(Grav GitSync) Automatic Commit from RealStickman
This commit is contained in:
parent
5ad7734e41
commit
06a48be0cd
82
pages/02.linux/22.grav/default.en.md
Normal file
82
pages/02.linux/22.grav/default.en.md
Normal file
@ -0,0 +1,82 @@
|
||||
---
|
||||
title: Grav
|
||||
---
|
||||
|
||||
> [Official Documentation](https://learn.getgrav.org/17)
|
||||
{.is-info}
|
||||
|
||||
## Requirements
|
||||
`# apt install nginx php php-fpm php-gd php-apcu php-yaml php-zip php-xml php-mbstring php-curl unzip`
|
||||
|
||||
### Download grav
|
||||
Make sure the directory you want to use is owned by your webserver user. (www-data on debian)
|
||||
`# chown www-data:www-data -R /var/www`
|
||||
|
||||
**With included admin client**
|
||||
`sudo -u www-data wget https://getgrav.org/download/core/grav-admin/1.7.32`
|
||||
|
||||
## Nginx config
|
||||
```
|
||||
server {
|
||||
server_name DOMAIN_NAME;
|
||||
|
||||
# Security / XSS Mitigation Headers
|
||||
add_header X-Frame-Options "SAMEORIGIN";
|
||||
add_header X-XSS-Protection "1; mode=block";
|
||||
add_header X-Content-Type-Options "nosniff";
|
||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
|
||||
|
||||
listen *:443 ssl http2; #set ipv6 address
|
||||
ssl_certificate_key /etc/acme-sh/DOMAIN_NAME/key.pem;
|
||||
ssl_certificate /etc/acme-sh/DOMAIN_NAME/cert.pem;
|
||||
|
||||
index index.html index.php;
|
||||
|
||||
## Begin - Server Info
|
||||
root /var/www/grav-admin;
|
||||
## End - Server Info
|
||||
|
||||
## Begin - Index
|
||||
# for subfolders, simply adjust:
|
||||
# `location /subfolder {`
|
||||
# and the rewrite to use `/subfolder/index.php`
|
||||
location / {
|
||||
try_files $uri $uri/ /index.php?$query_string;
|
||||
}
|
||||
## End - Index
|
||||
|
||||
## Begin - Security
|
||||
# deny all direct access for these folders
|
||||
location ~* /(\.git|cache|bin|logs|backup|tests)/.*$ { return 403; }
|
||||
# deny running scripts inside core system folders
|
||||
location ~* /(system|vendor)/.*\.(txt|xml|md|html|json|yaml|yml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
|
||||
# deny running scripts inside user folder
|
||||
location ~* /user/.*\.(txt|md|json|yaml|yml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
|
||||
# deny access to specific files in the root folder
|
||||
location ~ /(LICENSE\.txt|composer\.lock|composer\.json|nginx\.conf|web\.config|htaccess\.txt|\.htaccess) { return 403; }
|
||||
## End - Security
|
||||
|
||||
## Begin - PHP
|
||||
location ~ \.php$ {
|
||||
# Choose either a socket or TCP/IP address
|
||||
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
|
||||
# fastcgi_pass unix:/var/run/php5-fpm.sock; #legacy
|
||||
# fastcgi_pass 127.0.0.1:9000;
|
||||
|
||||
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||
fastcgi_index index.php;
|
||||
include fastcgi_params;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
|
||||
}
|
||||
## End - PHP
|
||||
}
|
||||
|
||||
server {
|
||||
if ($host = DOMAIN_NAME) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
listen *:80; #set ipv6 address
|
||||
server_name DOMAIN_NAME;
|
||||
return 404;
|
||||
}
|
||||
```
|
Loading…
Reference in New Issue
Block a user