diff options
Diffstat (limited to 'phpBB/docs')
| -rw-r--r-- | phpBB/docs/INSTALL.html | 7 | ||||
| -rw-r--r-- | phpBB/docs/nginx.sample.conf | 33 |
2 files changed, 32 insertions, 8 deletions
diff --git a/phpBB/docs/INSTALL.html b/phpBB/docs/INSTALL.html index 4af185beb3..9f635fe50b 100644 --- a/phpBB/docs/INSTALL.html +++ b/phpBB/docs/INSTALL.html @@ -79,6 +79,7 @@ <li><a href="#postinstall">Important (security related) post-Install tasks for all installation methods</a> <ol style="list-style-type: lower-roman;"> <li><a href="#avatars">Uploadable avatars</a></li> + <li><a href="#webserver_configuration">Webserver configuration</a></li> </ol> </li> <li><a href="#disclaimer">Disclaimer</a></li> @@ -408,6 +409,12 @@ <p>Please be aware that setting a directories permissions to global write access is a potential security issue. While it is unlikely that anything nasty will occur (such as all the avatars being deleted) there are always people out there to cause trouble. Therefore you should monitor this directory and if possible make regular backups.</p> +<a name="webserver_configuration"></a><h3>6.ii. Webserver configuration</h3> + + <p>Depending on your web server you may have to configure your server to deny web access to the <code>cache/</code>, <code>files/</code>, <code>store/</code> and other directories. This is to prevent users from accessing sensitive files.</p> + + <p>For <strong>apache</strong> there are <code>.htaccess</code> files already in place to do this for you. For other webservers you will have to adjust the configuration yourself. Sample files for <strong>nginx</strong> and <strong>lighttpd</strong> to help you get started may be found in docs directory.</p> + </div> <div class="back2top"><a href="#wrap" class="top">Back to Top</a></div> diff --git a/phpBB/docs/nginx.sample.conf b/phpBB/docs/nginx.sample.conf index 2a11e057c5..40b6ee76da 100644 --- a/phpBB/docs/nginx.sample.conf +++ b/phpBB/docs/nginx.sample.conf @@ -10,14 +10,23 @@ http { gzip_vary on; gzip_http_version 1.1; gzip_min_length 700; + + # Compression levels over 6 do not give an appreciable improvement + # in compression ratio, but take more resources. gzip_comp_level 6; - gzip_disable "MSIE [1-6]\."; + + # IE 6 and lower do not support gzip with Vary correctly. + gzip_disable "msie6"; + # Before nginx 0.7.63: + #gzip_disable "MSIE [1-6]\."; # Catch-all server for requests to invalid hosts. # Also catches vulnerability scanners probing IP addresses. - # Should be first. server { - listen 80; + # default specifies that this block is to be used when + # no other block matches. + listen 80 default; + server_name bogus; return 444; root /var/empty; @@ -26,14 +35,20 @@ http { # If you have domains with and without www prefix, # redirect one to the other. server { - listen 80; + # Default port is 80. + #listen 80; + server_name myforums.com; - rewrite ^(.*)$ http://www.myforums.com$1 permanent; + + # A trick from http://wiki.nginx.org/Pitfalls#Taxing_Rewrites: + rewrite ^ http://www.myforums.com$request_uri permanent; + # Equivalent to: + #rewrite ^(.*)$ http://www.myforums.com$1 permanent; } # The actual board domain. server { - listen 80; + #listen 80; server_name www.myforums.com; root /path/to/phpbb; @@ -45,8 +60,10 @@ http { # Deny access to internal phpbb files. location ~ /(config\.php|common\.php|includes|cache|files|store|images/avatars/upload) { - internal; deny all; + # deny was ignored before 0.8.40 for connections over IPv6. + # Use internal directive to prohibit access on older versions. + internal; } # Pass the php scripts to fastcgi server specified in upstream declaration. @@ -60,8 +77,8 @@ http { # Deny access to version control system directories. location ~ /\.svn|/\.git { - internal; deny all; + internal; } } |