6. Configuration Nginx Complète
code php
server {
listen 80;
server_name wiki.votre-domaine.com;
root /var/www/dokuwiki;
index index.php;
# Sécurité générale
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options SAMEORIGIN;
add_header X-XSS-Protection "1; mode=block";
# DokuWiki principal
location / {
try_files $uri $uri/ @dokuwiki;
}
location @dokuwiki {
fastcgi_pass unix:/var/run/php/php-fpm.sock;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root/index.php;
fastcgi_param HTTPS off;
}
# Protection des fichiers sensibles
location ~* ^/(conf|inc|lib|data)/.*$ {
deny all;
return 403;
}
# Protection des scripts bash
location ~* \.sh$ {
deny all;
return 403;
}
# Rate limiting pour l'exécution de scripts
limit_req_zone $binary_remote_addr zone=bashexec:10m rate=5r/m;
location /lib/plugins/bashexec/ {
limit_req zone=bashexec burst=2 nodelay;
fastcgi_pass unix:/var/run/php/php-fpm.sock;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root/index.php;
}
# Logs spécifiques
access_log /var/log/nginx/dokuwiki-bashexec.log;
}
