Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
S
staging.biuro
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Biuro
staging.biuro
Commits
6a17e678
Commit
6a17e678
authored
Nov 26, 2019
by
Simon
Browse files
Options
Browse Files
Download
Plain Diff
Merge branch 'release-1.12.0'
parents
82ff785b
d2ef1082
Changes
6
Show whitespace changes
Inline
Side-by-side
Showing
6 changed files
with
27 additions
and
80 deletions
+27
-80
.env
.env
+1
-1
docker-compose.yml
docker-compose.yml
+0
-31
server-shared.conf
nginx/conf.d/server-shared.conf
+0
-1
ocsp_stapling.conf
nginx/h5bp/ssl/ocsp_stapling.conf
+22
-5
policy_deprecated.conf
nginx/h5bp/ssl/policy_deprecated.conf
+1
-1
nginx.conf
nginx/nginx.conf
+3
-41
No files found.
.env
View file @
6a17e678
...
...
@@ -2,7 +2,7 @@ PROJECT=biuro-staging
IMAGE_NGINX=fholzer/nginx-brotli
IMAGE_MYSQL=mariadb:10.3
IMAGE_WORDPRESS=biuro/web:1.1
1.1
IMAGE_WORDPRESS=biuro/web:1.1
2.0
IMAGE_WORDPRESS_CLI=wordpress:cli-php7.3
DB_NAME=staging_biuro
...
...
docker-compose.yml
View file @
6a17e678
...
...
@@ -102,37 +102,6 @@ services:
wp core update --force;
wp core update-db --network;
# wp option update permalink_structure "/%postname%/" --skip-themes --skip-plugins;
# wp option update timezone_string "Manual Offsets/UTC+2";
# wp option update date_format "Y-m-d";
# wp option update time_format "H:i";
# wp plugin install permalink-manager --force --activate-network;
# wp plugin install pods --activate-network;
# wp plugin install polylang --activate-network;
# wp plugin install wordpress-seo --activate-network;
# wp plugin install loco-translate --activate-network;
# wp plugin install google-sitemap-generator --activate-network;
# wp plugin update --all;
wp plugin update akismet --version=4.1.2;
wp plugin uninstall hello;
# wp plugin activate akismet --network;
# wp plugin activate biuro-contacts --network;
# wp plugin activate biuro-feedbacks --network;
# wp plugin activate biuro-html --network;
# wp plugin activate biuro-sections --network;
# wp plugin activate biuro-services --network;
# wp plugin activate biuro-values --network;
# wp plugin activate cookies-warning --network;
# wp plugin activate data-controller --network;
# wp theme update --all;
# wp theme activate biuro;
wp theme delete twentynineteen
wp theme delete twentyseventeen
wp theme delete twentysixteen
wp language core update;
wp language theme update --all;
wp language plugin update --all;
...
...
nginx/conf.d/server-shared.conf
View file @
6a17e678
...
...
@@ -24,7 +24,6 @@ location /wp-json/api/v1/contacts {
try_files
$
uri
$
uri
/ /
index
.
php
?$
args
;
auth_basic
"Basic auth"
;
auth_basic_user_file
/
etc
/
nginx
/.
htpasswd
;
# auth_basic_user_file /var/www/html/.htpasswd;
}
location
/
wp
-
json
/
api
/
v1
/
recommended
{
...
...
nginx/h5bp/ssl/ocsp_stapling.conf
View file @
6a17e678
...
...
@@ -2,17 +2,34 @@
# | Online Certificate Status Protocol stapling |
# ----------------------------------------------------------------------
# OCSP is a lightweight, only one record to help clients verify the
#
validity of
the server certificate.
# OCSP stapling allow
the server to send its cached OCSP record during
#
the TLS handshake, wh
ithout the need of 3rd party OCSP responder.
# OCSP is a lightweight, only one record to help clients verify the
validity of
# the server certificate.
# OCSP stapling allow
s the server to send its cached OCSP record during the TLS
#
handshake, w
ithout the need of 3rd party OCSP responder.
#
# https://wiki.mozilla.org/Security/Server_Side_TLS#OCSP_Stapling
# https://tools.ietf.org/html/rfc6066#section-8
# https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_stapling
#
# (1) Use Cloudflare 1.1.1.1 DNS resolver
# https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/
#
# (2) Use Google 8.8.8.8 DNS resolver
# https://developers.google.com/speed/public-dns/docs/using
#
# (3) Use OpenDNS resolver
# https://use.opendns.com
ssl_stapling
on
;
ssl_stapling_verify
on
;
resolver
8
.
8
.
8
.
8
8
.
8
.
4
.
4
216
.
146
.
35
.
35
216
.
146
.
36
.
36
valid
=
60
s
;
resolver
# (1)
1
.
1
.
1
.
1
1
.
0
.
0
.
1
[
2606
:
4700
:
4700
::
1111
] [
2606
:
4700
:
4700
::
1001
]
# (2)
8
.
8
.
8
.
8
8
.
8
.
4
.
4
[
2001
:
4860
:
4860
::
8888
] [
2001
:
4860
:
4860
::
8844
]
# (3)
# 208.67.222.222 208.67.220.220 [2620:119:35::35] [2620:119:53::53]
valid
=
60
s
ipv6
=
off
;
resolver_timeout
2
s
;
nginx/h5bp/ssl/policy_deprecated.conf
View file @
6a17e678
...
...
@@ -22,7 +22,7 @@
# https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations
# https://nginx.org/en/docs/http/ngx_http_ssl_module.html
ssl_protocols
TLSv1
TLSv1
.
1
TLSv1
.
2
;
ssl_protocols
TLSv1
TLSv1
.
1
TLSv1
.
2
TLSv1
.
3
;
ssl_ciphers
ECDHE
-
ECDSA
-
CHACHA20
-
POLY1305
:
ECDHE
-
RSA
-
CHACHA20
-
POLY1305
:
ECDHE
-
ECDSA
-
AES128
-
GCM
-
SHA256
:
ECDHE
-
RSA
-
AES128
-
GCM
-
SHA256
:
ECDHE
-
ECDSA
-
AES256
-
GCM
-
SHA384
:
ECDHE
-
RSA
-
AES256
-
GCM
-
SHA384
:
DHE
-
RSA
-
AES128
-
GCM
-
SHA256
:
DHE
-
RSA
-
AES256
-
GCM
-
SHA384
:
ECDHE
-
ECDSA
-
AES128
-
SHA
:
ECDHE
-
RSA
-
AES128
-
SHA
:
ECDHE
-
ECDSA
-
AES256
-
SHA
:
ECDHE
-
RSA
-
AES256
-
SHA
:
ECDHE
-
ECDSA
-
AES128
-
SHA256
:
ECDHE
-
RSA
-
AES128
-
SHA256
:
ECDHE
-
ECDSA
-
AES256
-
SHA384
:
ECDHE
-
RSA
-
AES256
-
SHA384
:
DHE
-
RSA
-
AES128
-
SHA
:
DHE
-
RSA
-
AES256
-
SHA
:
DHE
-
RSA
-
AES128
-
SHA256
:
DHE
-
RSA
-
AES256
-
SHA256
:
AES128
-
GCM
-
SHA256
:
AES256
-
GCM
-
SHA384
:
AES128
-
SHA
:
AES256
-
SHA
:
AES128
-
SHA256
:
AES256
-
SHA256
:
ECDHE
-
ECDSA
-
DES
-
CBC3
-
SHA
:
ECDHE
-
RSA
-
DES
-
CBC3
-
SHA
:
EDH
-
RSA
-
DES
-
CBC3
-
SHA
:
DES
-
CBC3
-
SHA
;
ssl_ecdh_curve
X25519
:
prime256v1
:
secp521r1
:
secp384r1
;
...
...
nginx/nginx.conf
View file @
6a17e678
...
...
@@ -162,14 +162,15 @@ http {
font/woff2
"*"
;
}
client_body_buffer_size
10M
;
#
client_body_buffer_size 10M;
client_max_body_size
10M
;
# proxy_max_temp_file_size: 0;
# Include files in the conf.d folder.
# server{} configuration files should be placed in the conf.d folder.
# The configurations should be disabled by prefixing files with a dot.
include
h5bp/ssl/ocsp_stapling.conf
;
#
include h5bp/ssl/ocsp_stapling.conf;
# include h5bp/ssl/policy_modern.conf;
# include h5bp/ssl/policy_deprecated.conf;
include
h5bp/ssl/policy_intermediate.conf
;
...
...
@@ -177,42 +178,3 @@ http {
include
/etc/nginx/conf.d/staging-biuro.conf
;
}
# user nginx;
# worker_processes 1;
# error_log /var/log/nginx/error.log warn;
# pid /var/run/nginx.pid;
# events {
# worker_connections 1024;
# }
# http {
# include /etc/nginx/mime.types;
# default_type application/octet-stream;
# log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
# access_log /var/log/nginx/access.log main;
# sendfile on;
# #tcp_nopush on;
# keepalive_timeout 65;
# gzip on;
# brotli on;
# ################################
# # DO WHATEVER YOU WANT HERE :) #
# ################################
# include /etc/nginx/conf.d/*.conf;
# }
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
