当前位置:网站首页>laravel 宝塔安全配置

laravel 宝塔安全配置

2022-06-24 19:41:00 王道长的编程之路

一、网站目录安全:

防跨站攻击(open_basedir)

写访问日志

二、web配置文件

server{
  listen 8080;
  server_name laravel.test;
  index index.php index.html index.htm default.php default.htm default.html;
  root /www/wwwroot/laravel/public;

  #错误页配置,可注释、删除或修改
  #error_page 404 /404.html;
  #error_page 502 /502.html;

  #PHP-INFO-START  PHP引用配置,可以注释或修改
  include enable-php-73.conf;

  #URL重写,修改后将导致面板设置的伪静态规则失效
  #include /vhost/rewrite/xiaobai.test.conf;

  #禁止访问的文件或目录
  location ~ ^/(\.user.ini|\.htaccess|\.git|\.svn|\.project|LICENSE|README.md){
    return 404;
  }

  #一键申请SSL证书验证目录相关设置
  location ~ \.well-known{
  	allow all;
  }

  location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ {
    expires      30d;
    error_log off;
    access_log /dev/null;
  }

  location ~ .*\.(js|css)?$ {
    expires      12h;
    error_log off;
    access_log /dev/null; 
  }
  access_log  /www/wwwlogs/xiaobai.test.log;
  error_log  /www/wwwlogs/xiaobai.test.error.log;
}

enable-php-73.conf

location ~ [^/]\.php(/|$){
  try_files $uri =404;
  fastcgi_pass  unix:/tmp/php-cgi-73.sock;#php-cgi监听
  fastcgi_index index.php;
  include fastcgi.conf;
  include pathinfo.conf;
}
 
 # 常规配置
location ~ \.php$ {
  fastcgi_pass   127.0.0.1:9000;#php-fpm监听
  fastcgi_index  index.php;
  fastcgi_param  SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
  include        fastcgi_params;
}

fastcgi.conf

fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
fastcgi_param  QUERY_STRING       $query_string;
fastcgi_param  REQUEST_METHOD     $request_method;
fastcgi_param  CONTENT_TYPE       $content_type;
fastcgi_param  CONTENT_LENGTH     $content_length;

fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
fastcgi_param  REQUEST_URI        $request_uri;
fastcgi_param  DOCUMENT_URI       $document_uri;
fastcgi_param  DOCUMENT_ROOT      $document_root;
fastcgi_param  SERVER_PROTOCOL    $server_protocol;
fastcgi_param  REQUEST_SCHEME     $scheme;
fastcgi_param  HTTPS              $https if_not_empty;

fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;

fastcgi_param  REMOTE_ADDR        $remote_addr;
fastcgi_param  REMOTE_PORT        $remote_port;
fastcgi_param  SERVER_ADDR        $server_addr;
fastcgi_param  SERVER_PORT        $server_port;
fastcgi_param  SERVER_NAME        $server_name;

# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param  REDIRECT_STATUS    200;

pathinfo.conf

set $real_script_name $fastcgi_script_name;
if ($fastcgi_script_name ~ "^(.+?\.php)(/.+)$") {
                set $real_script_name $1;
                set $path_info $2;
 }
fastcgi_param SCRIPT_FILENAME $document_root$real_script_name;
fastcgi_param SCRIPT_NAME $real_script_name;
fastcgi_param PATH_INFO $path_info;

三、伪静态

/www/server/panel/vhost/rewrite/xiaobai.test.conf

location / {
	try_files $uri $uri/ /index.php?$query_string;
}
# 或
location / {
  if (!-e $request_filename){
    rewrite  ^(.*)$  /index.php?s=$1  last;   break;
  }
}

四、防盗链

在这里插入图片描述

原网站

版权声明
本文为[王道长的编程之路]所创,转载请带上原文链接,感谢
https://blog.csdn.net/qq_29677867/article/details/107920832

边栏推荐

猜你喜欢

随机推荐