configurations/Nginx/Server Blocks/edu.libraryofcode.org.conf

43 lines
1.3 KiB
Plaintext
Raw Normal View History

2021-07-06 01:43:37 -04:00
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name edu.libraryofcode.org;
ssl_certificate /etc/nginx/ssl/org.chain.crt;
2021-12-11 19:01:58 -05:00
ssl_certificate_key /etc/nginx/ssl/org.key.pem;
2021-10-02 19:53:24 -04:00
2021-12-11 19:01:58 -05:00
root /opt/moodle;
2021-05-01 15:13:49 -04:00
2021-12-11 19:01:58 -05:00
index index.html index.htm index.php;
2021-10-04 16:45:54 -04:00
2021-12-12 16:39:52 -05:00
error_page 404 /error/index.php; error_page 403 =404 /error/index.php;
2021-12-11 19:01:58 -05:00
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_index index.php;
2021-12-11 19:02:50 -05:00
fastcgi_pass unix:/run/php/php8.0-fpm_moodle.sock;
2021-12-11 19:01:58 -05:00
include fastcgi_params;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
2021-12-12 16:39:52 -05:00
fastcgi_read_timeout 300;
proxy_read_timeout 300;
}
location /dataroot/ {
internal;
alias /opt/moodledata/; # ensure the path ends with /
}
# Hide all dot files but allow "Well-Known URIs" as per RFC 5785
location ~ /\.(?!well-known).* {
return 404;
}
# This should be after the php fpm rule and very close to the last nginx ruleset.
# Don't allow direct access to various internal files. See MDL-69333
location ~ (/vendor/|/node_modules/|composer\.json|/readme|/README|readme\.txt|/upgrade\.txt|db/install\.xml|/fixtures/|/behat/|phpunit\.xml|\.lock|environment\.xml) {
deny all;
return 404;
2021-12-11 19:01:58 -05:00
}
2021-05-01 15:13:49 -04:00
}