theraw/The-World-Is-Yours
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Service adjustments
build-and-publish / build (debian:13, NEXUS_PASS_TRIXIE, NEXUS_REPO_TRIXIE, NEXUS_USER_TRIXIE, trixie) (push) Successful in 3m42s
Details
build-and-publish / build (ubuntu:26.04, NEXUS_PASS_RACCOON, NEXUS_REPO_RACCOON, NEXUS_USER_RACCOON, raccoon) (push) Successful in 3m19s
Details

Browse Source
This commit is contained in:
root
2026-05-20 04:47:34 +00:00
parent a8966ac108
commit 61d2ca2df8
4 changed files with 18 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+4
View File
@@ -13,6 +13,10 @@
## Easy install ## Easy install
## CAREFUL
Raweb-nginx uses custom .service that limits system visibility for security reasons, basically you need to store your data on /hostdata, or /srv, if you use custom folders then you have to edit the service, for more details check : https://github.com/theraw/The-World-Is-Yours/blob/master/static/Trixie/nginx.service
### Debian 13 (trixie) ### Debian 13 (trixie)
```bash ```bash
sudo install -d /etc/apt/keyrings sudo install -d /etc/apt/keyrings
static/Raccoon/nginx.service
+4 -6
View File
@@ -31,12 +31,6 @@ BindReadOnlyPaths=/bin
BindReadOnlyPaths=/sbin BindReadOnlyPaths=/sbin
BindReadOnlyPaths=/etc BindReadOnlyPaths=/etc
# Read-only: vhost docroots + app projects. Add a new line here when you
# add a vhost whose root isn't under one of these parents.
BindReadOnlyPaths=/raweb
BindReadOnlyPaths=/srv
BindReadOnlyPaths=/hostdata
# Read-write: nginx runtime state. # Read-write: nginx runtime state.
# /run nginx.pid, nginx.lock, /run/nginx/temp/*, PHP-FPM sock # /run nginx.pid, nginx.lock, /run/nginx/temp/*, PHP-FPM sock
# /var/log/nginx access.log, error.log # /var/log/nginx access.log, error.log
@@ -44,6 +38,10 @@ BindReadOnlyPaths=/hostdata
BindPaths=/run BindPaths=/run
BindPaths=/var/log/nginx BindPaths=/var/log/nginx
BindPaths=/nginx BindPaths=/nginx
BindPaths=/var/cache/nginx
BindPaths=/srv
BindPaths=/hostdata
BindPaths=/raweb
NoNewPrivileges=true NoNewPrivileges=true
ProtectKernelTunables=true ProtectKernelTunables=true
static/Trixie/nginx.service
+4 -6
View File
@@ -31,12 +31,6 @@ BindReadOnlyPaths=/bin
BindReadOnlyPaths=/sbin BindReadOnlyPaths=/sbin
BindReadOnlyPaths=/etc BindReadOnlyPaths=/etc
# Read-only: vhost docroots + app projects. Add a new line here when you
# add a vhost whose root isn't under one of these parents.
BindReadOnlyPaths=/raweb
BindReadOnlyPaths=/srv
BindReadOnlyPaths=/hostdata
# Read-write: nginx runtime state. # Read-write: nginx runtime state.
# /run nginx.pid, nginx.lock, /run/nginx/temp/*, PHP-FPM sock # /run nginx.pid, nginx.lock, /run/nginx/temp/*, PHP-FPM sock
# /var/log/nginx access.log, error.log # /var/log/nginx access.log, error.log
@@ -44,6 +38,10 @@ BindReadOnlyPaths=/hostdata
BindPaths=/run BindPaths=/run
BindPaths=/var/log/nginx BindPaths=/var/log/nginx
BindPaths=/nginx BindPaths=/nginx
BindPaths=/var/cache/nginx
BindPaths=/srv
BindPaths=/hostdata
BindPaths=/raweb
NoNewPrivileges=true NoNewPrivileges=true
ProtectKernelTunables=true ProtectKernelTunables=true
static/nginx/nginx.conf
+6 -1
View File
@@ -21,7 +21,12 @@ http {
# =================== END L7 =========================== # # =================== END L7 =========================== #
# ===================== LOGS =========================== # # ===================== LOGS =========================== #
log_format main 'DATE: $time_local FROM: $remote_addr | STATUS: $status | TO: $request | CACHE: $upstream_cache_status | A: $http_user_agent'; map $upstream_cache_status $log_cache_status {
"" "STATIC";
default $upstream_cache_status;
}
more_set_headers "X-Cache-Status: $log_cache_status";
log_format main 'DATE: $time_local FROM: $remote_addr | STATUS: $status | TO: $request | CACHE: $log_cache_status | A: $http_user_agent';
# =================== END LOGS ========================= # # =================== END LOGS ========================= #
# ==================== GENERAL ========================= # # ==================== GENERAL ========================= #