After some medium-difficoulty transitions in part 1 and part 2, here some easy ones:
phpMyAdmin: take the basics from one of the two other blog posts (see above) without location directives. For “location /” set the document root and copy the “location ~ \.php” from the config of one of the parts above. Done.
TT-RSS: take the config like for phpMyAdmin and add (assuming it is in the root of the server, else you have to add the path in the front of the location)
location ^~ /(utils|templates|schema|cache|lock|locale|classes) {deny all;}
Allow client-side caching for static content:
location ~* \.(?:jpe?g|gif|png|ico|cur|gz|bz2|xz|tbz|tgz|txz|svg|svgz|mp4|ogg|ogv|webm|htc|css|js|
pdf|zip|rar|tar|txt|conf)$ {
try_files $uri =404;
expires 1w; # If you are not a big site,
# and don't change static content often,
# 1 week is not bad.
access_log off; # If you don't need the logs
add_header Cache-Control "public";
}
Security: Despite the fact that the docs I’ve read tell that no-SSLv3 is the default, the first setting makes a difference (tested via SSLlabs’ SSLtest).
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # No SSLv 2/3ssl_dhparam /path/to/dhparams.pem; # generate via "openssl dhparam -out /path/to/dhparams.pem 2048"