diff --git a/nginx/nginx/sites-available/404.conf b/nginx/nginx/sites-available/404.conf index 612dc95..d1b2bcf 100644 --- a/nginx/nginx/sites-available/404.conf +++ b/nginx/nginx/sites-available/404.conf @@ -10,4 +10,5 @@ server { location / { index index.html; } + include /etc/nginx/snippets/deny-dotfiles.conf; } diff --git a/nginx/nginx/sites-available/afp.conf b/nginx/nginx/sites-available/afp.conf index 9834466..1526350 100644 --- a/nginx/nginx/sites-available/afp.conf +++ b/nginx/nginx/sites-available/afp.conf @@ -10,4 +10,5 @@ server { proxy_pass http://127.0.0.1:10080; proxy_redirect off; } + include /etc/nginx/snippets/deny-dotfiles.conf; } diff --git a/nginx/nginx/sites-available/aria.conf b/nginx/nginx/sites-available/aria.conf index a9be343..d97b5a8 100644 --- a/nginx/nginx/sites-available/aria.conf +++ b/nginx/nginx/sites-available/aria.conf @@ -9,6 +9,7 @@ server { proxy_set_header Host $host; proxy_pass http://127.0.0.1:5001; } + include /etc/nginx/snippets/deny-dotfiles.conf; } server { @@ -20,6 +21,7 @@ server { location / { return 301 https://cordelia.nhcarrigan.com$uri$is_args$args; } + include /etc/nginx/snippets/deny-dotfiles.conf; } server { @@ -33,6 +35,7 @@ server { proxy_pass http://127.0.0.1:5002; proxy_redirect off; } + include /etc/nginx/snippets/deny-dotfiles.conf; } server { @@ -44,6 +47,7 @@ server { location / { return 301 https://aria.nhcarrigan.com; } + include /etc/nginx/snippets/deny-dotfiles.conf; } server { @@ -56,4 +60,5 @@ server { proxy_set_header Host $host; proxy_pass http://0.0.0.0:5000; } + include /etc/nginx/snippets/deny-dotfiles.conf; } diff --git a/nginx/nginx/sites-available/bots.conf b/nginx/nginx/sites-available/bots.conf index f8937e5..0b92d0a 100644 --- a/nginx/nginx/sites-available/bots.conf +++ b/nginx/nginx/sites-available/bots.conf @@ -10,6 +10,7 @@ server { proxy_pass http://127.0.0.1:6022; proxy_redirect off; } + include /etc/nginx/snippets/deny-dotfiles.conf; } server { @@ -23,6 +24,7 @@ server { proxy_pass http://127.0.0.1:7044; proxy_redirect off; } + include /etc/nginx/snippets/deny-dotfiles.conf; } server { @@ -36,6 +38,7 @@ server { proxy_pass http://127.0.0.1:5010; proxy_redirect off; } + include /etc/nginx/snippets/deny-dotfiles.conf; } server { @@ -49,6 +52,7 @@ server { proxy_pass http://127.0.0.1:7055; proxy_redirect off; } + include /etc/nginx/snippets/deny-dotfiles.conf; } server { @@ -62,6 +66,7 @@ server { proxy_pass http://127.0.0.1:6111; proxy_redirect off; } + include /etc/nginx/snippets/deny-dotfiles.conf; } server { @@ -74,6 +79,7 @@ server { proxy_set_header Host $host; proxy_pass http://127.0.0.1:5018; } + include /etc/nginx/snippets/deny-dotfiles.conf; } server { @@ -87,6 +93,7 @@ server { proxy_pass http://127.0.0.1:5012; proxy_redirect off; } + include /etc/nginx/snippets/deny-dotfiles.conf; } server { @@ -100,6 +107,7 @@ server { proxy_pass http://127.0.0.1:3333; proxy_redirect off; } + include /etc/nginx/snippets/deny-dotfiles.conf; } server { @@ -112,6 +120,7 @@ server { proxy_set_header Host $host; proxy_pass http://127.0.0.1:5022; } + include /etc/nginx/snippets/deny-dotfiles.conf; } server { @@ -125,6 +134,7 @@ server { proxy_pass http://127.0.0.1:5011; proxy_redirect off; } + include /etc/nginx/snippets/deny-dotfiles.conf; } server { @@ -137,6 +147,7 @@ server { proxy_set_header Host $host; proxy_pass http://127.0.0.1:5443; } + include /etc/nginx/snippets/deny-dotfiles.conf; } server { @@ -150,6 +161,7 @@ server { proxy_pass http://127.0.0.1:6019; proxy_redirect off; } + include /etc/nginx/snippets/deny-dotfiles.conf; } server { @@ -162,6 +174,7 @@ server { proxy_set_header Host $host; proxy_pass https://127.0.0.1:4443; } + include /etc/nginx/snippets/deny-dotfiles.conf; } server { @@ -175,6 +188,7 @@ server { proxy_pass http://127.0.0.1:9100; proxy_redirect off; } + include /etc/nginx/snippets/deny-dotfiles.conf; } server { @@ -188,6 +202,7 @@ server { proxy_pass http://127.0.0.1:7066; proxy_redirect off; } + include /etc/nginx/snippets/deny-dotfiles.conf; } server { @@ -200,6 +215,7 @@ server { proxy_set_header Host $host; proxy_pass http://127.0.0.1:5019; } + include /etc/nginx/snippets/deny-dotfiles.conf; } server { @@ -213,6 +229,7 @@ server { proxy_pass http://127.0.0.1:8123; proxy_redirect off; } + include /etc/nginx/snippets/deny-dotfiles.conf; } server { @@ -225,6 +242,7 @@ server { proxy_set_header Host $host; proxy_pass http://127.0.0.1:6088; } + include /etc/nginx/snippets/deny-dotfiles.conf; } server { @@ -237,6 +255,7 @@ server { proxy_set_header Host $host; proxy_pass http://127.0.0.1:3443; } + include /etc/nginx/snippets/deny-dotfiles.conf; } server { @@ -249,4 +268,5 @@ server { proxy_set_header Host $host; proxy_pass http://127.0.0.1:6099; } + include /etc/nginx/snippets/deny-dotfiles.conf; } diff --git a/nginx/nginx/sites-available/catch-all.conf b/nginx/nginx/sites-available/catch-all.conf index 47f07fa..97c3ca4 100644 --- a/nginx/nginx/sites-available/catch-all.conf +++ b/nginx/nginx/sites-available/catch-all.conf @@ -19,4 +19,5 @@ server { location = /index.html { internal; } + include /etc/nginx/snippets/deny-dotfiles.conf; } diff --git a/nginx/nginx/sites-available/cdn.conf b/nginx/nginx/sites-available/cdn.conf index 1d41f2f..718c06a 100644 --- a/nginx/nginx/sites-available/cdn.conf +++ b/nginx/nginx/sites-available/cdn.conf @@ -49,4 +49,5 @@ server { return 204; } } + include /etc/nginx/snippets/deny-dotfiles.conf; } diff --git a/nginx/nginx/sites-available/celestine.conf b/nginx/nginx/sites-available/celestine.conf index 9eed0a5..4971efd 100644 --- a/nginx/nginx/sites-available/celestine.conf +++ b/nginx/nginx/sites-available/celestine.conf @@ -10,6 +10,7 @@ server { proxy_pass http://127.0.0.1:9080; proxy_redirect off; } + include /etc/nginx/snippets/deny-dotfiles.conf; } server { @@ -21,4 +22,5 @@ server { location / { return 301 https://celestine.nhcarrigan.com$uri$is_args$args; } + include /etc/nginx/snippets/deny-dotfiles.conf; } diff --git a/nginx/nginx/sites-available/content.conf b/nginx/nginx/sites-available/content.conf index 4e1a06b..3cd70e6 100644 --- a/nginx/nginx/sites-available/content.conf +++ b/nginx/nginx/sites-available/content.conf @@ -10,6 +10,7 @@ server { proxy_pass http://127.0.0.1:3003; proxy_redirect off; } + include /etc/nginx/snippets/deny-dotfiles.conf; } server { @@ -27,6 +28,7 @@ server { location /books.json { try_files /books.json =404; } + include /etc/nginx/snippets/deny-dotfiles.conf; } server { @@ -40,6 +42,7 @@ server { location / { index index.html; } + include /etc/nginx/snippets/deny-dotfiles.conf; } server { @@ -57,6 +60,7 @@ server { location /songs.json { try_files /songs.json =404; } + include /etc/nginx/snippets/deny-dotfiles.conf; } server { @@ -70,6 +74,7 @@ server { location / { index index.html; } + include /etc/nginx/snippets/deny-dotfiles.conf; } server { @@ -83,6 +88,7 @@ server { location / { index index.html; } + include /etc/nginx/snippets/deny-dotfiles.conf; } server { @@ -96,4 +102,5 @@ server { location / { index index.html; } + include /etc/nginx/snippets/deny-dotfiles.conf; } diff --git a/nginx/nginx/sites-available/data.conf b/nginx/nginx/sites-available/data.conf index d6ef3c6..a158da0 100644 --- a/nginx/nginx/sites-available/data.conf +++ b/nginx/nginx/sites-available/data.conf @@ -10,4 +10,5 @@ server { proxy_pass http://127.0.0.1:9999; proxy_redirect off; } + include /etc/nginx/snippets/deny-dotfiles.conf; } diff --git a/nginx/nginx/sites-available/docs.conf b/nginx/nginx/sites-available/docs.conf index 32bcafb..ce72295 100644 --- a/nginx/nginx/sites-available/docs.conf +++ b/nginx/nginx/sites-available/docs.conf @@ -10,6 +10,7 @@ server { location / { index index.html; } + include /etc/nginx/snippets/deny-dotfiles.conf; } server { @@ -23,6 +24,7 @@ server { location / { index index.html; } + include /etc/nginx/snippets/deny-dotfiles.conf; } server { @@ -36,6 +38,7 @@ server { location / { index index.html; } + include /etc/nginx/snippets/deny-dotfiles.conf; } server { @@ -49,6 +52,7 @@ server { location / { index index.html; } + include /etc/nginx/snippets/deny-dotfiles.conf; } server { @@ -62,4 +66,5 @@ server { location / { index index.html; } + include /etc/nginx/snippets/deny-dotfiles.conf; } diff --git a/nginx/nginx/sites-available/eclaire.conf b/nginx/nginx/sites-available/eclaire.conf index 77998ac..4b4cfe4 100644 --- a/nginx/nginx/sites-available/eclaire.conf +++ b/nginx/nginx/sites-available/eclaire.conf @@ -11,4 +11,5 @@ server { location / { try_files $uri $uri/ /index.html; } + include /etc/nginx/snippets/deny-dotfiles.conf; } diff --git a/nginx/nginx/sites-available/elowyn.conf b/nginx/nginx/sites-available/elowyn.conf index 48c1f51..be181e7 100644 --- a/nginx/nginx/sites-available/elowyn.conf +++ b/nginx/nginx/sites-available/elowyn.conf @@ -15,4 +15,5 @@ server { location ~* \.(js|css)$ { try_files $uri $uri/ @rewrite; } + include /etc/nginx/snippets/deny-dotfiles.conf; } diff --git a/nginx/nginx/sites-available/elysium.conf b/nginx/nginx/sites-available/elysium.conf index 06ba518..aa77cd7 100644 --- a/nginx/nginx/sites-available/elysium.conf +++ b/nginx/nginx/sites-available/elysium.conf @@ -21,4 +21,5 @@ server { location ~* \.(js|css)$ { try_files $uri $uri/ @rewrite; } + include /etc/nginx/snippets/deny-dotfiles.conf; } diff --git a/nginx/nginx/sites-available/forms.conf b/nginx/nginx/sites-available/forms.conf index 7c667d6..b4fadf5 100644 --- a/nginx/nginx/sites-available/forms.conf +++ b/nginx/nginx/sites-available/forms.conf @@ -10,6 +10,7 @@ server { proxy_pass http://127.0.0.1:1234; proxy_redirect off; } + include /etc/nginx/snippets/deny-dotfiles.conf; } server { @@ -148,4 +149,5 @@ server { proxy_pass http://127.0.0.1:11111; proxy_redirect off; } + include /etc/nginx/snippets/deny-dotfiles.conf; } diff --git a/nginx/nginx/sites-available/games.conf b/nginx/nginx/sites-available/games.conf index b767d57..96d9f96 100644 --- a/nginx/nginx/sites-available/games.conf +++ b/nginx/nginx/sites-available/games.conf @@ -18,6 +18,7 @@ server { location /prologue { index index.html; } + include /etc/nginx/snippets/deny-dotfiles.conf; } server { @@ -44,6 +45,7 @@ server { add_header Cache-Control "public"; access_log off; } + include /etc/nginx/snippets/deny-dotfiles.conf; } server { @@ -57,6 +59,7 @@ server { location / { index index.html; } + include /etc/nginx/snippets/deny-dotfiles.conf; } server { @@ -70,6 +73,7 @@ server { location / { index index.html; } + include /etc/nginx/snippets/deny-dotfiles.conf; } server { @@ -83,6 +87,7 @@ server { location / { index index.html; } + include /etc/nginx/snippets/deny-dotfiles.conf; } server { @@ -96,6 +101,7 @@ server { location / { index index.html; } + include /etc/nginx/snippets/deny-dotfiles.conf; } server { @@ -124,6 +130,7 @@ server { location ~ /\.(?!well-known) { deny all; } + include /etc/nginx/snippets/deny-dotfiles.conf; } server { @@ -137,6 +144,7 @@ server { proxy_pass http://127.0.0.1:5033; proxy_redirect off; } + include /etc/nginx/snippets/deny-dotfiles.conf; } server { @@ -150,6 +158,7 @@ server { proxy_pass http://127.0.0.1:5033; proxy_redirect off; } + include /etc/nginx/snippets/deny-dotfiles.conf; } server { @@ -169,6 +178,7 @@ server { add_header Content-Type text/plain; return 200 "google.com, pub-3569924701890974, DIRECT, f08c47fec0942fa0"; } + include /etc/nginx/snippets/deny-dotfiles.conf; } server { @@ -188,4 +198,5 @@ server { add_header Content-Type text/plain; return 200 "google.com, pub-3569924701890974, DIRECT, f08c47fec0942fa0"; } + include /etc/nginx/snippets/deny-dotfiles.conf; } diff --git a/nginx/nginx/sites-available/git.conf b/nginx/nginx/sites-available/git.conf index 73f2498..48fcb55 100644 --- a/nginx/nginx/sites-available/git.conf +++ b/nginx/nginx/sites-available/git.conf @@ -11,4 +11,5 @@ server { proxy_pass http://127.0.0.1:53000; proxy_redirect off; } + include /etc/nginx/snippets/deny-dotfiles.conf; } diff --git a/nginx/nginx/sites-available/hikari.conf b/nginx/nginx/sites-available/hikari.conf index e02cd8e..446c580 100644 --- a/nginx/nginx/sites-available/hikari.conf +++ b/nginx/nginx/sites-available/hikari.conf @@ -6,6 +6,7 @@ server { ssl_certificate_key /etc/letsencrypt/live/announcements.nhcarrigan.com/privkey.pem; return 301 https://hikari.nhcarrigan.com/announcements; + include /etc/nginx/snippets/deny-dotfiles.conf; } server { @@ -33,6 +34,7 @@ server { location / { try_files $uri $uri/ /index.html; } + include /etc/nginx/snippets/deny-dotfiles.conf; } server { @@ -44,4 +46,5 @@ server { location / { return 301 https://hikari.nhcarrigan.com/products; } + include /etc/nginx/snippets/deny-dotfiles.conf; } diff --git a/nginx/nginx/sites-available/library.conf b/nginx/nginx/sites-available/library.conf index 37b4ca1..d4015bd 100644 --- a/nginx/nginx/sites-available/library.conf +++ b/nginx/nginx/sites-available/library.conf @@ -10,4 +10,5 @@ server { proxy_pass http://127.0.0.1:12321; proxy_redirect off; } + include /etc/nginx/snippets/deny-dotfiles.conf; } diff --git a/nginx/nginx/sites-available/lucinda.conf b/nginx/nginx/sites-available/lucinda.conf index 7d8aebd..9b748c9 100644 --- a/nginx/nginx/sites-available/lucinda.conf +++ b/nginx/nginx/sites-available/lucinda.conf @@ -22,4 +22,5 @@ server { location / { try_files $uri $uri/ /index.html; } + include /etc/nginx/snippets/deny-dotfiles.conf; } diff --git a/nginx/nginx/sites-available/lynira.conf b/nginx/nginx/sites-available/lynira.conf index 12efa5e..69b3fa6 100644 --- a/nginx/nginx/sites-available/lynira.conf +++ b/nginx/nginx/sites-available/lynira.conf @@ -9,6 +9,7 @@ server { proxy_set_header Host $host; proxy_pass http://127.0.0.1:5044; } + include /etc/nginx/snippets/deny-dotfiles.conf; } server { @@ -21,4 +22,5 @@ server { proxy_set_header Host $host; proxy_pass http://127.0.0.1:5044; } + include /etc/nginx/snippets/deny-dotfiles.conf; } diff --git a/nginx/nginx/sites-available/mommy.conf b/nginx/nginx/sites-available/mommy.conf index 844ba94..39cb065 100644 --- a/nginx/nginx/sites-available/mommy.conf +++ b/nginx/nginx/sites-available/mommy.conf @@ -10,6 +10,7 @@ server { proxy_pass http://127.0.0.1:8009; proxy_redirect off; } + include /etc/nginx/snippets/deny-dotfiles.conf; } server { @@ -23,6 +24,7 @@ server { proxy_pass http://127.0.0.1:8010; proxy_redirect off; } + include /etc/nginx/snippets/deny-dotfiles.conf; } server { @@ -36,4 +38,5 @@ server { proxy_pass http://127.0.0.1:8008; proxy_redirect off; } + include /etc/nginx/snippets/deny-dotfiles.conf; } diff --git a/nginx/nginx/sites-available/monitoring.conf b/nginx/nginx/sites-available/monitoring.conf index bb4d897..757ea21 100644 --- a/nginx/nginx/sites-available/monitoring.conf +++ b/nginx/nginx/sites-available/monitoring.conf @@ -17,6 +17,7 @@ server { proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; } + include /etc/nginx/snippets/deny-dotfiles.conf; } server { @@ -29,6 +30,7 @@ server { proxy_set_header Host $host; proxy_pass http://127.0.0.1:3001; } + include /etc/nginx/snippets/deny-dotfiles.conf; } server { @@ -52,6 +54,7 @@ server { proxy_send_timeout 1m; proxy_read_timeout 1m; } + include /etc/nginx/snippets/deny-dotfiles.conf; } server { @@ -65,6 +68,7 @@ server { proxy_pass http://127.0.0.1:5080; proxy_redirect off; } + include /etc/nginx/snippets/deny-dotfiles.conf; } server { @@ -77,4 +81,5 @@ server { proxy_set_header Host $host; proxy_pass http://127.0.0.1:3001; } + include /etc/nginx/snippets/deny-dotfiles.conf; } diff --git a/nginx/nginx/sites-available/nails.conf b/nginx/nginx/sites-available/nails.conf index b6dfe45..5925f13 100644 --- a/nginx/nginx/sites-available/nails.conf +++ b/nginx/nginx/sites-available/nails.conf @@ -10,6 +10,7 @@ server { proxy_pass http://127.0.0.1:1235; proxy_redirect off; } + include /etc/nginx/snippets/deny-dotfiles.conf; } server { @@ -28,4 +29,5 @@ server { location ~* \.(js|css)$ { try_files $uri $uri/ @rewrite; } + include /etc/nginx/snippets/deny-dotfiles.conf; } diff --git a/nginx/nginx/sites-available/nocturne.conf b/nginx/nginx/sites-available/nocturne.conf index 68fd767..127e943 100644 --- a/nginx/nginx/sites-available/nocturne.conf +++ b/nginx/nginx/sites-available/nocturne.conf @@ -10,6 +10,7 @@ server { location / { index index.html; } + include /etc/nginx/snippets/deny-dotfiles.conf; } server { @@ -23,4 +24,5 @@ server { location / { index index.html; } + include /etc/nginx/snippets/deny-dotfiles.conf; } diff --git a/nginx/nginx/sites-available/notes.conf b/nginx/nginx/sites-available/notes.conf index 5e825fe..ca955a3 100644 --- a/nginx/nginx/sites-available/notes.conf +++ b/nginx/nginx/sites-available/notes.conf @@ -43,6 +43,7 @@ server { proxy_cache_lock on; proxy_http_version 1.1; } + include /etc/nginx/snippets/deny-dotfiles.conf; } server { @@ -89,4 +90,5 @@ server { proxy_cache_lock on; proxy_http_version 1.1; } + include /etc/nginx/snippets/deny-dotfiles.conf; } diff --git a/nginx/nginx/sites-available/portfolio.conf b/nginx/nginx/sites-available/portfolio.conf index 642319e..8088649 100644 --- a/nginx/nginx/sites-available/portfolio.conf +++ b/nginx/nginx/sites-available/portfolio.conf @@ -24,6 +24,7 @@ server { location /koikatsu { try_files /koikatsu.html =404; } + include /etc/nginx/snippets/deny-dotfiles.conf; } server { @@ -42,6 +43,7 @@ server { add_header Content-Type text/plain; return 200 "google.com, pub-3569924701890974, DIRECT, f08c47fec0942fa0"; } + include /etc/nginx/snippets/deny-dotfiles.conf; } server { @@ -68,6 +70,7 @@ server { location /koikatsu { try_files /koikatsu.html =404; } + include /etc/nginx/snippets/deny-dotfiles.conf; } server { @@ -86,6 +89,7 @@ server { add_header Content-Type text/plain; return 200 "google.com, pub-3569924701890974, DIRECT, f08c47fec0942fa0"; } + include /etc/nginx/snippets/deny-dotfiles.conf; } server { @@ -105,6 +109,7 @@ server { index index.html; try_files $uri $uri/ /index.html; } + include /etc/nginx/snippets/deny-dotfiles.conf; } server { @@ -126,6 +131,7 @@ server { location /koikatsu { try_files /koikatsu.html =404; } + include /etc/nginx/snippets/deny-dotfiles.conf; } server { @@ -147,6 +153,7 @@ server { location /koikatsu { try_files /koikatsu.html =404; } + include /etc/nginx/snippets/deny-dotfiles.conf; } # Wildcard catch-all — must remain last so specific subdomains take priority @@ -160,4 +167,5 @@ server { location / { return 301 https://$subdomain.nhcarrigan.com$request_uri; } + include /etc/nginx/snippets/deny-dotfiles.conf; } diff --git a/nginx/nginx/sites-available/rosalia.conf b/nginx/nginx/sites-available/rosalia.conf index 7d397f6..0f6ebdd 100644 --- a/nginx/nginx/sites-available/rosalia.conf +++ b/nginx/nginx/sites-available/rosalia.conf @@ -16,6 +16,7 @@ server { proxy_pass http://127.0.0.1:5003; proxy_redirect off; } + include /etc/nginx/snippets/deny-dotfiles.conf; } server { @@ -29,4 +30,5 @@ server { proxy_pass http://127.0.0.1:5003; proxy_redirect off; } + include /etc/nginx/snippets/deny-dotfiles.conf; } diff --git a/nginx/nginx/sites-available/scheduling.conf b/nginx/nginx/sites-available/scheduling.conf index b313404..0bbec95 100644 --- a/nginx/nginx/sites-available/scheduling.conf +++ b/nginx/nginx/sites-available/scheduling.conf @@ -6,6 +6,7 @@ server { ssl_certificate_key /etc/letsencrypt/live/cyc.nhcarrigan.com/privkey.pem; return 301 https://zcal.co/nhcarrigan/cyc; + include /etc/nginx/snippets/deny-dotfiles.conf; } server { @@ -15,6 +16,7 @@ server { ssl_certificate_key /etc/letsencrypt/live/meet.nhcarrigan.com/privkey.pem; return 301 https://zcal.co/nhcarrigan/meet; + include /etc/nginx/snippets/deny-dotfiles.conf; } server { @@ -26,4 +28,5 @@ server { location / { return 301 https://melody.nhcarrigan.com$uri$is_args$args; } + include /etc/nginx/snippets/deny-dotfiles.conf; } diff --git a/nginx/nginx/sites-available/security.conf b/nginx/nginx/sites-available/security.conf index 09d441c..1b6af59 100644 --- a/nginx/nginx/sites-available/security.conf +++ b/nginx/nginx/sites-available/security.conf @@ -12,6 +12,7 @@ server { proxy_pass http://127.0.0.1:9500; proxy_redirect off; } + include /etc/nginx/snippets/deny-dotfiles.conf; } server { @@ -36,4 +37,5 @@ server { client_max_body_size 100M; proxy_read_timeout 90; } + include /etc/nginx/snippets/deny-dotfiles.conf; } diff --git a/nginx/nginx/sites-available/support.conf b/nginx/nginx/sites-available/support.conf index 8b1f3cd..ed21f79 100644 --- a/nginx/nginx/sites-available/support.conf +++ b/nginx/nginx/sites-available/support.conf @@ -8,6 +8,7 @@ server { location / { return 301 https://discord.gg/KKe7BaEnQB; } + include /etc/nginx/snippets/deny-dotfiles.conf; } server { @@ -19,6 +20,7 @@ server { location / { return 301 https://support.nhcarrigan.com; } + include /etc/nginx/snippets/deny-dotfiles.conf; } server { @@ -44,4 +46,5 @@ server { proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } + include /etc/nginx/snippets/deny-dotfiles.conf; } diff --git a/nginx/nginx/sites-available/tarot.conf b/nginx/nginx/sites-available/tarot.conf index b4b2435..517d1ea 100644 --- a/nginx/nginx/sites-available/tarot.conf +++ b/nginx/nginx/sites-available/tarot.conf @@ -18,4 +18,5 @@ server { location / { return 403; } + include /etc/nginx/snippets/deny-dotfiles.conf; } \ No newline at end of file diff --git a/nginx/nginx/sites-available/vitalia.conf b/nginx/nginx/sites-available/vitalia.conf index 7e47f4e..2cd5a15 100644 --- a/nginx/nginx/sites-available/vitalia.conf +++ b/nginx/nginx/sites-available/vitalia.conf @@ -10,6 +10,7 @@ server { proxy_pass http://127.0.0.1:12345; proxy_redirect off; } + include /etc/nginx/snippets/deny-dotfiles.conf; } server { @@ -28,4 +29,5 @@ server { location ~* \.(js|css)$ { try_files $uri $uri/ @rewrite; } + include /etc/nginx/snippets/deny-dotfiles.conf; } diff --git a/nginx/nginx/sites-available/wtf.conf b/nginx/nginx/sites-available/wtf.conf index 685b6fe..a4be5d0 100644 --- a/nginx/nginx/sites-available/wtf.conf +++ b/nginx/nginx/sites-available/wtf.conf @@ -14,4 +14,5 @@ server { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } + include /etc/nginx/snippets/deny-dotfiles.conf; } diff --git a/nginx/nginx/snippets/deny-dotfiles.conf b/nginx/nginx/snippets/deny-dotfiles.conf new file mode 100644 index 0000000..b1f8b24 --- /dev/null +++ b/nginx/nginx/snippets/deny-dotfiles.conf @@ -0,0 +1,4 @@ +# Block requests for dotfiles (e.g. .gitconfig, .env, .git/). +location ~ /\. { + return 403; +}