RoE | Wiki

User Tools

Site Tools

Trace: nginx_php_php-fpm
servers:linux:nginx_php_php-fpm

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
servers:linux:nginx_php_php-fpm [2025/05/16 21:39] – external edit 127.0.0.1servers:linux:nginx_php_php-fpm [2025/07/13 23:02] (current) Sean Rhone
Line 9: Line 9:
  
   * [[linux:distros:server:opensuse_tumbleweed_server|openSUSE Tumbleweed (Server)]]   * [[linux:distros:server:opensuse_tumbleweed_server|openSUSE Tumbleweed (Server)]]
- 
-===== Resources ===== 
- 
-  * [[https://www.ssllabs.com/ssltest/analyze.html?d=wiki.realmofespionage.xyz|Qualys SSL Test]] 
-  * https://fedoraproject.org/wiki/Nginx 
- 
-==== Old ==== 
- 
-  * [[https://cipherli.st/|Cipherli.st]] 
-  * [[https://securityheaders.com/?q=wiki.realmofespionage.xyz&followRedirects=on|Security Headers]] 
-  * [[https://dev.ssllabs.com/ssltest/analyze.html?d=wiki.realmofespionage.xyz|Qualys SSL Test (dev)]] 
-  * https://cs.chromium.org/chromium/src/third_party/blink/renderer/platform/feature_policy/feature_policy.cc?l=138&rcl=ab90b51c5b60de15054a32b0bd18e4839536a1c9 
-  * https://infosec.mozilla.org 
-  * https://gist.github.com/plentz/6737338 
-  * https://scotthelme.co.uk 
-  * https://mozilla.github.io/server-side-tls/ssl-config-generator 
  
 ====== Dependencies ====== ====== Dependencies ======
Line 43: Line 27:
  
   sudo firewall-cmd --add-service='http' --permanent && sudo firewall-cmd --add-service='https' --permanent && sudo firewall-cmd --reload   sudo firewall-cmd --add-service='http' --permanent && sudo firewall-cmd --add-service='https' --permanent && sudo firewall-cmd --reload
- 
-====== SELinux ====== 
- 
-===== php-fpm ===== 
- 
-  * 2025/04/25 
- 
-  sudo setsebool -P 'httpd_execmem' '1' 
- 
-===== DokuWiki ===== 
- 
-  * [[servers:linux:nginx:dokuwiki]] 
-  * 2025/04/25 
- 
-  sudo setsebool -P 'httpd_can_network_connect' '1' 
- 
-===== Other ===== 
- 
-  sudo setsebool -P 'httpd_graceful_shutdown' '1' 
- 
-  sudo setsebool -P 'nis_enabled' '1' 
- 
-  sudo setsebool -P 'httpd_can_network_relay' '1' 
- 
-===== Global restorecon ===== 
- 
-**** 
- 
-  sudo restorecon -F -I -R '/etc/nginx' '/etc/php8/fpm/php-fpm.d' '/srv/www' 
  
 ====== Services ====== ====== Services ======
Line 122: Line 77:
  
 <code> <code>
-# nginx/conf.d/http-redirect.conf 
- 
 server { server {
     listen '80' 'default_server';     listen '80' 'default_server';
Line 140: Line 93:
  
 <code> <code>
-# nginx/conf.d/non-existent.conf 
- 
 server { server {
     listen '443' 'ssl' default_server;     listen '443' 'ssl' default_server;
Line 159: Line 110:
  
 <code> <code>
-# nginx/default.d/headers.conf 
- 
 add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload" always; add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload" always;
 add_header X-Content-Type-Options "nosniff" always; add_header X-Content-Type-Options "nosniff" always;
Line 177: Line 126:
  
 <code> <code>
-# nginx/nginx.conf 
- 
 events { events {
  multi_accept 'on';  multi_accept 'on';
Line 232: Line 179:
  
 <code> <code>
-# nginx/conf.d/ssl.conf 
- 
 ssl_certificate '/etc/letsencrypt/live/realmofespionage.xyz/fullchain.pem'; ssl_certificate '/etc/letsencrypt/live/realmofespionage.xyz/fullchain.pem';
 ssl_trusted_certificate '/etc/letsencrypt/live/realmofespionage.xyz/fullchain.pem'; ssl_trusted_certificate '/etc/letsencrypt/live/realmofespionage.xyz/fullchain.pem';
Line 247: Line 192:
 ssl_prefer_server_ciphers 'on'; ssl_prefer_server_ciphers 'on';
 ssl_ecdh_curve 'secp384r1'; ssl_ecdh_curve 'secp384r1';
- 
-ssl_stapling 'on'; 
-ssl_stapling_verify 'on'; 
  
 # End</code> # End</code>
 +
 +====== TODOs ======
 +
 +===== Resources =====
 +
 +  * https://nginx.org/en/docs/windows.html
 +  * https://gist.github.com/odan/b5f7de8dfbdbf76bef089776c868fea1
 +  * https://certbot.eff.org/instructions?ws=other&os=pip
 +  * https://community.letsencrypt.org/t/using-certbot-in-windows-the-pragmatic-way/173929
 +  * https://www.php.net/manual/en/image.installation.php
 +  * [[https://www.ssllabs.com/ssltest/analyze.html?d=wiki.realmofespionage.xyz|Qualys SSL Test]]
 +
 +==== Old ====
 +
 +  * [[https://cipherli.st/|Cipherli.st]]
 +  * [[https://securityheaders.com/?q=wiki.realmofespionage.xyz&followRedirects=on|Security Headers]]
 +  * [[https://dev.ssllabs.com/ssltest/analyze.html?d=wiki.realmofespionage.xyz|Qualys SSL Test (dev)]]
 +  * https://cs.chromium.org/chromium/src/third_party/blink/renderer/platform/feature_policy/feature_policy.cc?l=138&rcl=ab90b51c5b60de15054a32b0bd18e4839536a1c9
 +  * https://infosec.mozilla.org
 +  * https://gist.github.com/plentz/6737338
 +  * https://scotthelme.co.uk
 +  * https://mozilla.github.io/server-side-tls/ssl-config-generator
 +  * [[https://www.ssllabs.com/ssltest/analyze.html?d=wiki.realmofespionage.xyz|Qualys SSL Test]]
 +  * https://fedoraproject.org/wiki/Nginx
  
/srv/www/wiki/data/attic/servers/linux/nginx_php_php-fpm.1747445948.txt.gz · Last modified: by 127.0.0.1