... | ... | @@ -119,3 +119,89 @@ Copied `sql/civicrm.mysql` from a Drupal8 codebase, then: |
|
|
cat vendor/civicrm/civicrm-core/sql/civicrm.mysql | mysql -u civitest -p civitest
|
|
|
cat vendor/civicrm/civicrm-core/sql/civicrm_generated.mysql | mysql -u civitest -p civitest
|
|
|
```
|
|
|
|
|
|
# Example nginx vhost
|
|
|
|
|
|
(adapt to your environment)
|
|
|
|
|
|
```
|
|
|
server {
|
|
|
listen *:80;
|
|
|
listen [::]:80;
|
|
|
server_name test.example.org;
|
|
|
root /var/www/standalone/web/;
|
|
|
|
|
|
location ^~ /.well-known/acme-challenge {
|
|
|
alias /var/www/dehydrated/;
|
|
|
try_files $uri 404;
|
|
|
}
|
|
|
|
|
|
# Redirect to main GERT site
|
|
|
location / {
|
|
|
return 301 https://test.example.org$uri;
|
|
|
}
|
|
|
}
|
|
|
|
|
|
server {
|
|
|
listen *:443 ssl;
|
|
|
listen [::]:443 ssl;
|
|
|
server_name test.example.org;
|
|
|
root /var/www/standalone/web/;
|
|
|
|
|
|
ssl_certificate /etc/dehydrated/keys/test.example.org/fullchain.pem;
|
|
|
ssl_certificate_key /etc/dehydrated/keys/test.example.org/privkey.pem;
|
|
|
|
|
|
ssl_protocols TLSv1.2;
|
|
|
ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA256:ECDHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS;
|
|
|
ssl_prefer_server_ciphers on;
|
|
|
|
|
|
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
|
|
|
add_header X-Frame-Options SAMEORIGIN;
|
|
|
|
|
|
# Enable compression, this will help if you have for instance advagg module
|
|
|
# by serving Gzip versions of the files.
|
|
|
gzip_static on;
|
|
|
|
|
|
# Support for letsencrypt.org per https://tools.ietf.org/html/rfc5785.
|
|
|
location ^~ /.well-known/acme-challenge {
|
|
|
alias /var/www/dehydrated/;
|
|
|
try_files $uri 404;
|
|
|
}
|
|
|
|
|
|
location = /favicon.ico {
|
|
|
log_not_found off;
|
|
|
access_log off;
|
|
|
}
|
|
|
|
|
|
location ~* \.(log|sql|sql.gz)$ {
|
|
|
return 404;
|
|
|
}
|
|
|
|
|
|
location ~ \..*/.*\.php$ {
|
|
|
return 404;
|
|
|
}
|
|
|
|
|
|
# Block access to "hidden" files and directories whose names begin with a
|
|
|
# period. This includes '.git'.
|
|
|
location ~ (^|/)\. {
|
|
|
return 404;
|
|
|
}
|
|
|
|
|
|
location / {
|
|
|
try_files $uri $uri/ /index.php?$args;
|
|
|
}
|
|
|
|
|
|
location ~ \.php$ {
|
|
|
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
|
|
fastcgi_pass unix:/var/run/php/php8.0-fpm.sock;
|
|
|
fastcgi_index index.php;
|
|
|
fastcgi_buffer_size 128k;
|
|
|
fastcgi_buffers 256 4k;
|
|
|
fastcgi_busy_buffers_size 256k;
|
|
|
fastcgi_temp_file_write_size 256k;
|
|
|
include fastcgi_params;
|
|
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
|
|
}
|
|
|
}
|
|
|
|
|
|
``` |
|
|
\ No newline at end of file |