diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2020-05-16 00:52:10 +0200 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2020-05-16 01:30:44 +0200 |
| commit | e43ef0c7b9490ece68af38f8a658ad8a710e4e37 (patch) | |
| tree | f9dedcfa6dee7cfe280aedf10695e73f9ce69962 /roles/common-web/files/etc/nginx/snippets | |
| parent | 38c697083d50764d833adc039b10b203d36c8f56 (diff) | |
Nextcloud: use dedicated user and PHP FPM pool.
There is a real security gain in not using the 'www-data' user: nginx
workers can't read Nextcloud config files and data directory, so should
our nginx configuration be insecure a leak is much less likely.
Diffstat (limited to 'roles/common-web/files/etc/nginx/snippets')
| -rw-r--r-- | roles/common-web/files/etc/nginx/snippets/fastcgi-php.conf | 1 |
1 files changed, 0 insertions, 1 deletions
diff --git a/roles/common-web/files/etc/nginx/snippets/fastcgi-php.conf b/roles/common-web/files/etc/nginx/snippets/fastcgi-php.conf index 48ebc63..f82bc5d 100644 --- a/roles/common-web/files/etc/nginx/snippets/fastcgi-php.conf +++ b/roles/common-web/files/etc/nginx/snippets/fastcgi-php.conf @@ -1,14 +1,13 @@ # regex to split $uri to $fastcgi_script_name and $fastcgi_path fastcgi_split_path_info ^(.+?\.php)(/.*)$; # Check that the PHP script exists before passing it try_files $fastcgi_script_name =404; # Bypass the fact that try_files resets $fastcgi_path_info # see: http://trac.nginx.org/nginx/ticket/321 set $path_info $fastcgi_path_info; fastcgi_param PATH_INFO $path_info; fastcgi_index index.php; include snippets/fastcgi.conf; -fastcgi_pass unix:/run/php/php7.3-fpm.sock; |