update acme.sh
nginx.sh default.conf does not need site directories & should always return 404
This commit is contained in:
parent
a37f431ba7
commit
ee77cf10b9
|
@ -7,9 +7,9 @@ mkdir /etc/nginx/acme
|
|||
|
||||
chmod 740 /etc/nginx/acme
|
||||
|
||||
chmod nginx:nginx /etc/nginx/acme
|
||||
chown nginx:nginx /etc/nginx/acme
|
||||
|
||||
chmod g+s,o+s /etc/nginx/acme
|
||||
chmod g+s,o+s,u+s /etc/nginx/acme
|
||||
|
||||
sudo -s -u nginx
|
||||
|
||||
|
|
|
@ -28,12 +28,6 @@ NGINX_PEM_DIR='/etc/nginx/pem'
|
|||
# Just a name please.
|
||||
NGINX_DEFAULT_SITE_CONF_NAME="default"
|
||||
|
||||
# Default site directory.
|
||||
NGINX_DEFAULT_SITE_PATH='/var/www/default'
|
||||
|
||||
# Default site publicly served path.
|
||||
NGINX_DEFAULT_SITE_PUB='/var/www/default/public'
|
||||
|
||||
main() {
|
||||
cat <<INFO
|
||||
Run with one of the following options:-
|
||||
|
@ -85,17 +79,6 @@ cd ${NGINX_CONF:-/no_path/9} || (
|
|||
|
||||
systemctl stop nginx
|
||||
|
||||
# Make default site directories.
|
||||
cd ${NGINX_DEFAULT_SITE_PATH:-/no_path/1} && (
|
||||
echo "\"${NGINX_DEFAULT_SITE_PATH}\" exists? Continue (hit enter)?"
|
||||
read
|
||||
) || (
|
||||
mkdir ${NGINX_DEFAULT_SITE_PATH:-/no_path/1} -p
|
||||
cd ${NGINX_DEFAULT_SITE_PATH:-/no_path/1}
|
||||
)
|
||||
|
||||
mkdir ${NGINX_DEFAULT_SITE_PUB:-/no_path/2} -p
|
||||
|
||||
# Make pems.
|
||||
cd ${NGINX_PEM_DIR:-/no_path/3} && (
|
||||
echo "\"${NGINX_PEM_DIR}\" exists? Continue (hit enter)?"
|
||||
|
@ -138,6 +121,11 @@ uninitialized_variable_warn on;
|
|||
# Don't print software version
|
||||
server_tokens off;
|
||||
|
||||
# If you don't use acme.sh you can remove this block.
|
||||
upstream acme {
|
||||
server 127.0.0.1:18080;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80 default_server;
|
||||
listen [::]:80 default_server;
|
||||
|
@ -146,13 +134,18 @@ server {
|
|||
return 301 https://\$host\$request_uri;
|
||||
}
|
||||
|
||||
# Don't serve dot files.
|
||||
location ~ /\. {
|
||||
return 404;
|
||||
# Proxy Let's Encrypt to acme upstream - remove if you don't use
|
||||
# acme.sh
|
||||
location ^~ /.well-known/acme-challenge/ {
|
||||
proxy_pass http://acme;
|
||||
}
|
||||
|
||||
# Include extra files.
|
||||
include ${NGINX_CONFD:-/no_path/5}/${NGINX_DEFAULT_SITE_CONF_NAME:-fail}-*.inc;
|
||||
# For everything else return 404
|
||||
location / {
|
||||
log_not_found off;
|
||||
access_log off;
|
||||
return 404;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
|
@ -171,32 +164,19 @@ server {
|
|||
|
||||
resolver 1.1.1.1 1.0.0.1 8.8.8.8 8.8.4.4;
|
||||
|
||||
root ${NGINX_DEFAULT_SITE_PUB:-/no_path/7}/;
|
||||
error_log ${NGINX_DEFAULT_SITE_PUB:-/no_path/7}/.error.log;
|
||||
access_log ${NGINX_DEFAULT_SITE_PUB:-/no_path/7}/.access.log;
|
||||
# Proxy Let's Encrypt to acme upstream - remove if you don't use
|
||||
# acme.sh
|
||||
location ^~ /.well-known/acme-challenge/ {
|
||||
proxy_pass http://acme;
|
||||
}
|
||||
|
||||
# Don't serve dot files.
|
||||
location ~ /\. {
|
||||
access_log off;
|
||||
# For everything else return 404
|
||||
location / {
|
||||
log_not_found off;
|
||||
access_log off;
|
||||
return 404;
|
||||
}
|
||||
|
||||
# Don't log robots.
|
||||
location = /robots.txt {
|
||||
log_not_found off;
|
||||
access_log off;
|
||||
}
|
||||
|
||||
# Don't log common file requests.
|
||||
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
|
||||
expires max;
|
||||
log_not_found off;
|
||||
access_log off;
|
||||
}
|
||||
|
||||
# Include extra files.
|
||||
include ${NGINX_CONFD:-/no_path/8}/${NGINX_DEFAULT_SITE_CONF_NAME:-fail}-*.inc;
|
||||
}
|
||||
NGX
|
||||
|
||||
|
|
Loading…
Reference in New Issue