mg.movimentopirata.conf 6.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189
  1. ## Configuração para mg.partidopirata.org
  2. server {
  3. listen 80;
  4. listen [::]:80;
  5. server_name mg.movimentopirata.org;
  6. return 301 https://mg.movimentopirata.org$request_uri;
  7. }
  8. server {
  9. listen 80;
  10. listen [::]:80;
  11. server_name *.mg.movimentopirata.org;
  12. return 301 http://mg.movimentopirata.org$request_uri;
  13. }
  14. ## SSL
  15. server {
  16. listen 443 ssl;
  17. listen [::]:443 ssl;
  18. ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  19. ssl_prefer_server_ciphers on;
  20. ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
  21. ssl_ecdh_curve secp384r1;
  22. ssl_session_cache shared:SSL:10m;
  23. ssl_session_tickets off;
  24. ssl_stapling on;
  25. ssl_stapling_verify on;
  26. resolver 208.67.220.220 208.67.222.222 valid=300s;
  27. resolver_timeout 5s;
  28. add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
  29. add_header X-Frame-Options SAMEORIGIN;
  30. add_header X-Content-Type-Options nosniff;
  31. ssl_certificate /etc/letsencrypt/live/partidopirata.org-0001/fullchain.pem;
  32. ssl_certificate_key /etc/letsencrypt/live/partidopirata.org-0001/privkey.pem;
  33. ssl_trusted_certificate /etc/letsencrypt/live/partidopirata.org-0001/chain.pem;
  34. server_name mg.partidopirata.org;
  35. root /var/www/www/wp/mg.movimentopirata.xyz/;
  36. index index.php;
  37. # Global restrictions configuration file.
  38. # Designed to be included in any server {} block.
  39. location /favicon.ico {
  40. log_not_found off;
  41. access_log off;
  42. }
  43. location /robots.txt {
  44. allow all;
  45. log_not_found off;
  46. access_log off;
  47. }
  48. # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
  49. # Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
  50. location ~ /\. {
  51. deny all;
  52. }
  53. # Deny access to any files with a .php extension in the uploads directory
  54. # Works in sub-directory installs and also in multisite network
  55. # Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
  56. location ~* /(?:uploads|files)/.*\.php$ {
  57. deny all;
  58. }
  59. # WordPress single site rules.
  60. # Designed to be included in any server {} block.
  61. # This order might seem weird - this is attempted to match last if rules below fail.
  62. # http://wiki.nginx.org/HttpCoreModule
  63. location / {
  64. try_files $uri $uri/ /index.php?$args;
  65. }
  66. # Add trailing slash to */wp-admin requests.
  67. rewrite /wp-admin$ $scheme://$host$uri/ permanent;
  68. # Directives to send expires headers and turn off 404 error logging.
  69. location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
  70. access_log off; log_not_found off; expires max;
  71. }
  72. # Uncomment one of the lines below for the appropriate caching plugin (if used).
  73. #include global/wordpress-wp-super-cache.conf;
  74. #include global/wordpress-w3-total-cache.conf;
  75. # Pass all .php files onto a php-fpm/php-fcgi server.
  76. location ~ [^/]\.php(/|$) {
  77. fastcgi_split_path_info ^(.+?\.php)(/.*)$;
  78. if (!-f $document_root$fastcgi_script_name) {
  79. return 404;
  80. }
  81. # This is a robust solution for path info security issue and works with "cgi.fix_pathinfo = 1" in /etc/php.ini (default)
  82. #include fastcgi_params;
  83. fastcgi_index index.php;
  84. #fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
  85. # fastcgi_intercept_errors on;
  86. #fastcgi_pass php;
  87. include /etc/nginx/fastcgi_params;
  88. fastcgi_param PATH_INFO $fastcgi_script_name;
  89. fastcgi_param SCRIPT_NAME "";
  90. fastcgi_pass unix:/var/run/php5-fpm-mgmovimentopirata.sock;
  91. }
  92. }
  93. ## Tor
  94. server {
  95. listen 127.0.0.1:42911;
  96. allow 127.0.0.1;
  97. deny all;
  98. add_header X-Frame-Options SAMEORIGIN;
  99. add_header X-Content-Type-Options nosniff;
  100. server_name mg4hkdeljcl6n4pl.onion;
  101. root /var/www/www/wp/mg.movimentopirata.xyz/;
  102. index index.php;
  103. # Global restrictions configuration file.
  104. # Designed to be included in any server {} block.
  105. location /favicon.ico {
  106. log_not_found off;
  107. access_log off;
  108. }
  109. location /robots.txt {
  110. allow all;
  111. log_not_found off;
  112. access_log off;
  113. }
  114. # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
  115. # Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
  116. location ~ /\. {
  117. deny all;
  118. }
  119. # Deny access to any files with a .php extension in the uploads directory
  120. # Works in sub-directory installs and also in multisite network
  121. # Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
  122. location ~* /(?:uploads|files)/.*\.php$ {
  123. deny all;
  124. }
  125. # WordPress single site rules.
  126. # Designed to be included in any server {} block.
  127. # This order might seem weird - this is attempted to match last if rules below fail.
  128. # http://wiki.nginx.org/HttpCoreModule
  129. location / {
  130. try_files $uri $uri/ /index.php?$args;
  131. }
  132. # Add trailing slash to */wp-admin requests.
  133. rewrite /wp-admin$ $scheme://$host$uri/ permanent;
  134. # Directives to send expires headers and turn off 404 error logging.
  135. location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
  136. access_log off; log_not_found off; expires max;
  137. }
  138. # Uncomment one of the lines below for the appropriate caching plugin (if used).
  139. #include global/wordpress-wp-super-cache.conf;
  140. #include global/wordpress-w3-total-cache.conf;
  141. # Pass all .php files onto a php-fpm/php-fcgi server.
  142. location ~ [^/]\.php(/|$) {
  143. fastcgi_split_path_info ^(.+?\.php)(/.*)$;
  144. if (!-f $document_root$fastcgi_script_name) {
  145. return 404;
  146. }
  147. # This is a robust solution for path info security issue and works with "cgi.fix_pathinfo = 1" in /etc/php.ini (default)
  148. #include fastcgi_params;
  149. fastcgi_index index.php;
  150. #fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
  151. # fastcgi_intercept_errors on;
  152. #fastcgi_pass php;
  153. include /etc/nginx/fastcgi_params;
  154. fastcgi_param PATH_INFO $fastcgi_script_name;
  155. fastcgi_param SCRIPT_NAME "";
  156. fastcgi_pass unix:/var/run/php5-fpm-mgmovimentopirata.sock;
  157. }
  158. }