feat: add some Nginx Config Templates (#233)

Author: sanvu88

template/block/drupal_security.conf

@@ -0,0 +1,17 @@
+# Nginx UI Template Start
+name = "Drupal Security"
+author = "@sanvu88"
+description = { en = "Drupal Security Config", vi_VN = "Cấu hình bảo mật cho Drupal"}
+# Nginx UI Template End
+
+location ~ ((^|/)\.|^.*\.yml$|^/sites/.*/private/|^/sites/[^/]+/[^/]*settings.*\.php$) {
+    return 444;
+}
+
+location ~ ^/sites/[^/]+/files/.*\.php$ {
+    return 444;
+}
+
+location ~ /vendor/.*\.php$ {
+    return 444;
+}

template/block/joomla_security.conf

@@ -0,0 +1,9 @@
+# Nginx UI Template Start
+name = "Joomla Security"
+author = "@sanvu88"
+description = { en = "Joomla Security Config", vi_VN = "Cấu hình bảo mật cho Joomla"}
+# Nginx UI Template End
+
+location ~* /(images|cache|media|logs|tmp)/.*\.(gz|tar|bzip2|7z|php|php5|php7|log|error|py|pl|kid|love|cgi|shtml|phps|pht|jsp|asp|sh|bash)$ {
+    return     444;
+}

template/block/security_headers.conf

@@ -0,0 +1,12 @@
+# Nginx UI Template Start
+name = "Nginx Security Headers"
+author = "@sanvu88"
+description = { en = "Nginx Security Headers Config", vi_VN = "Cấu hình Headers tăng cường bảo mật"}
+# Nginx UI Template End
+
+add_header X-XSS-Protection          "1; mode=block" always;
+add_header X-Content-Type-Options    "nosniff" always;
+add_header Referrer-Policy           "no-referrer-when-downgrade" always;
+add_header Content-Security-Policy   "default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';" always;
+add_header Permissions-Policy        "interest-cohort=()" always;
+add_header X-Frame-Options "SAMEORIGIN";

template/block/wordpress_security.conf

@@ -0,0 +1,104 @@
+# Nginx UI Template Start
+name = "WordPress Security"
+author = "@sanvu88"
+description = { en = "WordPress Security Config", vi_VN = "Cấu hình bảo mật cho WordPress"}
+
+[variables.blockUserAPI]
+type = "boolean"
+name = { en = "Block WordPress User API", vi_VN = "Chặn truy cập danh sách user"}
+value = true
+
+[variables.blockXMLRPC]
+type = "boolean"
+name = { en = "Block WordPress XMLRPC", vi_VN = "Chặn truy cập xmlrpc.php"}
+value = true
+# Nginx UI Template End
+
+{{- if .blockUserAPI }}
+location ~* /wp-json/wp/v2/users {
+    return 444;
+}
+{{- end }}
+
+{{- if .blockXMLRPC }}
+location = /xmlrpc.php {
+    return 444;
+}
+{{- end }}
+
+location ~* wp-admin/includes { return 444; }
+location ~* wp-includes/theme-compat { return 444; }
+
+location /wp-includes/ {
+    location ~ \.(gz|tar|bzip2|7z|php|php5|php7|log|error|py|pl|kid|love|cgi|shtml|phps|pht|jsp|asp|sh|bash)$ {
+        access_log off;
+        log_not_found off;
+        return 444;
+    }
+}
+
+location /wp-content/uploads/ {
+    location ~ \.(gz|tar|bzip2|7z|php|php5|php7|log|error|py|pl|kid|love|cgi|shtml|phps|pht|jsp|asp|sh|bash)$ {
+        access_log off;
+        log_not_found off;
+        return 444;
+    }
+}
+
+location /wp-content/cache/ {
+    location ~ \.(php|php5|php7|log|error|py|pl|kid|love|cgi|shtml|phps|pht|jsp|asp|sh|bash)$ {
+        access_log off;
+        log_not_found off;
+        return 444;
+    }
+}
+
+location /wp-content/plugins/ {
+  location ~ \.(htm|shtml|php|swf|phps|pht|log|error|py|pl|kid|love|cgi|jsp|asp|sh|bash)$ {
+    access_log off;
+    log_not_found off;
+    return 444;
+  }
+}
+
+location /wp-content/plugins/onesignal-free-web-push-notifications/ {
+    access_log off;
+    log_not_found off;
+    allow all;
+}
+
+location /wp-content/updraft/ {
+    access_log off;
+    log_not_found off;
+    return 444;
+}
+
+location /wp-content/backups-dup-pro/ {
+    access_log off;
+    log_not_found off;
+    return 444;
+}
+
+location /wp-snapshots/ {
+    access_log off;
+    log_not_found off;
+    return 444;
+}
+
+location /wp-content/uploads/sucuri/ {
+    access_log off;
+    log_not_found off;
+    return 444;
+}
+
+location /wp-content/uploads/nginx-helper/ {
+    access_log off;
+    log_not_found off;
+    return 444;
+}
+
+location ~* ^/(?:wp-links-opml\.php|wp-config\.php|wp-config-sample\.php|readme\.html|license\.txt)$ {
+    access_log off;
+    log_not_found off;
+    return 444;
+}