RoE | Wiki

User Tools

Site Tools

Trace: sony_smartwatch_3_tetra wordpress
servers:windows:nginx_php_php-cgi

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
servers:windows:nginx_php_php-cgi [2026/01/20 14:50] – [Non-existent 404] Sean Rhoneservers:windows:nginx_php_php-cgi [2026/04/15 09:45] (current) – [Firewall] Sean Rhone
Line 2: Line 2:
  
   * nginx ((https://nginx.org/en/docs/windows.html))   * nginx ((https://nginx.org/en/docs/windows.html))
-  * PHP ((https://windows.php.net/download/))+  * PHP ((https://windows.php.net/))
   * PHP-CGI   * PHP-CGI
   * [[information;realm_of_espionage|Realm of Espionage]]   * [[information;realm_of_espionage|Realm of Espionage]]
Line 14: Line 14:
 ===== nginx ===== ===== nginx =====
  
-  * https://nginx.org/en/download.html +  * https://nginx.org/en/download.html ([[https://nginx.org/en/CHANGES|CHANGES]]) 
-  * Last tested: ''nginx-1.29.4.zip''+  * Last tested: ''nginx-1.29.8.zip''
  
-  * Extract to root system drive for ''C:\nginx-1.29.4\nginx.exe''+  * Extract to root system drive for ''C:\nginx-1.29.8\nginx.exe''
  
-  "explorer.exe" "%SystemDrive%"+  "%SystemRoot%\explorer.exe" "%SystemDrive%"
  
 ===== PHP-CGI ===== ===== PHP-CGI =====
  
-  * https://windows.php.net/download/ +  * https://www.php.net/downloads.php 
-  * https://windows.php.net/qa/+  * https://www.php.net/pre-release-builds.php
   * x64 Non Thread Safe   * x64 Non Thread Safe
-  * Last tested: ''php-8.5.1-nts-Win32-vs17-x64.zip''+  * Last tested: ''php-8.5.5-nts-Win32-vs17-x64.zip''
  
   * Extract to root system drive for ''C:\php-*\php-cgi.exe''   * Extract to root system drive for ''C:\php-*\php-cgi.exe''
   * Add to user ''Path''   * Add to user ''Path''
  
-  "explorer.exe" "%SystemDrive%"+  "%SystemRoot%\explorer.exe" "%SystemDrive%"
  
-  "SystemPropertiesAdvanced.exe"+  "%SystemRoot%\System32\SystemPropertiesAdvanced.exe"
  
-  C:\php-8.5.1-nts-Win32-vs17-x64+  C:\php-8.5.5-nts-Win32-vs17-x64
  
 ====== Firewall ====== ====== Firewall ======
  
-****+  CD "%SystemDrive%\nginx-"*"\"
  
-  CD "%SystemDrive%\nginx-"*"\" && "netsh.exe" advfirewall firewall add rule name="nginx" dir="in" action="allow" profile="any" program="%CD%\nginx.exe" protocol="tcp" localport="80,443"+  "%SystemRoot%\System32\netsh.exe" advfirewall firewall add rule name="nginx" dir="in" action="allow" profile="any" program="%CD%\nginx.exe" protocol="tcp" localport="80,443"
  
 ===== Delete Rule ===== ===== Delete Rule =====
Line 47: Line 47:
 **** ****
  
-  "netsh.exe" advfirewall firewall delete rule name="nginx"+  "%SystemRoot%\System32\netsh.exe" advfirewall firewall delete rule name="nginx"
  
 ====== Check Defaults ====== ====== Check Defaults ======
Line 55: Line 55:
 **** ****
  
-  CD "%SystemDrive%\nginx-"*"\conf" && "notepad.exe" "nginx.conf"+  CD "%SystemDrive%\nginx-"*"\conf" && "%SystemRoot%\System32\notepad.exe" "nginx.conf"
  
 ==== PHP ==== ==== PHP ====
  
-  CD "%SystemDrive%\php-"*"-nts-Win32-"*"-x64\" && "notepad.exe" "php.ini-production"+  CD "%SystemDrive%\php-"*"-nts-Win32-"*"-x64\" && "%SystemRoot%\System32\notepad.exe" "php.ini-production"
  
-  CD "%SystemDrive%\php-"*"-nts-Win32-"*"-x64\" && "notepad.exe" "php.ini-development"+  CD "%SystemDrive%\php-"*"-nts-Win32-"*"-x64\" && "%SystemRoot%\System32\notepad.exe" "php.ini-development"
  
 ====== nginx Settings ====== ====== nginx Settings ======
Line 81: Line 81:
   * This automatically redirects non-HTTPS site links to HTTPS   * This automatically redirects non-HTTPS site links to HTTPS
  
-  "notepad.exe" "%SystemDrive%\www\nginx\conf.d\http-redirect.conf"+  "%SystemRoot%\System32\notepad.exe" "%SystemDrive%\www\nginx\conf.d\http-redirect.conf"
  
 <code> <code>
Line 97: Line 97:
   * This prevents unconfigured subdomains from loading assets from other sites ((if a site/URL doesn't have a ''vhosts.d\*.conf'', it'll 404))   * This prevents unconfigured subdomains from loading assets from other sites ((if a site/URL doesn't have a ''vhosts.d\*.conf'', it'll 404))
  
-  "notepad.exe" "%SystemDrive%\www\nginx\conf.d\non-existent.conf"+  "%SystemRoot%\System32\notepad.exe" "%SystemDrive%\www\nginx\conf.d\non-existent.conf"
  
 <code> <code>
Line 114: Line 114:
   * Add to individual site configs as an ''include''   * Add to individual site configs as an ''include''
  
-  "notepad.exe" "%SystemDrive%\www\nginx\default.d\headers.conf"+  "%SystemRoot%\System32\notepad.exe" "%SystemDrive%\www\nginx\default.d\headers.conf"
  
 <code> <code>
Line 121: Line 121:
 add_header "X-Frame-Options" "sameorigin" "always"; add_header "X-Frame-Options" "sameorigin" "always";
 add_header "X-XSS-Protection" "1; mode=block" "always"; add_header "X-XSS-Protection" "1; mode=block" "always";
-add_header "Cache-Control" "no-store, no-transform, public" "always";+add_header "Cache-Control" "max-age=604800, no-transform, public" "always";
 add_header "Referrer-Policy" "same-origin" "always"; add_header "Referrer-Policy" "same-origin" "always";
 add_header "Expect-CT" "max-age=0" "always"; add_header "Expect-CT" "max-age=0" "always";
Line 130: Line 130:
 ===== nginx ===== ===== nginx =====
  
-  "notepad.exe" "%SystemDrive%\www\nginx\nginx.conf"+  "%SystemRoot%\System32\notepad.exe" "%SystemDrive%\www\nginx\nginx.conf"
  
 <code> <code>
Line 183: Line 183:
 ==== Settings ==== ==== Settings ====
  
-  "notepad.exe" "%SystemDrive%\www\nginx\conf.d\ssl.conf"+  "%SystemRoot%\System32\notepad.exe" "%SystemDrive%\www\nginx\conf.d\ssl.conf"
  
 <code> <code>
Line 206: Line 206:
   MKDIR "%SystemDrive%\www\scripts\nginx"   MKDIR "%SystemDrive%\www\scripts\nginx"
  
-  "explorer.exe" "%SystemDrive%\www\scripts\nginx"+  "%SystemRoot%\explorer.exe" "%SystemDrive%\www\scripts\nginx"
  
 ===== Start ===== ===== Start =====
  
-  "notepad.exe" "%SystemDrive%\www\scripts\nginx\Start.bat"+  "%SystemRoot%\System32\notepad.exe" "%SystemDrive%\www\scripts\nginx\Start.bat"
  
 <code> <code>
Line 226: Line 226:
 ===== Stop ===== ===== Stop =====
  
-  "notepad.exe" "%SystemDrive%\www\scripts\nginx\Stop.bat"+  "%SystemRoot%\System32\notepad.exe" "%SystemDrive%\www\scripts\nginx\Stop.bat"
  
 <code> <code>
Line 236: Line 236:
 "nginx.exe" -s "quit" "nginx.exe" -s "quit"
  
-TIMEOUT /T "2" /NOBREAK +"%SystemRoot%\System32\timeout.exe" /T "2" /NOBREAK 
-TASKKILL /IM "nginx.exe" /T /F+"%SystemRoot%\System32\taskkill.exe" /IM "nginx.exe" /T /F 
 + 
 +CD "%Temp%"
  
 :: End</code> :: End</code>
Line 245: Line 247:
 ===== Reload ===== ===== Reload =====
  
-  "notepad.exe" "%SystemDrive%\www\scripts\nginx\Reload.bat"+  "%SystemRoot%\System32\notepad.exe" "%SystemDrive%\www\scripts\nginx\Reload.bat"
  
 <code> <code>
Line 254: Line 256:
 "nginx.exe" -s "reload" "nginx.exe" -s "reload"
 "nginx.exe" -s "reopen" "nginx.exe" -s "reopen"
 +
 +CD "%Temp%"
  
 :: End</code> :: End</code>
Line 260: Line 264:
  
 ====== Task Scheduler ====== ====== Task Scheduler ======
 +
 +===== nginx =====
  
   * Auto-start   * Auto-start
  
-  SCHTASKS /Create /SC "ONLOGON" /TN "nginx" /TR "%SystemDrive%\www\scripts\nginx\Start.bat" /F+  "%SystemRoot%\System32\schtasks.exe" /Create /SC "ONLOGON" /TN "nginx" /TR "%SystemDrive%\www\scripts\nginx\Start.bat" /F
  
-===== Resources =====+====== Resources ======
  
   * https://nginx.org/en/docs/windows.html   * https://nginx.org/en/docs/windows.html
Line 273: Line 279:
   * https://www.php.net/manual/en/image.installation.php   * https://www.php.net/manual/en/image.installation.php
   * [[https://www.ssllabs.com/ssltest/analyze.html?d=wiki.realmofespionage.xyz|Qualys SSL Test]]   * [[https://www.ssllabs.com/ssltest/analyze.html?d=wiki.realmofespionage.xyz|Qualys SSL Test]]
 +
 +====== TODO ======
 +
 +===== Exploit Protection =====
 +
 +  * https://learn.microsoft.com/en-us/defender-endpoint/exploit-protection-reference
 +
 +==== nginx ====
 +
 +  nginx.exe
 +
 +  * Arbitrary code guard (ACG): On
 +    * ''[ ]'' Allow thread opt-out
 +  * Block low integrity images: On
 +  * Block remote images: On
 +  * Block untrusted fonts: On
 +  * Control integrity guard: On
 +    * ''[ ]'' Also allow loading of images signed by Microsoft Store
 +  * Control flow guard (CFG): On
 +    * :!: ''[ ]'' Use strict CFG
 +  * Data Execution Prevention (DEP): On
 +    * ''[ ]'' Enable ATL thunk emulation
 +  * Disable extension points: On
 +  * :!: Disable Win32k system calls: Off
 +  * :!: Do not allow child processes: Off
 +  * Export address filtering (EAF): On
 +    * ''[x]'' Validate access for modules that are commonly abused by exploits.
 +  * Force randomization for images (Mandatory ASLR): On
 +    * ''[x]'' Do not allow stripped images
 +  * Hardware-enforced Stack Protection: On
 +    * ''[x]'' Enforce for all modules instead of only compatible modules
 +  * Import address filtering (IAF): On
 +  * Randomize memory allocations (Bottom-up ASLR): On
 +    * ''[ ]'' Don't use high entropy
 +  * Simulate execution (SimExec): On
 +  * Validate API invocation (CallerCheck): On
 +  * Validate exception chains (SEHOP): On
 +  * Validate handle usage: On
 +  * Validate heap integrity: On
 +  * Validate image dependency integrity: On
 +  * Validate stack integrity (StackPivot): On
 +
 +==== PHP-CGI ====
 +
 +  php-cgi.exe
 +
 +  * :!: Arbitrary code guard (ACG): Off
 +  * Block low integrity images: On
 +  * Block remote images: On
 +  * Block untrusted fonts: On
 +  * :!: Control integrity guard: Off
 +  * Control flow guard (CFG): On
 +    * :!: ''[ ]'' Use strict CFG
 +  * Data Execution Prevention (DEP): On
 +    * ''[ ]'' Enable ATL thunk emulation
 +  * Disable extension points: On
 +  * :!: Disable Win32k system calls: Off
 +  * :!: Do not allow child processes: Off
 +  * Export address filtering (EAF): On
 +    * ''[x]'' Validate access for modules that are commonly abused by exploits.
 +  * Force randomization for images (Mandatory ASLR): On
 +    * ''[x]'' Do not allow stripped images
 +  * Hardware-enforced Stack Protection: On
 +    * ''[x]'' Enforce for all modules instead of only compatible modules
 +  * Import address filtering (IAF): On
 +  * Randomize memory allocations (Bottom-up ASLR): On
 +    * ''[ ]'' Don't use high entropy
 +  * Simulate execution (SimExec): On
 +  * Validate API invocation (CallerCheck): On
 +  * Validate exception chains (SEHOP): On
 +  * Validate handle usage: On
 +  * Validate heap integrity: On
 +  * Validate image dependency integrity: On
 +  * Validate stack integrity (StackPivot): On
  
/var/www/wiki/data/attic/servers/windows/nginx_php_php-cgi.1768938622.txt.gz · Last modified: by Sean Rhone
Except where otherwise noted, content on this wiki is licensed under the following license: CC0 1.0 Universal
CC0 1.0 Universal Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki