tuend/DirectAdmin-1.62.4
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

z

Browse Source
This commit is contained in:
tuend-work
2025-11-13 07:41:56 +07:00
parent 7f357f3a30
commit 4478491d73
1729 changed files with 193578 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
services/custombuild/custombuild.bk/custombuild/configure/nginx/conf/nginx-cloudflare.conf Normal file
View File

@@ -0,0 +1,23 @@
real_ip_header X-Forwarded-For;
set_real_ip_from 103.21.244.0/22;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 103.31.4.0/22;
set_real_ip_from 104.16.0.0/13;
set_real_ip_from 104.24.0.0/14;
set_real_ip_from 108.162.192.0/18;
set_real_ip_from 131.0.72.0/22;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 162.158.0.0/15;
set_real_ip_from 172.64.0.0/13;
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 188.114.96.0/20;
set_real_ip_from 190.93.240.0/20;
set_real_ip_from 197.234.240.0/22;
set_real_ip_from 198.41.128.0/17;
set_real_ip_from 2400:cb00::/32;
set_real_ip_from 2606:4700::/32;
set_real_ip_from 2803:f800::/32;
set_real_ip_from 2405:b500::/32;
set_real_ip_from 2405:8100::/32;
set_real_ip_from 2c0f:f248::/32;
set_real_ip_from 2a06:98c0::/29;

33
services/custombuild/custombuild.bk/custombuild/configure/nginx/conf/nginx-defaults.conf Normal file
View File

@@ -0,0 +1,33 @@
default_type application/octet-stream;
tcp_nopush on;
tcp_nodelay on;
sendfile on;
log_format bytes '$bytes_sent $request_length';
keepalive_timeout 15;
types_hash_max_size 2048;
disable_symlinks if_not_owner from=$document_root;
server_tokens off;
client_max_body_size 1024m;
client_body_buffer_size 128k;
server_names_hash_bucket_size 128;
server_names_hash_max_size 10240;
ssl_dhparam /etc/nginx/ssl.crt/dhparams.pem;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
proxy_read_timeout 1800s;
# https://mozilla.github.io/server-side-tls/ssl-config-generator/ intermediate configuration.
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_prefer_server_ciphers on;
include /etc/nginx/nginx-directoryindex.conf;

1
services/custombuild/custombuild.bk/custombuild/configure/nginx/conf/nginx-directoryindex.conf Normal file
View File

@@ -0,0 +1 @@
index index.html index.htm index.php;

1
services/custombuild/custombuild.bk/custombuild/configure/nginx/conf/nginx-events.conf Normal file
View File

@@ -0,0 +1 @@
worker_connections 10240;

4
services/custombuild/custombuild.bk/custombuild/configure/nginx/conf/nginx-fastcgi-cache.conf Normal file
View File

@@ -0,0 +1,4 @@
fastcgi_cache_path /var/run/nginx-fastcgi-cache levels=1:2 keys_zone=FASTCGICACHE:100m inactive=60m;
fastcgi_cache_key "$scheme$request_method$host$request_uri";
fastcgi_cache_use_stale error timeout invalid_header http_500;
fastcgi_ignore_headers Cache-Control Expires Set-Cookie;

9
services/custombuild/custombuild.bk/custombuild/configure/nginx/conf/nginx-gzip.conf Normal file
View File

@@ -0,0 +1,9 @@
gzip on;
gzip_static on;
gzip_disable "msie6";
gzip_http_version 1.1;
gzip_vary on;
gzip_comp_level 1;
gzip_proxied any;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript text/x-js image/svg+xml;
gzip_buffers 16 8k;

13
services/custombuild/custombuild.bk/custombuild/configure/nginx/conf/nginx-info.conf Normal file
View File

@@ -0,0 +1,13 @@
location /nginx_status {
# Enable nginx status page
stub_status on;
# Disable status page logging in access_log
access_log off;
# Allow access from 127.0.0.1
allow 127.0.0.1;
# Deny all the other connections
deny all;
}

27
services/custombuild/custombuild.bk/custombuild/configure/nginx/conf/nginx-modsecurity.conf Normal file
View File

@@ -0,0 +1,27 @@
# Default recommended configuration
SecRuleEngine On
SecRequestBodyAccess On
SecDefaultAction "phase:2,deny,log,status:406"
SecRequestBodyLimitAction ProcessPartial
SecResponseBodyLimitAction ProcessPartial
SecRequestBodyLimit 13107200
SecRequestBodyNoFilesLimit 131072
SecAuditLogFormat JSON
SecPcreMatchLimit 250000
SecPcreMatchLimitRecursion 250000
SecCollectionTimeout 600
SecDebugLog /var/log/nginx/modsec_debug.log
SecDebugLogLevel 0
SecAuditEngine RelevantOnly
SecAuditLog /var/log/nginx/modsec_audit.log
SecUploadDir /tmp
SecTmpDir /tmp
SecDataDir /tmp
SecTmpSaveUploadedFiles on
# ModSecurity Core Rules Set and Local configuration
Include /etc/modsecurity.d/*.conf.main
Include /etc/modsecurity.d/*.conf

20
services/custombuild/custombuild.bk/custombuild/configure/nginx/conf/nginx-userdir.conf Normal file
View File

@@ -0,0 +1,20 @@
#Support UserDir (~/user/)
location ~^/~(?<userdir_user>.+?)(?<userdir_uri>/.*)?$ {
alias /home/$userdir_user/public_html$userdir_uri;
autoindex on;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include /etc/nginx/fastcgi_params;
fastcgi_index index.php;
#try_files does not work after alias directive
if (!-f $request_filename) {
return 404;
}
fastcgi_param DOCUMENT_ROOT /home/$userdir_user/public_html;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_pass unix:/usr/local/php54/sockets/$userdir_user.sock;
}
}

56
services/custombuild/custombuild.bk/custombuild/configure/nginx/conf/nginx-vhosts.conf Normal file
View File

@@ -0,0 +1,56 @@
server {
listen |IP|:|PORT_80|;
listen 127.0.0.1:|PORT_80|;
listen [::1]:|PORT_80|;
|LINKEDIP|
server_name $hostname |IP|;
root /var/www/html;
include /etc/nginx/nginx-userdir.conf;
# Pass all .php files onto a php-fpm/php-fcgi server.
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include /etc/nginx/fastcgi_params;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass unix:/usr/local/php54/sockets/webapps.sock;
}
include /etc/nginx/nginx-info.conf;
include /etc/nginx/webapps.conf;
}
# HTTPS server
#
server {
listen |IP|:|PORT_443| ssl|SPACE_HTTP2|;
listen 127.0.0.1:|PORT_443| ssl|SPACE_HTTP2|;
listen [::1]:|PORT_443| ssl|SPACE_HTTP2|;
|LINKEDIPSSL|
server_name $hostname |IP|;
ssl_certificate /etc/nginx/ssl.crt/server.crt.combined;
ssl_certificate_key /etc/nginx/ssl.key/server.key;
root /var/www/html;
include /etc/nginx/nginx-userdir.conf;
# Pass all .php files onto a php-fpm/php-fcgi server.
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include /etc/nginx/fastcgi_params;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass unix:/usr/local/php54/sockets/webapps.sock;
}
include /etc/nginx/nginx-info.conf;
include /etc/nginx/webapps.ssl.conf;
}

31
services/custombuild/custombuild.bk/custombuild/configure/nginx/conf/nginx.conf Normal file
View File

@@ -0,0 +1,31 @@
#user nginx;
worker_processes auto;
pid /var/run/nginx.pid;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
events {
include /etc/nginx/nginx-events.conf;
}
http {
include /etc/nginx/mime.types;
# For user configurations not maintained by DirectAdmin. Empty by default.
include /etc/nginx/nginx-includes.conf;
# Supplemental configuration
include /etc/nginx/nginx-fastcgi-cache.conf;
include /etc/nginx/nginx-cloudflare.conf;
include /etc/nginx/nginx-modsecurity-enable.conf;
include /etc/nginx/nginx-defaults.conf;
include /etc/nginx/nginx-gzip.conf;
include /etc/nginx/directadmin-ips.conf;
include /etc/nginx/directadmin-settings.conf;
include /etc/nginx/nginx-vhosts.conf;
include /etc/nginx/directadmin-vhosts.conf;
}

8
services/custombuild/custombuild.bk/custombuild/configure/nginx/conf/nginx_limits.conf Normal file
View File

@@ -0,0 +1,8 @@
fastcgi_buffer_size 128k;
fastcgi_buffers 256 16k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
fastcgi_send_timeout 600;
fastcgi_read_timeout 600;
fastcgi_intercept_errors on;
fastcgi_param HTTP_PROXY "";

7
services/custombuild/custombuild.bk/custombuild/configure/nginx/conf/webapps_settings.conf Normal file
View File

@@ -0,0 +1,7 @@
try_files $uri =404;
root /var/www/html/;
fastcgi_pass unix:/usr/local/php54/sockets/webapps.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
include /etc/nginx/nginx_limits.conf;

4
services/custombuild/custombuild.bk/custombuild/configure/nginx/configure.modsecurity Normal file
View File

@@ -0,0 +1,4 @@
#!/bin/sh
./configure \
--enable-standalone-module \
--disable-mlogc

20
services/custombuild/custombuild.bk/custombuild/configure/nginx/configure.nginx Normal file
View File

@@ -0,0 +1,20 @@
#!/bin/sh
./configure \
"--user=nginx" \
"--group=nginx" \
"--prefix=/usr" \
"--sbin-path=/usr/sbin" \
"--conf-path=/etc/nginx/nginx.conf" \
"--pid-path=/var/run/nginx.pid" \
"--http-log-path=/var/log/nginx/access_log" \
"--error-log-path=/var/log/nginx/error_log" \
"--without-mail_imap_module" \
"--without-mail_smtp_module" \
"--with-http_ssl_module" \
"--with-http_realip_module" \
"--with-http_stub_status_module" \
"--with-http_gzip_static_module" \
"--with-http_dav_module" \
"--with-http_v2_module" \
"--add-module=../ngx_cache_purge" \
"--with-cc-opt='-D FD_SETSIZE=32768'"