| Server IP : 80.87.202.40 / Your IP : 216.73.216.169 Web Server : Apache System : Linux rospirotorg.ru 5.14.0-539.el9.x86_64 #1 SMP PREEMPT_DYNAMIC Thu Dec 5 22:26:13 UTC 2024 x86_64 User : bitrix ( 600) PHP Version : 8.2.27 Disable Function : NONE MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : OFF | Sudo : ON | Pkexec : ON Directory : /var/lib/letsencrypt/backups/1741164038.1322656/ |
Upload File : |
#
# Main configuration file for site with Bitrix CMS.
# It doesn't contain configuration for .php and /
# as their treatment depends on the type of caching on the site:
# - general cache - default option
# - composite cache + file - can be enabled in the menu
# - composite cache + memcached - can be enabled in the menu
#
# Assign error handler
include bx/conf/errors.conf;
# Include im subscrider handlers
include bx/conf/im_subscrider.conf;
# Deny external access to critical areas
include bx/conf/bitrix_block.conf;
# Fix xss on svg files in /upload/*
location ~* ^/upload/.+\.svg$ {
add_header Content-Security-Policy "default-src 'none'; style-src 'unsafe-inline'; sandbox";
}
# Intenal locations
location ^~ /upload/support/not_image {
internal;
}
# scale location
include bx/conf/bitrix_scale.conf;
# Cache location: composite and general site
location ~* @.*\.html$ {
internal;
# disable browser cache, php manage file
expires -1y;
add_header X-Bitrix-Composite "Nginx (file)";
}
# Player options, disable no-sniff
location ~* ^/bitrix/components/bitrix/player/mediaplayer/player$ {
add_header Access-Control-Allow-Origin *;
}
# Process dav request on
# main company
# extranet
# additional departments
# locations that ends with / => directly to apache
location ~ ^(/[^/]+)?(/docs|/workgroups|/company/profile|/bitrix/tools|/company/personal/user|/mobile/webdav|/contacts/personal).*/$ {
proxy_pass $proxyserver;
}
# Add / to request
location ~ ^(/[^/]+)?(/docs|/workgroups|/company/profile|/bitrix/tools|/company/personal/user|/mobile/webdav|/contacts/personal) {
set $addslash "";
if (-d $request_filename) {
set $addslash "${addslash}Y";
}
if ($is_args != '?') {
set $addslash "${addslash}Y";
}
if ($addslash = "YY" ) {
proxy_pass $proxyserver$request_uri/;
}
proxy_pass $proxyserver;
}
# Accept access for merged css and js
location ~* ^/bitrix/cache/(css/.+\.css|js/.+\.js)$ {
expires 30d;
error_page 404 /404.html;
}
# Disable access for other assets in cache location
location ~* ^/bitrix/cache {
deny all;
}
# Excange and Outlook
location ~ ^/bitrix/tools/ws_.*/_vti_bin/.*\.asmx$ {
proxy_pass $proxyserver;
}
# Groupdav
location ^~ /bitrix/groupdav.php {
proxy_pass $proxyserver;
}
# Use nginx to return static content from s3 cloud storage
# /upload/bx_cloud_upload/<schema>.<backet_name>.<s3_point>.amazonaws.com/<path/to/file>
location ^~ /upload/bx_cloud_upload/ {
# Amazon
location ~ ^/upload/bx_cloud_upload/(http[s]?)\.([^/:\s]+)\.(s3|af-south-1|ap-east-1|ap-south-1|ap-south-2|ap-southeast-1|ap-southeast-2|ap-southeast-3|ap-southeast-4|ap-northeast-1|ap-northeast-2|ap-northeast-3|ca-central-1|ca-west-1|cn-north-1|cn-northwest-1|eu-central-1|eu-central-2|eu-west-1|eu-west-2|eu-west-3|eu-south-1|eu-south-2|eu-north-1|il-central-1|me-south-1|me-central-1|sa-east-1|us-east-1|us-east-2|us-west-1|us-west-2|us-gov-east-1|us-gov-west-1)\.amazonaws\.com/([^\s]+)$ {
internal;
resolver 8.8.8.8 ipv6=off;
proxy_method GET;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Server $host;
#proxy_max_temp_file_size 0;
more_clear_input_headers 'Authorization';
proxy_set_header "cookie" "";
proxy_set_header "content-type" "";
proxy_set_header "content-length" "";
proxy_pass $1://$2.$3.amazonaws.com/$4;
}
# Rackspace
location ~ ^/upload/bx_cloud_upload/(http[s]?)\.([^/:\s]+)\.([^/:\s]+)\.([^/:\s]+)\.rackcdn\.com/([^\s]+)$ {
internal;
resolver 8.8.8.8 ipv6=off;
proxy_method GET;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Server $host;
more_clear_input_headers 'Authorization';
proxy_set_header "cookie" "";
proxy_set_header "content-type" "";
proxy_set_header "content-length" "";
#proxy_max_temp_file_size 0;
proxy_pass $1://$2.$3.$4.rackcdn.com/$5;
}
# Clodo
location ~ ^/upload/bx_cloud_upload/(http[s]?)\.([^/:\s]+)\.clodo\.ru\:(80|443)/([^\s]+)$ {
internal;
resolver 8.8.8.8 ipv6=off;
proxy_method GET;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Server $host;
more_clear_input_headers 'Authorization';
proxy_set_header "cookie" "";
proxy_set_header "content-type" "";
proxy_set_header "content-length" "";
#proxy_max_temp_file_size 0;
proxy_pass $1://$2.clodo.ru:$3/$4;
}
# Google
location ~ ^/upload/bx_cloud_upload/(http[s]?)\.([^/:\s]+)\.commondatastorage\.googleapis\.com/([^\s]+)$ {
internal;
resolver 8.8.8.8 ipv6=off;
proxy_method GET;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Server $host;
more_clear_input_headers 'Authorization';
proxy_set_header "cookie" "";
proxy_set_header "content-type" "";
proxy_set_header "content-length" "";
#proxy_max_temp_file_size 0;
proxy_pass $1://$2.commondatastorage.googleapis.com/$3;
}
# Selectel
location ~ ^/upload/bx_cloud_upload/(http[s]?)\.([^/:\s]+)\.selcdn\.ru/([^\s]+)$ {
internal;
resolver 8.8.8.8 ipv6=off;
proxy_method GET;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Server $host;
more_clear_input_headers 'Authorization';
proxy_set_header "cookie" "";
proxy_set_header "content-type" "";
proxy_set_header "content-length" "";
#proxy_max_temp_file_size 0;
proxy_pass $1://$2.selcdn.ru/$3;
}
# Selectel as S3 compatible storage
location ~ ^/upload/bx_cloud_upload/(http[s]?)\.([^/:\s]+)\.selstorage\.ru/([^\s]+)$ {
internal;
resolver 8.8.8.8 ipv6=off;
proxy_method GET;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Server $host;
more_clear_input_headers 'Authorization';
proxy_set_header "cookie" "";
proxy_set_header "content-type" "";
proxy_set_header "content-length" "";
#proxy_max_temp_file_size 0;
proxy_pass $1://$2.selstorage.ru/$3;
}
# Yandex
location ~ ^/upload/bx_cloud_upload/(http[s]?)\.([^/:\s]+)\.storage\.yandexcloud\.net/([^\s]+)$ {
internal;
resolver 8.8.8.8 ipv6=off;
proxy_method GET;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Server $host;
more_clear_input_headers 'Authorization';
proxy_set_header "cookie" "";
proxy_set_header "content-type" "";
proxy_set_header "content-length" "";
#proxy_max_temp_file_size 0;
proxy_pass $1://$2.storage.yandexcloud.net/$3;
}
# Yandex second option
location ~ ^/upload/bx_cloud_upload/(http[s]?)\.storage\.yandexcloud\.net/([^\s].+)$ {
internal;
resolver 8.8.8.8 ipv6=off;
proxy_method GET;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Server $host;
more_clear_input_headers 'Authorization';
#proxy_max_temp_file_size 0;
proxy_set_header "cookie" "";
proxy_set_header "content-type" "";
proxy_set_header "content-length" "";
proxy_pass $1://storage.yandexcloud.net/$2;
}
# HotBox
location ~ ^/upload/bx_cloud_upload/(http[s]?)\.([^/:\s]+)\.hb\.bizmrg\.com/([^\s]+)$ {
internal;
resolver 8.8.8.8 ipv6=off;
proxy_method GET;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Server $host;
more_clear_input_headers 'Authorization';
#proxy_max_temp_file_size 0;
proxy_set_header "cookie" "";
proxy_set_header "content-type" "";
proxy_set_header "content-length" "";
proxy_pass $1://$2.hb.bizmrg.com/$3;
}
# HotBox
location ~ ^/upload/bx_cloud_upload/(http[s]?)\.hb\.bizmrg\.com/([^\s].+)$ {
internal;
resolver 8.8.8.8 ipv6=off;
proxy_method GET;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Server $host;
more_clear_input_headers 'Authorization';
#proxy_max_temp_file_size 0;
proxy_set_header "cookie" "";
proxy_set_header "content-type" "";
proxy_set_header "content-length" "";
proxy_pass $1://hb.bizmrg.com/$2;
}
# Clodo.ru
location ~ ^/upload/bx_cloud_upload/(http[s]?)\.([^/:\s]+)\.clodo\.ru/([^\s]+)$ {
internal;
resolver 8.8.8.8 ipv6=off;
proxy_method GET;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Server $host;
more_clear_input_headers 'Authorization';
#proxy_max_temp_file_size 0;
proxy_set_header "cookie" "";
proxy_set_header "content-type" "";
proxy_set_header "content-length" "";
proxy_pass $1://$2.clodo.ru/$3;
}
location ~* .*$ {
deny all;
}
}
# Static content
location ~* ^/(upload|bitrix/images|bitrix/tmp) {
if ( $upstream_http_x_accel_redirect = '' ) {
expires 30d;
}
}
location ~* \.(css|js|gif|png|jpg|jpeg|ico|ogg|ttf|woff|eot|otf|svg|woff2|mp3|mp4|avi|flv|tar|gz|zip|rar|map|wav|7z)$ {
error_page 404 /404.html;
expires 30d;
}
# Nginx server status page
location ^~ /nginx-status {
stub_status on;
allow 127.0.0.0/24;
deny all;
}
# pub & online
# telephony and voximplant
location ~* ^/(pub/|online/|services/telephony/info_receiver.php|/bitrix/tools/voximplant/) {
add_header X-Frame-Options '' always;
location ~* ^/(pub/imconnector/|pub/imbot.php|services/telephony/info_receiver.php|bitrix/tools/voximplant/) {
proxy_ignore_client_abort on;
proxy_pass $proxyserver;
}
proxy_pass $proxyserver;
}
# Bitrix setup script
location ^~ ^(/bitrixsetup\.php)$ {
proxy_pass $proxyserver;
proxy_buffering off;
}