<adm achievement 6. Configuration Nginx Complète>
++++code php|
<code php>
server {
    listen 80;
    server_name wiki.votre-domaine.com;
    root /var/www/dokuwiki;
    index index.php;
    
    # Sécurité générale
    add_header X-Content-Type-Options nosniff;
    add_header X-Frame-Options SAMEORIGIN;
    add_header X-XSS-Protection "1; mode=block";
    
    # DokuWiki principal
    location / {
        try_files $uri $uri/ @dokuwiki;
    }
    
    location @dokuwiki {
        fastcgi_pass unix:/var/run/php/php-fpm.sock;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root/index.php;
        fastcgi_param HTTPS off;
    }
    
    # Protection des fichiers sensibles
    location ~* ^/(conf|inc|lib|data)/.*$ {
        deny all;
        return 403;
    }
    
    # Protection des scripts bash
    location ~* \.sh$ {
        deny all;
        return 403;
    }
    
    # Rate limiting pour l'exécution de scripts
    limit_req_zone $binary_remote_addr zone=bashexec:10m rate=5r/m;
    
    location /lib/plugins/bashexec/ {
        limit_req zone=bashexec burst=2 nodelay;
        fastcgi_pass unix:/var/run/php/php-fpm.sock;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root/index.php;
    }
    
    # Logs spécifiques
    access_log /var/log/nginx/dokuwiki-bashexec.log;
}
</code>
++++
</adm>