set_nginx_vhost
set_nginx_vhost(){
clear
f_banner
echo -e "\e[34m---------------------------------------------------------------------------------------------------------\e[00m"
echo -e "\e[93m[+]\e[00m Setup Virtual Host for Nginx"
echo -e "\e[34m---------------------------------------------------------------------------------------------------------\e[00m"
echo -e "\e[93m[+]\e[00m Configure a Virtual Host"
echo " Type a Name to Identify the Virtual Host"
echo -n " (For Example: myserver.com) "; read vhost
touch /usr/local/nginx/conf/sites-available/$vhost
cd ../..
cat templates/nginxvhost >> /usr/local/nginx/conf/sites-available/$vhost
sed -i s/server.com/$vhost/g /usr/local/nginx/conf/sites-available/$vhost
ln -s /usr/local/nginx/conf/sites-available/$vhost /usr/local/nginx/conf/sites-enabled/$vhost
say_done
}
La función set_nginx_vhost se encarga de configurar el virtual host correspondiente que apuntará a nuestra aplicación web. Hace uso de la plantilla que se encuentra en templates/nginxvhost que se encarga de hacer una configuración segura y habilitar ModSecurity para nuestra aplicación, además de habilitar el soporte para PHP de nginx mediante PHP-FPM. Veamos que tiene el archivo:
server {
listen 80;
server_name server.com;
location / {
ModSecurityEnabled on;
ModSecurityConfig modsecurity.conf;
root html/server.com;
index index.php index.html index.htm;
}
location ~ .(gif|png|jpe?g)$ {
valid_referers none blocked server.com *.server.com;
if ($invalid_referer) {
return 403;
}
}
# deny scripts inside writable directories
location ~* /(images|cache|media|logs|tmp)/.*.(php|pl|py|jsp|asp|sh|cgi)$ {
return 403;
error_page 403 /403_error.html;
}
## Block download agenta
if ($http_user_agent ~* LWP::Simple|wget|libwww-perl) {
return 403;
}
## Block some nasty robots
if ($http_user_agent ~ (msnbot|Purebot|Baiduspider|Lipperhey|Mail.Ru|scrapbot) ) {
return 403;
}
## Deny referal spam
if ( $http_referer ~* (jewelry|viagra|nude|girl|nudit|casino|poker|porn|sex|teen|babes) ) {
return 403;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
# With php5-cgi alone:
#fastcgi_pass 127.0.0.1:9000;
# With php5-fpm:
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}