provizioning 0.8.6 → 0.8.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. data/lib/provizioning/version.rb +1 -1
  2. data/puppet/modules/nginx/templates/fcgi_drupal_site.erb +6 -0
  3. data/puppet/modules/nginx/templates/fcgi_site.erb +49 -30
  4. metadata +5 -5
data/lib/provizioning/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Provizioning
2
- VERSION = "0.8.6"
2
+ VERSION = "0.8.7"
3
3
  end
data/puppet/modules/nginx/templates/fcgi_drupal_site.erb CHANGED
@@ -64,4 +64,10 @@ server {
64
64
  expires max;
65
65
  log_not_found off;
66
66
  }
67
+
68
+ # Deny access to .htaccess files,
69
+ # git & svn repositories, etc
70
+ location ~ /(\.ht|\.git|\.svn) {
71
+ deny all;
72
+ }
67
73
  }
data/puppet/modules/nginx/templates/fcgi_site.erb CHANGED
@@ -1,38 +1,57 @@
1
1
  server {
2
- listen <%= listen %> ;
3
-
4
- server_name <% real_server_name.each do |s_n| -%><%= s_n %> <% end -%>;
5
-
6
- access_log <%= real_access_log %>;
7
-
8
- root <%= root %>;
2
+ server_name <% real_server_name.each do |s_n| -%><%= s_n %> <% end -%>;
3
+ access_log <%= real_access_log %>;
4
+ error_log <%= real_error_log %>;
5
+ root <%= root %>;
9
6
 
10
7
  <% if listen == '443' %>
11
- ssl on;
12
- ssl_certificate <%= real_ssl_certificate %>;
13
- ssl_certificate_key <%= real_ssl_certificate_key %>;
8
+ ssl on;
9
+ ssl_certificate <%= real_ssl_certificate %>;
10
+ ssl_certificate_key <%= real_ssl_certificate_key %>;
14
11
 
15
- ssl_session_timeout <%= ssl_session_timeout %>;
12
+ ssl_session_timeout <%= ssl_session_timeout %>;
16
13
 
17
- ssl_protocols SSLv2 SSLv3 TLSv1;
18
- ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
19
- ssl_prefer_server_ciphers on;
14
+ ssl_protocols SSLv2 SSLv3 TLSv1;
15
+ ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
16
+ ssl_prefer_server_ciphers on;
20
17
  <% end -%>
21
- location / {
22
- }
23
-
24
- location ~ \.php$ {
25
- fastcgi_pass <%= fastcgi_pass %>;
26
- fastcgi_index index.php;
27
- fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
28
- include /etc/nginx/includes/fastcgi_params.inc;
29
- }
30
-
31
- location ~ /\.ht {
32
- deny all;
33
- }
34
-
35
- <% if include != '' %> <%include.each do |inc| %>include <%= inc %>;
36
- <% end -%><% end -%>
18
+ # Very rarely should these ever be accessed outside of your LAN
19
+ location ~* \.(txt|log)$ {
20
+ allow 10.0.0.0/8;
21
+ allow 172.16.0.0/12;
22
+ allow 192.168.0.0/16;
23
+ deny all;
24
+ }
25
+
26
+ location ~ \..*/.*\.php$ {
27
+ return 403;
28
+ }
29
+
30
+ location / {
31
+ # This is cool because no php is touched for static content
32
+ try_files $uri @rewrite;
33
+ }
34
+
35
+ location @rewrite {
36
+ # Some modules enforce no slash (/) at the end of the URL
37
+ # Else this rewrite block wouldn't be needed (GlobalRedirect)
38
+ rewrite ^/(.*)$ /index.php?url=$1;
39
+ }
40
+
41
+ location ~ \.php$ {
42
+ fastcgi_pass <%= fastcgi_pass %>;
43
+ fastcgi_index index.php;
44
+ fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
45
+ include /etc/nginx/includes/fastcgi_params.inc;
46
+ }
47
+
48
+ # Deny access to .htaccess files,
49
+ # git & svn repositories, etc
50
+ location ~ /(\.ht|\.git|\.svn) {
51
+ deny all;
52
+ }
53
+
54
+ <% if include != '' %> <%include.each do |inc| %>include <%= inc %>;
55
+ <% end -%><% end -%>
37
56
  }
38
57
 
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: provizioning
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.8.6
4
+ version: 0.8.7
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -13,7 +13,7 @@ date: 2012-03-25 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: capistrano
16
- requirement: &70322742592560 !ruby/object:Gem::Requirement
16
+ requirement: &70223413217020 !ruby/object:Gem::Requirement
17
17
  none: false
18
18
  requirements:
19
19
  - - ! '>='
@@ -21,10 +21,10 @@ dependencies:
21
21
  version: '0'
22
22
  type: :runtime
23
23
  prerelease: false
24
- version_requirements: *70322742592560
24
+ version_requirements: *70223413217020
25
25
  - !ruby/object:Gem::Dependency
26
26
  name: capistrano-ext
27
- requirement: &70322742582000 !ruby/object:Gem::Requirement
27
+ requirement: &70223413216500 !ruby/object:Gem::Requirement
28
28
  none: false
29
29
  requirements:
30
30
  - - ! '>='
@@ -32,7 +32,7 @@ dependencies:
32
32
  version: '0'
33
33
  type: :runtime
34
34
  prerelease: false
35
- version_requirements: *70322742582000
35
+ version_requirements: *70223413216500
36
36
  description: Puppet server provisioning tools, recipes and templates
37
37
  email:
38
38
  - victor.castell@season.es