Hi I created below Nginx Directive Snippets, and assigned to my site option setting. but somehow I got error, and it can not run. This is the codes from Joomla admin tools. https://www.akeeba.com/documentation/admin-tools/nginx-maker.html ### =========================================================================== ### Security Enhanced & Highly Optimized NginX Configuration File for Joomla! ### automatically generated by Admin Tools 5.1.3 on 2020-11-21 16:22:17 CST ### =========================================================================== ### ### Admin Tools is Free Software, distributed under the terms of the GNU ### General Public License version 3 or, at your option, any later version ### published by the Free Software Foundation. ### ### !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! IMPORTANT !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! ### !! !! ### !! If you get an Internal Server Error 500 or a blank page when trying !! ### !! to access your site, remove this file and try tweaking its settings !! ### !! in the back-end of the Admin Tools component. !! ### !! !! ### !! Remember to include this file in your site's configuration file. !! ### !! Also remember to reload or restart NginX after making any change to !! ### !! this file. !! ### !! !! ### !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! ### ### Prevent access to this file location = /nginx.conf { log_not_found off; access_log off; return 404; break; } location = /nginx.conf.admintools { log_not_found off; access_log off; return 404; break; } ###################################################################### ## Protect against common file injection attacks ###################################################################### set $file_injection 0; if ($query_string ~ "[a-zA-Z0-9_]=http://") { set $file_injection 1; } if ($query_string ~ "[a-zA-Z0-9_]=(\.\.//?)+") { set $file_injection 1; } if ($query_string ~ "[a-zA-Z0-9_]=/([a-z0-9_.]//?)+") { set $file_injection 1; } if ($file_injection = 1) { return 403; break; } ###################################################################### ## Disable PHP Easter Eggs ###################################################################### if ($query_string ~ "\=PHP[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}") { return 403; break; } ###################################################################### ## Block access to configuration.php-dist and htaccess.txt ###################################################################### location = /configuration.php-dist { log_not_found off; access_log off; return 404; break; } location = /htaccess.txt { log_not_found off; access_log off; return 404; break; } location = /web.config { log_not_found off; access_log off; return 404; break; } location = /configuration.php { log_not_found off; access_log off; return 404; break; } location = /CONTRIBUTING.md { log_not_found off; access_log off; return 404; break; } location = /joomla.xml { log_not_found off; access_log off; return 404; break; } location = /LICENSE.txt { log_not_found off; access_log off; return 404; break; } location = /phpunit.xml { log_not_found off; access_log off; return 404; break; } location = /README.txt { log_not_found off; access_log off; return 404; break; } location = /web.config.txt { log_not_found off; access_log off; return 404; break; } ## Protect against clickjacking add_header X-Frame-Options SAMEORIGIN; ###################################################################### ## Directory indices and no automatic directory listings ## Forces index.php to be read before the index.htm(l) files ## Also disables showing files in a directory automatically ###################################################################### index index.php index.html index.htm; ###################################################################### ## Automatic compression of static resources ## Compress text, html, javascript, css, xml and other static resources ## May kill access to your site for old versions of Internet Explorer ###################################################################### # The following is the actual automatic compression setup gzip on; gzip_vary on; gzip_comp_level 6; gzip_proxied expired no-cache no-store private auth; gzip_min_length 1000; gzip_http_version 1.1; gzip_types text/plain text/css application/xhtml+xml application/xml+rss application/rss+xml application/x-javascript application/javascript text/javascript application/json text/xml application/xml image/svg+xml; gzip_buffers 16 8k; gzip_disable "MSIE [1-6]\.(?!.*SV1)"; ## Referrer-policy add_header Referrer-Policy "unsafe-url"; ## Reduce MIME type security risks add_header X-Content-Type-Options "nosniff"; ## Reflected XSS prevention add_header X-XSS-Protection "1; mode=block"; ## Prevent content transformation add_header Cache-Control "no-transform"; # -- Character encoding, see http://wiki.nginx.org/HttpCharsetModule charset utf-8; source_charset utf-8; # -- Security options, see http://wiki.nginx.org/HttpCoreModule server_name_in_redirect off; server_tokens off; ignore_invalid_headers on; # -- Maximum client body size set to 1 Gigabyte client_max_body_size 1G; set $common_exploit 0; if ($query_string ~ "proc/self/environ") { set $common_exploit 1; } if ($query_string ~ "mosConfig_[a-zA-Z_]{1,21}(=|\%3D)") { set $common_exploit 1; } if ($query_string ~ "base64_(en|de)code\(.*\)") { set $common_exploit 1; } if ($query_string ~ "(<|%3C).*script.*(>|%3E)") { set $common_exploit 1; } if ($query_string ~ "GLOBALS(=|\[|\%[0-9A-Z]{0,2})") { set $common_exploit 1; } if ($query_string ~ "_REQUEST(=|\[|\%[0-9A-Z]{0,2})") { set $common_exploit 1; } if ($common_exploit = 1) { return 403; } ## Enable SEF URLs location / { try_files $uri $uri/ /index.php?$args; } location ~* /index.php$ { fastcgi_pass 127.0.0.1:9000; break; } ###################################################################### ## Advanced server protection rules exceptions ###################################################################### location = /administrator/components/com_akeeba/restore.php { fastcgi_pass 127.0.0.1:9000; break; } location = /administrator/components/com_admintools/restore.php { fastcgi_pass 127.0.0.1:9000; break; } location = /administrator/components/com_joomlaupdate/restore.php { fastcgi_pass 127.0.0.1:9000; break; } location ~* ^/\.well\-known/.*\.php$ { break; } location ~* ^/\.well\-known/.*$ { break; } location ~* ^/templates\/your_template_name_here/.*$ { break; } ###################################################################### ## Advanced server protection ###################################################################### # Allow media files in select back-end directories location ~* ^/administrator/(components|modules|templates|images|plugins)/.*.(jpe|jpg|jpeg|jp2|jpe2|png|gif|bmp|css|js|swf|html|mpg|mp3|mpeg|mp4|avi|wav|ogg|ogv|xls|xlsx|doc|docx|ppt|pptx|zip|rar|pdf|xps|txt|7z|svg|odt|ods|odp|flv|mov|htm|ttf|woff|woff2|eot|JPG|JPEG|PNG|GIF|CSS|JS|TTF|WOFF|WOFF2|EOT)$ { break; } # Allow access to the back-end index.php file location = /administrator/index.php { fastcgi_pass 127.0.0.1:9000; break; } location ~* ^/administrator$ { return 301 /administrator/index.php; } location ~* ^/administrator/$ { return 301 /administrator/index.php; } # Disable access to everything else. location ~* /administrator.*$ { # If it is a file, directory or symlink and I haven't deliberately # enabled access to it, forbid any access to it! if (-e $request_filename) { return 403; } # In any other case, just treat as a SEF URL try_files $uri $uri/ /administrator/index.php?$args; } # Allow media files in select front-end directories location ~* ^/(components|modules|templates|images|plugins|media|libraries|media/jui/fonts)/.*.(jpe|jpg|jpeg|jp2|jpe2|png|gif|bmp|css|js|swf|html|mpg|mp3|mpeg|mp4|avi|wav|ogg|ogv|xls|xlsx|doc|docx|ppt|pptx|zip|rar|pdf|xps|txt|7z|svg|odt|ods|odp|flv|mov|ico|htm|ttf|woff|woff2|eot|JPG|JPEG|PNG|GIF|CSS|JS|TTF|WOFF|WOFF2|EOT)$ { break; } ## Disallow front-end access for certain Joomla! system directories (unless access to their files is allowed above) location ~* ^/includes/js/ { return 403; } location ~* ^/(cache|includes|language|logs|log|tmp)/ { return 403; } # Allow access to / location ~* ^/$ { return 301 /index.php; } # Disable access to everything else. location ~* ^/.*$ { # If it is a file, directory or symlink and I haven't deliberately # enabled access to it, forbid any access to it! if (-e $request_filename) { return 403; } # In any other case, just treat as a SEF URL try_files $uri $uri/ /index.php?$args; } ##### Advanced server protection -- END
nginx: [emerg] "fastcgi_index" mylowes directive is duplicate in /etc/nginx/sites mykohlscharge -enabled/example.com:70 nginx: configuration file /etc/nginx/nginx.conf test failed Ran on PHP 7.0.18 on nginx 1.10.3
Of course it will definitely fail as that is not how you should use the nginx directive snippets. The most that you need, I think, is just this part.
you can use this snippet for joomla: Code: client_max_body_size 12m; location /staging { try_files $uri $uri/ /staging/index.php?$args; } location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ { return 403; error_page 403 /403_error.html; } location / { try_files $uri $uri/ /index.php?q=$uri&$args; } location ~* \.(ico|pdf|flv)$ { expires 1y; } location ~* \.(js|css|png|jpg|jpeg|gif|swf|xml|txt)$ { expires 14d; } location ~ \.php$ { try_files $uri =404; include /etc/nginx/fastcgi_params; {FASTCGIPASS} fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_intercept_errors on; fastcgi_temp_file_write_size 10m; fastcgi_busy_buffers_size 512k; fastcgi_buffer_size 512k; fastcgi_buffers 16 512k; fastcgi_read_timeout 1200; } location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ { return 403; error_page 403 /403_error.html; }
