3qY=\"; max-age=60; report-uri=\"https://report-uri.io/report/495632cc5dc0e8992e03505ce3bcfaf7/reportOnly\"";
root /www/knihkupectvi-monami.cz/demo.knihkupectvi-monami.cz;
index index.html index.htm index.php;
autoindex off;
autoindex_exact_size off;
##### Alien CONF
location = /install/sandbox/anything.php {
rewrite .* /install/sandbox/test.php last;
}
# Pass API requests to the webservice dispatcher
location ^~ /api/ {
rewrite ^/api/(.*) /webservice/dispatcher.php?url=$1 last;
}
# Block all files starting with ., like .htaccess
location ~ /\. {
deny all;
}
# Block all files with these extensions
location ~ \.(md|tpl)$ {
deny all;
}
# Directories explicitly allowed in directories blocked below
location ~ ^/docs/csv_import/ {
allow all;
}
# Block everything else in these directories
location ~ ^/(adminjanicka22/backups|adminjanicka22/export|adminjanicka22/import|adminjanicka22/tabs|classes|config|docs|download|install666|localization|log|override|tools|translations)/ {
deny all;
}
# 1 month expiry on other static stuff
# Also do the friendly URL rewrites
location ~* \.(eot|gif|ico|jpg|jpeg|otf|pdf|png|svg|swf|ttf|woff)$ {
rewrite ^/([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$1$2$3.jpg break;
rewrite ^/([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$1$2$3$4.jpg break;
rewrite ^/([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$1$2$3$4$5.jpg break;
rewrite ^/([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$1$2$3$4$5$6.jpg break;
rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$5/$1$2$3$4$5$6$7.jpg break;
rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$1$2$3$4$5$6$7$8.jpg break;
rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$7/$1$2$3$4$5$6$7$8$9.jpg break;
rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$7/$8/$1$2$3$4$5$6$7$8$9$10.jpg break;
rewrite ^/c/([0-9]+)(\-[\.*_a-zA-Z0-9-]*)(-[0-9]+)?/.+\.jpg$ /img/c/$1$2$3.jpg break;
rewrite ^/c/([a-zA-Z_-]+)(-[0-9]+)?/.+\.jpg$ /img/c/$1$2.jpg break;
rewrite ^/images_ie/?([^/]+)\.(jpe?g|png|gif)$ /js/jquery/plugins/fancybox/images/$1.$2 break;
# next line is PSCSX-2790 bug workaround, fixed in 1.6.0.10
rewrite ^/[a-zA-Z]+/img/cms/(.*)$ /img/cms/$1 break;
# expires 1M;
# add_header Cache-Control public;
allow all;
}
# Block everything else in these directories
location ~ ^/img/cms/ {
deny all;
}
# 1 week expiry on CSS and JavaScript
# location ~ \.(css|js)$ {
# expires 1w;
# add_header Cache-Control public;
# allow all;
# }
# The rest is either served directly or passed on to the dispatcher
location / {
try_files $uri $uri/ /index.php?$args;
}
## END ALIEN
location ~ \.php$ {
include fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /www/knihkupectvi-monami.cz/demo.knihkupectvi-monami.cz$fastcgi_script_name;
# fastcgi_param HTTPS On;
# fastcgi_param SSL On;
}
}
server {
listen 10.27.27.5:443 ssl http2;
server_name demo.knihkupectvi-monami.cz;
include ssl_params;
ssl_certificate /etc/certificates/knihkupectvi-monami.cz.pem; # managed by Certbot
ssl_certificate_key /etc/certificates/knihkupectvi-monami.cz.key; # managed by Certbot
# add_header "Public-Key-Pins-Report-Only" "pin-sha256=\"DEfB6oZEqmVbw7xhj3OT9urxywTO046j4eXuwPGbiBU=\"; pin-sha256=\"yeZsqWj0RbVofoH5G1eVLjgyrq7CVZIQGuuVVaOw3qY=\"; max-age=60; report-uri=\"https://report-uri.io/report/495632cc5dc0e8992e03505ce3bcfaf7/reportOnly\"";
root /www/knihkupectvi-monami.cz/demo.knihkupectvi-monami.cz;
index index.html index.htm index.php;
autoindex off;
autoindex_exact_size off;
##### Alien CONF
location = /install/sandbox/anything.php {
rewrite .* /install/sandbox/test.php last;
}
# Pass API requests to the webservice dispatcher
location ^~ /api/ {
rewrite ^/api/(.*) /webservice/dispatcher.php?url=$1 last;
}
# Block all files starting with ., like .htaccess
location ~ /\. {
deny all;
}
# Block all files with these extensions
location ~ \.(md|tpl)$ {
deny all;
}
# Directories explicitly allowed in directories blocked below
location ~ ^/docs/csv_import/ {
allow all;
}
# Block everything else in these directories
location ~ ^/(adminjanicka22/backups|adminjanicka22/export|adminjanicka22/import|adminjanicka22/tabs|classes|config|docs|download|install666|localization|log|override|tools|translations)/ {
deny all;
}
# 1 month expiry on other static stuff
# Also do the friendly URL rewrites
location ~* \.(eot|gif|ico|jpg|jpeg|otf|pdf|png|svg|swf|ttf|woff)$ {
rewrite ^/([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$1$2$3.jpg break;
rewrite ^/([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$1$2$3$4.jpg break;
rewrite ^/([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$1$2$3$4$5.jpg break;
rewrite ^/([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$1$2$3$4$5$6.jpg break;
rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$5/$1$2$3$4$5$6$7.jpg break;
rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$1$2$3$4$5$6$7$8.jpg break;
rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$7/$1$2$3$4$5$6$7$8$9.jpg break;
rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$7/$8/$1$2$3$4$5$6$7$8$9$10.jpg break;
rewrite ^/c/([0-9]+)(\-[\.*_a-zA-Z0-9-]*)(-[0-9]+)?/.+\.jpg$ /img/c/$1$2$3.jpg break;
rewrite ^/c/([a-zA-Z_-]+)(-[0-9]+)?/.+\.jpg$ /img/c/$1$2.jpg break;
rewrite ^/images_ie/?([^/]+)\.(jpe?g|png|gif)$ /js/jquery/plugins/fancybox/images/$1.$2 break;
# next line is PSCSX-2790 bug workaround, fixed in 1.6.0.10
rewrite ^/[a-zA-Z]+/img/cms/(.*)$ /img/cms/$1 break;
# expires 1M;
# add_header Cache-Control public;
allow all;
}
# Block everything else in these directories
location ~ ^/img/cms/ {
deny all;
}
# 1 week expiry on CSS and JavaScript
# location ~ \.(css|js)$ {
# expires 1w;
# add_header Cache-Control public;
# allow all;
# }
# The rest is either served directly or passed on to the dispatcher
location / {
try_files $uri $uri/ /index.php?$args;
}
## END ALIEN
location ~ \.php$ {
include fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /www/knihkupectvi-monami.cz/demo.knihkupectvi-monami.cz$fastcgi_script_name;
fastcgi_param HTTPS On;
fastcgi_param SSL On;
}
}
server {
listen 10.27.27.5:443 ssl http2;
server_name galerie.knihkupectvi-monami.cz;
# rewrite_log on;
include ssl_params;
ssl_certificate /etc/certificates/knihkupectvi-monami.cz.pem; # managed by Certbot
ssl_certificate_key /etc/certificates/knihkupectvi-monami.cz.key; # managed by Certbot
# error_page 404 /404.php;
root /www/knihkupectvi-monami.cz/galerie.knihkupectvi-monami.cz;
index index.html index.htm index.php;
# rewrite /customDataFeed/EBD4E447-4FCD-4CD8-8EEE-5B9308C1AA03 /heureka.xml;
set $admin_dir /adminjanicka22;
location ~ /(international|_profiler|module|product|feature|attribute|supplier|combination|specific-price)/(.*)$ {
try_files $uri $uri/ /index.php?q=$uri&$args $admin_dir/index.php$is_args$args;
}
# Redirect needed to "hide" index.php
location / {
try_files $uri $uri/ /index.php?$uri&$args;
# Old image system ?
rewrite ^/([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$1$2$3.jpg last;
rewrite ^/([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$1$2$3$4.jpg last;
rewrite ^/([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$1$2$3$4$5.jpg last;
rewrite ^/([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$1$2$3$4$5$6.jpg last;
rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$5/$1$2$3$4$5$6$7.jpg last;
rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$1$2$3$4$5$6$7$8.jpg last;
rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$7/$1$2$3$4$5$6$7$8$9.jpg last;
rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$7/$8/$1$2$3$4$5$6$7$8$9$10.jpg last;
rewrite ^/c/([0-9]+)(-[.*_a-zA-Z0-9-]*)(-[0-9]+)?/.+.jpg$ /img/c/$1$2$3.jpg last;
rewrite ^/c/([a-zA-Z_-]+)(-[0-9]+)?/.+.jpg$ /img/c/$1$2.jpg last;
}
error_page 404 /index.php?controller=404;
# Pass API requests to the webservice dispatcher
location ^~ /api/ {
rewrite ^/api/(.*) /webservice/dispatcher.php?url=$1 last;
}
# Cloudflare / Max CDN fix
location ~* \.(eot|otf|ttf|woff|woff2)$ {
add_header Access-Control-Allow-Origin *;
}
# location ~* \.(css|js|docx|zip|pptx|swf|txt|jpg|jpeg|png|gif|swf|webp|flv|ico|pdf|avi|mov|ppt|doc|mp3|wmv|wav|mp4|m4v|ogg|webm|aac)$ {
# expires max;
# log_not_found off;
# add_header Pragma public;
# add_header Cache-Control "public, must-revalidate, proxy-revalidate";
# }
# Deny access to .htaccess .DS_Store .htpasswd etc
location ~ /\. {
deny all;
}
# PHP 7 FPM part
location ~ [^/]\.php(/|$) {
fastcgi_index index.php;
# Switch if needed
include /etc/nginx/fastcgi_params;
#include fcgi.conf;
# Do not forget to update this part if needed
fastcgi_pass 127.0.0.1:9000;
#fastcgi_pass unix:/run/php/php7.0-fpm.sock;
fastcgi_keep_conn on;
# fastcgi_read_timeout 30s;
# fastcgi_send_timeout 30s;
# In case of long loading or 502 / 504 errors
# fastcgi_buffer_size 256k;
# fastcgi_buffers 256 16k;
# fastcgi_busy_buffers_size 256k;
client_max_body_size 10M;
# Temp file tweak
fastcgi_max_temp_file_size 0;
fastcgi_temp_file_write_size 256k;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
# Allow access to robots.txt but disable logging every access
# location = /robots.txt {
# allow all;
# log_not_found off;
# access_log off;
# }
# Prevent injection of php files in directories a user can upload stuff
location /upload {
location ~ \.php$ { deny all; }
}
location /img {
location ~ \.php$ { deny all;}
}
# Ban access to source code directories
# location ~ ^/(app|bin|cache|classes|config|controllers|docs|localization|override|src|tests|tools|translations|travis-scripts|vendor)/ {
# deny all;
# }
# Banned file types
location ~ \.(htaccess|yml|log|twig|sass|git|tpl)$ {
deny all;
}
# ssl_trusted_certificate /etc/letsencrypt/live/beta.knihkupectvi-monami.cz/chain.pem; # managed by Certbot
# ssl_stapling on; # managed by Certbot
# ssl_stapling_verify on; # managed by Certbot
}
server {
listen 10.27.27.5:80; listen 127.0.0.1;
server_name galerie.knihkupectvi-monami.cz;
return 301 https://galerie.knihkupectvi-monami.cz$request_uri;
}
server {
listen 10.27.27.5:80; listen 127.0.0.1;
server_name cdn-monami.varak.cloud;
return 301 https://cdn-monami.varak.cloud$request_uri;
}
server {
listen 10.27.27.5:443 ssl http2;
server_name cdn-monami.varak.cloud;
include ssl_params;
# ssl_certificate /etc/letsencrypt/live/cdn-monami.varak.cloud/fullchain.pem; # managed by Certbot
# ssl_certificate_key /etc/letsencrypt/live/cdn-monami.varak.cloud/privkey.pem; # managed by Certbot
ssl_certificate /etc/certificates/varak.cloud.pem;
ssl_certificate_key /etc/certificates/varak.cloud.key;
add_header 'Access-Control-Allow-Origin' '*';
expires $expires_monami;
location / {
root /www/varak.cloud/cdn-monami.varak.cloud;
index index.html;
autoindex off;
autoindex_exact_size off;
}
}
Zerion Mini Shell 1.0