From 55b3d5f08812145578f00fbe6e921685a56cf836 Mon Sep 17 00:00:00 2001 From: Jester Date: Mon, 19 Jan 2026 08:35:00 +0300 Subject: [PATCH 1/7] init --- README.md | 52 --------------- api/check_auth.php | 15 +++++ api/login.php | 37 +++++++++++ api/logout.php | 5 ++ auth/api/check.php | 44 ------------- auth/api/login.php | 87 ------------------------ auth/config.php | 19 ------ auth/config_nas.php | 19 ------ auth/db.php | 17 ----- auth/demo.html | 24 ------- auth/guard.js | 35 ---------- auth/guard.php | 46 ------------- auth/logger.php | 30 --------- auth/login.html | 55 ---------------- auth/login.js | 64 ------------------ auth/rate_limit.php | 55 ---------------- auth/styles.css | 117 --------------------------------- auth/util.php | 53 --------------- config/db.php | 16 +++++ db/schema.sql | 32 --------- docker-pack/Dockerfile | 7 -- docker-pack/README.md | 56 ---------------- docker-pack/docker-compose.yml | 24 ------- docker-pack/seed.sql | 5 -- index.html | 36 ++++++++++ js/auth.js | 58 ++++++++++++++++ login.html | 16 +++++ 27 files changed, 183 insertions(+), 841 deletions(-) delete mode 100644 README.md create mode 100644 api/check_auth.php create mode 100644 api/login.php create mode 100644 api/logout.php delete mode 100644 auth/api/check.php delete mode 100644 auth/api/login.php delete mode 100644 auth/config.php delete mode 100644 auth/config_nas.php delete mode 100644 auth/db.php delete mode 100644 auth/demo.html delete mode 100644 auth/guard.js delete mode 100644 auth/guard.php delete mode 100644 auth/logger.php delete mode 100644 auth/login.html delete mode 100644 auth/login.js delete mode 100644 auth/rate_limit.php delete mode 100644 auth/styles.css delete mode 100644 auth/util.php create mode 100644 config/db.php delete mode 100644 db/schema.sql delete mode 100644 docker-pack/Dockerfile delete mode 100644 docker-pack/README.md delete mode 100644 docker-pack/docker-compose.yml delete mode 100644 docker-pack/seed.sql create mode 100644 index.html create mode 100644 js/auth.js create mode 100644 login.html diff --git a/README.md b/README.md deleted file mode 100644 index 175e84d..0000000 --- a/README.md +++ /dev/null @@ -1,52 +0,0 @@ -# Auth Form (PHP drop-in) - -Современная форма авторизации с проверкой доступа к сайту через MariaDB. -Файлы можно копировать прямо в папку существующего сайта. - -## Требования - -- PHP 7.4+ (mysqli, sessions) -- MariaDB - -## Установка - -1. Создайте базу и таблицы: - - Запустите SQL из `db/schema.sql` -2. Заполните подключение к БД: - - Отредактируйте `auth/config.php` -3. Добавьте пользователя и доступ: - - `INSERT INTO users (login, password_hash) VALUES ('demo', '');` - - `INSERT INTO user_access (user_id, site_key) VALUES (1, 'example.com');` - -## Хэш пароля - -Создать bcrypt-хэш можно так: - -```php - - -``` - -3. Главную страницу не защищайте — вход находится в `/auth/login.html`. -4. Если страницы могут быть PHP, используйте серверную защиту: - -```php - true, + 'user' => [ + 'id' => $_SESSION['user_id'], + 'username' => $_SESSION['username'] + ] + ]); +} else { + echo json_encode(['isLoggedIn' => false]); +} +?> \ No newline at end of file diff --git a/api/login.php b/api/login.php new file mode 100644 index 0000000..9b6d139 --- /dev/null +++ b/api/login.php @@ -0,0 +1,37 @@ +prepare("SELECT * FROM users WHERE username = ?"); + $stmt->execute([$login]); + $user = $stmt->fetch(PDO::FETCH_ASSOC); + + if ($user && password_verify($password, $user['password_hash'])) { + // Успешная авторизация + session_start(); + $_SESSION['user_id'] = $user['id']; + $_SESSION['username'] = $user['username']; + + echo json_encode([ + 'success' => true, + 'message' => 'Вход выполнен успешно', + 'user' => [ + 'id' => $user['id'], + 'username' => $user['username'], + ] + ]); + } else { + echo json_encode(['success' => false, 'message' => 'Неверные учетные данные']); + } +} +?> diff --git a/api/logout.php b/api/logout.php new file mode 100644 index 0000000..829c135 --- /dev/null +++ b/api/logout.php @@ -0,0 +1,5 @@ + true]); +?> \ No newline at end of file diff --git a/auth/api/check.php b/auth/api/check.php deleted file mode 100644 index ddf0eae..0000000 --- a/auth/api/check.php +++ /dev/null @@ -1,44 +0,0 @@ - $clientIp, - "siteKey" => $siteKey, - "status" => "invalid_payload", - ]); - auth_json_response(400, ["ok" => false, "message" => "Неверные данные."]); -} - -$userId = (int) ($_SESSION["auth_user_id"] ?? 0); -if ($userId <= 0) { - auth_json_response(401, ["ok" => false, "message" => "Требуется вход."]); -} - -$db = auth_get_db(); -$stmt = $db->prepare("SELECT 1 FROM user_access WHERE user_id = ? AND site_key = ? LIMIT 1"); -$stmt->bind_param("is", $userId, $siteKey); -$stmt->execute(); -$result = $stmt->get_result(); -$hasAccess = $result && $result->num_rows > 0; -$stmt->close(); - -if (!$hasAccess) { - auth_log_event([ - "ip" => $clientIp, - "userId" => $userId, - "siteKey" => $siteKey, - "status" => "access_denied", - ]); - auth_json_response(403, ["ok" => false, "message" => "Нет доступа."]); -} - -auth_json_response(200, ["ok" => true]); diff --git a/auth/api/login.php b/auth/api/login.php deleted file mode 100644 index 2c66d68..0000000 --- a/auth/api/login.php +++ /dev/null @@ -1,87 +0,0 @@ - $clientIp, - "login" => $login, - "siteKey" => $siteKey, - "status" => "invalid_payload", - ]); - auth_json_response(400, ["ok" => false, "message" => "Неверные данные."]); -} - -$rate = auth_check_rate_limit($clientIp); -if ($rate["limited"]) { - auth_log_event([ - "ip" => $clientIp, - "login" => $login, - "siteKey" => $siteKey, - "status" => "rate_limited", - ]); - header("Retry-After: " . (string) $rate["retry_after"]); - auth_json_response(429, ["ok" => false, "message" => "Слишком много попыток. Попробуйте позже."]); -} - -$db = auth_get_db(); -$stmt = $db->prepare("SELECT id, password_hash FROM users WHERE login = ? LIMIT 1"); -$stmt->bind_param("s", $login); -$stmt->execute(); -$result = $stmt->get_result(); -$row = $result ? $result->fetch_assoc() : null; -$stmt->close(); - -$hash = $row["password_hash"] ?? password_hash("invalid_password", PASSWORD_BCRYPT); -$passwordOk = password_verify($password, $hash); - -if (!$row || !$passwordOk) { - auth_log_event([ - "ip" => $clientIp, - "login" => $login, - "siteKey" => $siteKey, - "status" => "invalid_credentials", - ]); - auth_json_response(401, ["ok" => false, "message" => "Неверный логин или пароль."]); -} - -$stmt = $db->prepare("SELECT 1 FROM user_access WHERE user_id = ? AND site_key = ? LIMIT 1"); -$stmt->bind_param("is", $row["id"], $siteKey); -$stmt->execute(); -$accessResult = $stmt->get_result(); -$hasAccess = $accessResult && $accessResult->num_rows > 0; -$stmt->close(); - -if (!$hasAccess) { - auth_log_event([ - "ip" => $clientIp, - "login" => $login, - "siteKey" => $siteKey, - "status" => "access_denied", - ]); - auth_json_response(403, ["ok" => false, "message" => "Нет доступа к этому сайту."]); -} - -$_SESSION["auth_user_id"] = (int) $row["id"]; -$_SESSION["auth_login"] = $login; -$_SESSION["auth_time"] = time(); - -auth_log_event([ - "ip" => $clientIp, - "login" => $login, - "siteKey" => $siteKey, - "status" => "success", -]); - -auth_json_response(200, ["ok" => true]); diff --git a/auth/config.php b/auth/config.php deleted file mode 100644 index ba7df4b..0000000 --- a/auth/config.php +++ /dev/null @@ -1,19 +0,0 @@ - [ - "host" => "db", - "port" => 3306, - "user" => "root", - "password" => "rootpass", - "name" => "auth_db", - ], - "rate_limit" => [ - "window_seconds" => 300, - "max_attempts" => 10, - ], - "logging" => [ - "dir" => __DIR__ . "/logs", - "file" => __DIR__ . "/logs/auth.log", - ], -]; diff --git a/auth/config_nas.php b/auth/config_nas.php deleted file mode 100644 index e2b4b75..0000000 --- a/auth/config_nas.php +++ /dev/null @@ -1,19 +0,0 @@ - [ - "host" => "127.0.0.1", - "port" => 3306, - "user" => "root", - "password" => "", - "name" => "auth_db", - ], - "rate_limit" => [ - "window_seconds" => 300, - "max_attempts" => 10, - ], - "logging" => [ - "dir" => __DIR__ . "/logs", - "file" => __DIR__ . "/logs/auth.log", - ], -]; diff --git a/auth/db.php b/auth/db.php deleted file mode 100644 index c3feb29..0000000 --- a/auth/db.php +++ /dev/null @@ -1,17 +0,0 @@ -connect_errno) { - http_response_code(500); - echo json_encode(["ok" => false, "message" => "Ошибка сервера."]); - exit; - } - - $mysqli->set_charset("utf8mb4"); - return $mysqli; -} diff --git a/auth/demo.html b/auth/demo.html deleted file mode 100644 index 02c5228..0000000 --- a/auth/demo.html +++ /dev/null @@ -1,24 +0,0 @@ - - - - - - - Демо защищенной страницы - - - - -
-
-
-

Демо защищенной страницы

-

- Если вы видите эту страницу, доступ разрешен. -

-
- Перейти к форме входа -
-
- - diff --git a/auth/guard.js b/auth/guard.js deleted file mode 100644 index d01db12..0000000 --- a/auth/guard.js +++ /dev/null @@ -1,35 +0,0 @@ -function authGetSiteKey() { - const meta = document.querySelector('meta[name="site-key"]'); - if (meta && meta.content) return meta.content.trim(); - const bodyKey = document.body?.dataset?.siteKey; - if (bodyKey) return bodyKey.trim(); - return window.location.hostname || "unknown"; -} - -function authBuildLoginUrl(siteKey) { - const current = window.location.pathname + window.location.search; - const params = new URLSearchParams({ - siteKey, - redirect: current, - }); - return `/auth/login.html?${params.toString()}`; -} - -async function authCheckAccess() { - const siteKey = authGetSiteKey(); - try { - const response = await fetch(`/auth/api/check.php?siteKey=${encodeURIComponent(siteKey)}`, { - method: "GET", - headers: { "Accept": "application/json" }, - credentials: "same-origin", - }); - - if (response.ok) return; - - window.location.href = authBuildLoginUrl(siteKey); - } catch (error) { - window.location.href = authBuildLoginUrl(siteKey); - } -} - -authCheckAccess(); diff --git a/auth/guard.php b/auth/guard.php deleted file mode 100644 index 31bb05c..0000000 --- a/auth/guard.php +++ /dev/null @@ -1,46 +0,0 @@ - auth_get_client_ip(), - "siteKey" => $siteKey, - "status" => "invalid_payload", - ]); - header("Location: /auth/login.html"); - exit; -} - -$userId = (int) ($_SESSION["auth_user_id"] ?? 0); -if ($userId <= 0) { - $redirect = $_SERVER["REQUEST_URI"] ?? "/"; - header("Location: /auth/login.html?siteKey=" . urlencode($siteKey) . "&redirect=" . urlencode($redirect)); - exit; -} - -$db = auth_get_db(); -$stmt = $db->prepare("SELECT 1 FROM user_access WHERE user_id = ? AND site_key = ? LIMIT 1"); -$stmt->bind_param("is", $userId, $siteKey); -$stmt->execute(); -$result = $stmt->get_result(); -$hasAccess = $result && $result->num_rows > 0; -$stmt->close(); - -if (!$hasAccess) { - auth_log_event([ - "ip" => auth_get_client_ip(), - "userId" => $userId, - "siteKey" => $siteKey, - "status" => "access_denied", - ]); - header("Location: /auth/login.html?siteKey=" . urlencode($siteKey)); - exit; -} diff --git a/auth/logger.php b/auth/logger.php deleted file mode 100644 index e5c6644..0000000 --- a/auth/logger.php +++ /dev/null @@ -1,30 +0,0 @@ - - - - - - - Вход - - - -
-
-
-

Добро пожаловать

-

Войдите, чтобы продолжить

-
- -
- - - - - - -
-
-
-
- - - diff --git a/auth/login.js b/auth/login.js deleted file mode 100644 index 29c6671..0000000 --- a/auth/login.js +++ /dev/null @@ -1,64 +0,0 @@ -const form = document.getElementById("login-form"); -const messageEl = document.getElementById("form-message"); - -function getSiteKey() { - const params = new URLSearchParams(window.location.search); - const urlKey = params.get("siteKey"); - if (urlKey) return urlKey.trim(); - const meta = document.querySelector('meta[name="site-key"]'); - if (meta && meta.content) return meta.content.trim(); - return window.location.hostname || "unknown"; -} - -function getRedirectUrl() { - const params = new URLSearchParams(window.location.search); - return params.get("redirect") || "/"; -} - -function setMessage(text, type) { - messageEl.textContent = text; - messageEl.classList.remove("form__message--error", "form__message--success"); - if (type === "error") messageEl.classList.add("form__message--error"); - if (type === "success") messageEl.classList.add("form__message--success"); -} - -form.addEventListener("submit", async (event) => { - event.preventDefault(); - const formData = new FormData(form); - const login = String(formData.get("login") || "").trim(); - const password = String(formData.get("password") || ""); - const siteKey = getSiteKey(); - - if (!login || !password) { - setMessage("Введите логин и пароль.", "error"); - return; - } - - setMessage("Проверяем данные...", ""); - const submitButton = form.querySelector("button[type='submit']"); - submitButton.disabled = true; - - try { - const response = await fetch("./api/login.php", { - method: "POST", - headers: { "Content-Type": "application/json" }, - body: JSON.stringify({ login, password, siteKey }), - }); - const data = await response.json().catch(() => ({})); - - if (!response.ok) { - setMessage(data?.message || "Ошибка входа.", "error"); - return; - } - - setMessage("Доступ разрешен.", "success"); - const redirect = getRedirectUrl(); - setTimeout(() => { - window.location.href = redirect; - }, 400); - } catch (error) { - setMessage("Сеть недоступна.", "error"); - } finally { - submitButton.disabled = false; - } -}); diff --git a/auth/rate_limit.php b/auth/rate_limit.php deleted file mode 100644 index 69c1c89..0000000 --- a/auth/rate_limit.php +++ /dev/null @@ -1,55 +0,0 @@ - 1, - "reset_at" => $now + $window, - ]; - - if (is_file($file)) { - $raw = @file_get_contents($file); - $decoded = $raw ? json_decode($raw, true) : null; - if (is_array($decoded) && isset($decoded["count"], $decoded["reset_at"])) { - if ($now <= (int) $decoded["reset_at"]) { - $decoded["count"] = (int) $decoded["count"] + 1; - $data = $decoded; - } - } - } - - $limited = $data["count"] > $max; - $retryAfter = max(0, $data["reset_at"] - $now); - - $payload = json_encode($data); - if ($payload !== false) { - $fh = @fopen($file, "cb+"); - if ($fh !== false) { - if (flock($fh, LOCK_EX)) { - ftruncate($fh, 0); - fwrite($fh, $payload); - fflush($fh); - flock($fh, LOCK_UN); - } - fclose($fh); - } - } - - return [ - "limited" => $limited, - "retry_after" => $retryAfter, - ]; -} diff --git a/auth/styles.css b/auth/styles.css deleted file mode 100644 index 90cb6aa..0000000 --- a/auth/styles.css +++ /dev/null @@ -1,117 +0,0 @@ -*, -*::before, -*::after { - box-sizing: border-box; -} - -body { - margin: 0; - font-family: "Inter", "Segoe UI", system-ui, -apple-system, sans-serif; - color: #0b1320; - background: radial-gradient(circle at top, #f0f4ff 0%, #e4ecff 45%, #dfe8ff 100%); - min-height: 100vh; -} - -.page { - min-height: 100vh; - display: flex; - align-items: center; - justify-content: center; - padding: 40px 16px; -} - -.card { - width: min(420px, 100%); - background: rgba(255, 255, 255, 0.75); - backdrop-filter: blur(16px); - border-radius: 20px; - padding: 32px; - box-shadow: 0 20px 60px rgba(25, 42, 80, 0.15); - border: 1px solid rgba(255, 255, 255, 0.6); -} - -.card__header { - margin-bottom: 24px; -} - -.card__header h1 { - margin: 0 0 8px; - font-size: 26px; - font-weight: 700; -} - -.card__subtitle { - margin: 0; - color: #51607a; - font-size: 14px; -} - -.form { - display: grid; - gap: 16px; -} - -.field { - display: grid; - gap: 8px; -} - -.field__label { - font-size: 13px; - color: #4c5a73; -} - -.field__input { - width: 100%; - border-radius: 12px; - border: 1px solid #d6def2; - padding: 12px 14px; - font-size: 15px; - transition: border 0.2s ease, box-shadow 0.2s ease; -} - -.field__input:focus { - outline: none; - border-color: #6f87ff; - box-shadow: 0 0 0 4px rgba(111, 135, 255, 0.2); -} - -.button { - display: inline-block; - text-decoration: none; - text-align: center; - border: none; - border-radius: 12px; - padding: 12px 16px; - font-size: 15px; - font-weight: 600; - color: #fff; - background: linear-gradient(120deg, #5b7cfa, #7b5bfa); - cursor: pointer; - transition: transform 0.2s ease, box-shadow 0.2s ease; -} - -.button:hover { - transform: translateY(-1px); - box-shadow: 0 12px 24px rgba(91, 124, 250, 0.25); -} - -.button:disabled { - cursor: not-allowed; - opacity: 0.7; - box-shadow: none; -} - -.form__message { - min-height: 20px; - font-size: 13px; - color: #4c5a73; -} - -.form__message--error { - color: #b91c1c; -} - -.form__message--success { - color: #166534; -} diff --git a/auth/util.php b/auth/util.php deleted file mode 100644 index f62a945..0000000 --- a/auth/util.php +++ /dev/null @@ -1,53 +0,0 @@ -= 3 && $len <= 64; -} - -function auth_is_valid_password(string $password): bool -{ - $len = mb_strlen($password, "UTF-8"); - return $len >= 8 && $len <= 128; -} - -function auth_is_valid_site_key(string $siteKey): bool -{ - $len = mb_strlen($siteKey, "UTF-8"); - return $len >= 3 && $len <= 255; -} diff --git a/config/db.php b/config/db.php new file mode 100644 index 0000000..2b71884 --- /dev/null +++ b/config/db.php @@ -0,0 +1,16 @@ +setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); +} catch(PDOException $e) { + die("Ошибка подключения: " . $e->getMessage()); +} +?> diff --git a/db/schema.sql b/db/schema.sql deleted file mode 100644 index a77a91e..0000000 --- a/db/schema.sql +++ /dev/null @@ -1,32 +0,0 @@ -CREATE DATABASE IF NOT EXISTS auth_db - CHARACTER SET utf8mb4 - COLLATE utf8mb4_unicode_ci; - -USE auth_db; - -CREATE TABLE IF NOT EXISTS users ( - id INT UNSIGNED NOT NULL AUTO_INCREMENT, - login VARCHAR(64) NOT NULL UNIQUE, - password_hash VARCHAR(255) NOT NULL, - created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, - PRIMARY KEY (id) -) ENGINE=InnoDB; - -CREATE TABLE IF NOT EXISTS user_access ( - id INT UNSIGNED NOT NULL AUTO_INCREMENT, - user_id INT UNSIGNED NOT NULL, - site_key VARCHAR(255) NOT NULL, - created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, - PRIMARY KEY (id), - UNIQUE KEY unique_access (user_id, site_key), - CONSTRAINT fk_user_access_user - FOREIGN KEY (user_id) REFERENCES users(id) - ON DELETE CASCADE -) ENGINE=InnoDB; - --- Пример: --- INSERT INTO users (login, password_hash) --- VALUES ('demo', '$2a$10$YOUR_BCRYPT_HASH_HERE'); --- --- INSERT INTO user_access (user_id, site_key) --- VALUES (1, 'example.com'); diff --git a/docker-pack/Dockerfile b/docker-pack/Dockerfile deleted file mode 100644 index 96ac392..0000000 --- a/docker-pack/Dockerfile +++ /dev/null @@ -1,7 +0,0 @@ -FROM php:8.2-apache - -RUN docker-php-ext-install mysqli - -RUN a2enmod rewrite headers - -WORKDIR /var/www/html diff --git a/docker-pack/README.md b/docker-pack/README.md deleted file mode 100644 index c3e4ca5..0000000 --- a/docker-pack/README.md +++ /dev/null @@ -1,56 +0,0 @@ -# Docker инструкция (Windows) - -Все файлы для Docker лежат в `docker-pack/` и не трогают текущее решение. - -## Требования - -- Docker Desktop (включите WSL2 backend) - -## Быстрый старт - -1. Перейдите в каталог: - - `cd d:\work\code\auth\docker-pack` -2. Соберите и запустите контейнеры: - - `docker compose up -d --build` -3. Откройте в браузере: - - `http://localhost:8080/auth/login.html` - -## Настройка БД - -По умолчанию MariaDB поднимается с: - -- БД: `auth_db` -- root пароль: `rootpass` - -Схема создается автоматически из `../db/schema.sql`. -Пользователь `demo` добавляется автоматически из `seed.sql`. - -### Тестовые данные - -По умолчанию создается пользователь: - -- логин: `demo` -- пароль: `demo12345` -- site_key: `localhost` - -Если нужно изменить — отредактируйте `seed.sql` и пересоздайте контейнеры: - -- `docker compose down -v` -- `docker compose up -d --build` - -## Важно про конфиг PHP - -В `auth/config.php` укажите параметры подключения: - -- host: `db` -- port: `3306` -- user: `root` -- password: `rootpass` -- name: `auth_db` - -Если хотите оставить `auth/config.php` для локальной сети, заведите отдельную копию -только для Docker и подмените ее через volume в `docker-compose.yml`. - -## Остановка - -- `docker compose down` diff --git a/docker-pack/docker-compose.yml b/docker-pack/docker-compose.yml deleted file mode 100644 index 24e4167..0000000 --- a/docker-pack/docker-compose.yml +++ /dev/null @@ -1,24 +0,0 @@ -version: "3.9" - -services: - web: - build: . - ports: - - "8080:80" - volumes: - - ../auth:/var/www/html/auth:ro - depends_on: - - db - - db: - image: mariadb:11 - environment: - MARIADB_ROOT_PASSWORD: rootpass - MARIADB_DATABASE: auth_db - volumes: - - ../db/schema.sql:/docker-entrypoint-initdb.d/01-schema.sql:ro - - ./seed.sql:/docker-entrypoint-initdb.d/02-seed.sql:ro - - db_data:/var/lib/mysql - -volumes: - db_data: diff --git a/docker-pack/seed.sql b/docker-pack/seed.sql deleted file mode 100644 index a9b3545..0000000 --- a/docker-pack/seed.sql +++ /dev/null @@ -1,5 +0,0 @@ -INSERT INTO users (login, password_hash) -VALUES ('demo', '$2y$10$MyDhXOP.UZAHJcE1KWoQU.PJfxa5C82FePAuZYphCMaXya.Ylxlne'); - -INSERT INTO user_access (user_id, site_key) -VALUES (1, 'localhost'); diff --git a/index.html b/index.html new file mode 100644 index 0000000..aaef4f8 --- /dev/null +++ b/index.html @@ -0,0 +1,36 @@ + + + + Личный кабинет + + +
+ + + + + \ No newline at end of file diff --git a/js/auth.js b/js/auth.js new file mode 100644 index 0000000..d61cb3b --- /dev/null +++ b/js/auth.js @@ -0,0 +1,58 @@ +// Общие функции для AJAX запросов +async function sendRequest(url, data) { + try { + const response = await fetch(url, { + method: 'POST', + headers: { + 'Content-Type': 'application/json', + }, + body: JSON.stringify(data) + }); + return await response.json(); + } catch (error) { + console.error('Ошибка:', error); + return { success: false, message: 'Ошибка сети' }; + } +} + +// Обработка регистрации +if (document.getElementById('registerForm')) { + document.getElementById('registerForm').addEventListener('submit', async function(e) { + e.preventDefault(); + + const formData = new FormData(this); + const data = Object.fromEntries(formData); + + const result = await sendRequest('api/register.php', data); + + if (result.success) { + alert(result.message); + window.location.href = 'login.html'; + } else { + alert('Ошибка: ' + result.message); + } + }); +} + +// Обработка входа +if (document.getElementById('loginForm')) { + document.getElementById('loginForm').addEventListener('submit', async function(e) { + e.preventDefault(); + + const formData = new FormData(this); + const data = Object.fromEntries(formData); + + const result = await sendRequest('api/login.php', data); + + if (result.success) { + // Сохраняем данные пользователя в localStorage + localStorage.setItem('user', JSON.stringify(result.user)); + localStorage.setItem('isLoggedIn', 'true'); + + alert(result.message); + window.location.href = 'index.html'; + } else { + alert('Ошибка: ' + result.message); + } + }); +} \ No newline at end of file diff --git a/login.html b/login.html new file mode 100644 index 0000000..fa588b8 --- /dev/null +++ b/login.html @@ -0,0 +1,16 @@ + + + + Вход + + +

Вход

+
+ + + +
+ + + + \ No newline at end of file From 5c084c6aaa2b41fc3d40d550b5b5f3a5f9d7f3fb Mon Sep 17 00:00:00 2001 From: Jester Date: Mon, 19 Jan 2026 08:57:58 +0300 Subject: [PATCH 2/7] security update --- api/check_auth.php | 3 +- api/login.php | 70 ++++++++++++++++------------- api/logout.php | 15 ++++++- config/db.php | 4 +- config/session.php | 15 +++++++ index.html | 9 ++-- js/auth.js | 8 ++-- login.html | 107 ++++++++++++++++++++++++++++++++++++++++++--- 8 files changed, 182 insertions(+), 49 deletions(-) create mode 100644 config/session.php diff --git a/api/check_auth.php b/api/check_auth.php index 0e52a9b..e2bed0e 100644 --- a/api/check_auth.php +++ b/api/check_auth.php @@ -1,5 +1,6 @@ prepare("SELECT * FROM users WHERE username = ?"); - $stmt->execute([$login]); - $user = $stmt->fetch(PDO::FETCH_ASSOC); - - if ($user && password_verify($password, $user['password_hash'])) { - // Успешная авторизация - session_start(); - $_SESSION['user_id'] = $user['id']; - $_SESSION['username'] = $user['username']; - - echo json_encode([ - 'success' => true, - 'message' => 'Вход выполнен успешно', - 'user' => [ - 'id' => $user['id'], - 'username' => $user['username'], - ] - ]); - } else { - echo json_encode(['success' => false, 'message' => 'Неверные учетные данные']); - } +if ($_SERVER['REQUEST_METHOD'] !== 'POST') { + http_response_code(405); + echo json_encode(['success' => false, 'message' => 'Метод не поддерживается']); + exit; +} + +$data = json_decode(file_get_contents('php://input'), true); +if (!is_array($data)) { + http_response_code(400); + echo json_encode(['success' => false, 'message' => 'Некорректные данные']); + exit; +} + +$login = trim($data['username'] ?? ''); +$password = $data['password'] ?? ''; + +// Поиск пользователя по username +$stmt = $pdo->prepare("SELECT * FROM users WHERE username = ?"); +$stmt->execute([$login]); +$user = $stmt->fetch(PDO::FETCH_ASSOC); + +if ($user && password_verify($password, $user['password_hash'])) { + // Успешная авторизация + session_regenerate_id(true); + $_SESSION['user_id'] = $user['id']; + $_SESSION['username'] = $user['username']; + + echo json_encode([ + 'success' => true, + 'message' => 'Вход выполнен успешно', + 'user' => [ + 'id' => $user['id'], + 'username' => $user['username'], + ] + ]); +} else { + echo json_encode(['success' => false, 'message' => 'Неверные учетные данные']); } ?> diff --git a/api/logout.php b/api/logout.php index 829c135..979ccb2 100644 --- a/api/logout.php +++ b/api/logout.php @@ -1,5 +1,18 @@ false, 'message' => 'Метод не поддерживается']); + exit; +} + +$_SESSION = []; +if (ini_get('session.use_cookies')) { + $params = session_get_cookie_params(); + setcookie(session_name(), '', time() - 42000, $params['path'], $params['domain'], $params['secure'], $params['httponly']); +} session_destroy(); echo json_encode(['success' => true]); ?> \ No newline at end of file diff --git a/config/db.php b/config/db.php index 2b71884..8675c63 100644 --- a/config/db.php +++ b/config/db.php @@ -1,7 +1,7 @@ 0, + 'path' => '/', + 'domain' => '', + 'secure' => $isSecure, + 'httponly' => true, + 'samesite' => 'Lax', + ]); + session_start(); +} +?> diff --git a/index.html b/index.html index aaef4f8..e9f0633 100644 --- a/index.html +++ b/index.html @@ -10,7 +10,7 @@ \ No newline at end of file From 8b20efc0e63d5d43f1a4e45ea7b88d1fa3aa425f Mon Sep 17 00:00:00 2001 From: Jester Date: Mon, 19 Jan 2026 10:15:29 +0300 Subject: [PATCH 3/7] nginx conf in NAS --- nginx_T.txt | 1786 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 1786 insertions(+) create mode 100644 nginx_T.txt diff --git a/nginx_T.txt b/nginx_T.txt new file mode 100644 index 0000000..d30b2c5 --- /dev/null +++ b/nginx_T.txt @@ -0,0 +1,1786 @@ +# configuration file /etc/nginx/nginx.conf: +# Copyright (c) 2000-2017 Synology Inc. All rights reserved. + +worker_processes auto; +#worker_cpu_affinity auto; +worker_rlimit_nofile 65535; + +include conf.d/main.*.conf; + +events { + use epoll; + multi_accept on; + accept_mutex off; + worker_connections 1024; + + include conf.d/events.*.conf; +} + +http { + include mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log off; + #access_log syslog:server=unix:/dev/log,facility=local7,tag=nginx_access,nohostname main; + error_log syslog:server=unix:/dev/log,facility=local7,tag=nginx_error,nohostname error; + + tcp_nopush on; + tcp_nodelay on; + + sendfile on; + server_tokens off; + + proxy_request_buffering off; + fastcgi_request_buffering off; + scgi_request_buffering off; + + proxy_buffering off; + fastcgi_buffering off; + scgi_buffering off; + + resolver_timeout 5s; + client_header_timeout 10s; + client_body_timeout 60s; + send_timeout 60s; + keepalive_timeout 65s 20s; + client_max_body_size 0; + http2_max_client_body_buffer_size 8m; + server_names_hash_max_size 8192; + server_names_hash_bucket_size 128; + + include /usr/syno/etc/www/certificate/system_default/cert.conf*; + include /usr/syno/etc/security-profile/tls-profile/config/dsm.conf*; + ssl_prefer_server_ciphers on; + + ssl_session_tickets off; + ssl_session_cache shared:SSL:1m; + ssl_session_timeout 3600s; + + ssl_early_data off; + + real_ip_header X-Forwarded-For; + real_ip_recursive on; + set_real_ip_from 127.0.0.1; + + include /var/tmp/nginx/trusted_proxy/*.conf; + + default_listen_option ssl_http2; + + map $http_upgrade $connection_upgrade { + default upgrade; + '' close; + } + + server_tag "nginx"; + + gzip_disable "msie6"; + gzip_min_length 1000; + gzip_types text/plain text/css application/javascript application/json; + gzip_vary on; + gzip_static on; + + open_file_cache max=1000 inactive=60s; + open_file_cache_valid 3s; + open_file_cache_min_uses 2; + open_file_cache_errors on; + + upstream synoscgi { + server unix:/run/synoscgi.sock; + } + + upstream synoscgi.sock { + server unix:/run/synoscgi_socket.sock; + } + + upstream synoscgi_restfulapi { + server unix:/run/synoscgi_restfulapi.sock; + } + + index index.html index.htm index.php; + + server { + listen 5000 default_server; + listen [::]:5000 default_server; + + server_name _; + + gzip on; + + include conf.d/alias.*.conf; + root /usr/syno/synoman; + index index.cgi; + + ignore_invalid_headers off; + + include /usr/syno/share/nginx/conf.d/dsm.*.conf; + include conf.d/dsm.*.conf; + + location = / { + try_files $uri /index.cgi$is_args$query_string; + } + + location ~ ^/volume(?:X|USB|SATA|Gluster)?\d+/ { + internal; + + root /; + + open_file_cache off; + + include conf.d/x-accel.*.conf; + } + + location ~ /webman/modules/(PersonalSettings|ExternalDevices|FileBrowser)/index_ds.php$ { + alias /usr/syno/share/OAuth/index_ds.php; + default_type text/html; + } + + location ~ \.cgi { + include scgi_params; + scgi_pass synoscgi; + + scgi_read_timeout 3600s; + } + + location ~ /synoscgi.sock/socket.io/ { + proxy_read_timeout 3600s; + include proxy.conf; + rewrite /synoscgi.sock/(.*)$ /$1 break; + proxy_set_header Connection $connection_upgrade; + proxy_pass http://synoscgi.sock; + + } + + location ~ /api/ { + include scgi_params; + scgi_pass synoscgi_restfulapi; + + scgi_read_timeout 3600s; + } + + error_page 403 404 500 502 503 504 /dsm_error_page; + + location /dsm_error_page { + internal; + root /usr/syno/share/nginx; + rewrite (.*) /error.html break; + allow all; + } + + location ~ ^/webman/modules/Indexer/ { + deny all; + } + + location ~ ^/webapi/lib/ { + deny all; + } + + location ~ ^/webapi/(:?(:?.*)\.lib|(:?.*)\.api|(:?.*)\.auth|lib.def)$ { + deny all; + } + + location ~ /\. { access_log off; log_not_found off; deny all; } + + location ~* \.(?:js|css|png|jpg|gif|ico)$ { + access_log off; + log_not_found off; + } + + location = /favicon.ico { + access_log off; + log_not_found off; + } + + location = /robots.txt { + allow all; + access_log off; + log_not_found off; + } + + } + + server { + listen 5001 default_server ssl; + listen [::]:5001 default_server ssl; + + server_name _; + + include conf.d/ssl.*.conf; + + include conf.d/alias.*.conf; + root /usr/syno/synoman; + index index.cgi; + + ignore_invalid_headers off; + + include /usr/syno/share/nginx/conf.d/dsm.*.conf; + include conf.d/dsm.*.conf; + + location = / { + try_files $uri /index.cgi$is_args$query_string; + } + + location ~ ^/volume(?:X|USB|SATA|Gluster)?\d+/ { + internal; + + root /; + + open_file_cache off; + + include conf.d/x-accel.*.conf; + } + + location ~ /webman/modules/(PersonalSettings|ExternalDevices|FileBrowser)/index_ds.php$ { + alias /usr/syno/share/OAuth/index_ds.php; + default_type text/html; + } + + location ~ \.cgi { + include scgi_params; + scgi_pass synoscgi; + + scgi_read_timeout 3600s; + } + + location ~ /synoscgi.sock/socket.io/ { + proxy_read_timeout 3600s; + include proxy.conf; + rewrite /synoscgi.sock/(.*)$ /$1 break; + proxy_set_header Connection $connection_upgrade; + proxy_pass http://synoscgi.sock; + + } + + location ~ /api/ { + include scgi_params; + scgi_pass synoscgi_restfulapi; + + scgi_read_timeout 3600s; + } + + error_page 403 404 500 502 503 504 /dsm_error_page; + + location /dsm_error_page { + internal; + root /usr/syno/share/nginx; + rewrite (.*) /error.html break; + allow all; + } + + location ~ ^/webman/modules/Indexer/ { + deny all; + } + + location ~ ^/webapi/lib/ { + deny all; + } + + location ~ ^/webapi/(:?(:?.*)\.lib|(:?.*)\.api|(:?.*)\.auth|lib.def)$ { + deny all; + } + + location ~ /\. { access_log off; log_not_found off; deny all; } + + location ~* \.(?:js|css|png|jpg|gif|ico)$ { + access_log off; + log_not_found off; + } + + location = /favicon.ico { + access_log off; + log_not_found off; + } + + location = /robots.txt { + allow all; + access_log off; + log_not_found off; + } + + } + + server { + listen 5000; + listen [::]:5000; + + server_name ntc3-nas.direct.quickconnect.to *.ntc3-nas.direct.quickconnect.to; + set $fqdn $server_name; + + gzip on; + + include conf.d/alias.*.conf; + root /usr/syno/synoman; + index index.cgi; + + ignore_invalid_headers off; + + include /usr/syno/share/nginx/conf.d/dsm.*.conf; + include conf.d/dsm.*.conf; + + location = / { + try_files $uri /index.cgi$is_args$query_string; + } + + location ~ ^/volume(?:X|USB|SATA|Gluster)?\d+/ { + internal; + + root /; + + open_file_cache off; + + include conf.d/x-accel.*.conf; + } + + location ~ /webman/modules/(PersonalSettings|ExternalDevices|FileBrowser)/index_ds.php$ { + alias /usr/syno/share/OAuth/index_ds.php; + default_type text/html; + } + + location ~ \.cgi { + include scgi_params; + scgi_pass synoscgi; + + scgi_read_timeout 3600s; + } + + location ~ /synoscgi.sock/socket.io/ { + proxy_read_timeout 3600s; + include proxy.conf; + rewrite /synoscgi.sock/(.*)$ /$1 break; + proxy_set_header Connection $connection_upgrade; + proxy_pass http://synoscgi.sock; + + } + + location ~ /api/ { + include scgi_params; + scgi_pass synoscgi_restfulapi; + + scgi_read_timeout 3600s; + } + + error_page 403 404 500 502 503 504 /dsm_error_page; + + location /dsm_error_page { + internal; + root /usr/syno/share/nginx; + rewrite (.*) /error.html break; + allow all; + } + + location ~ ^/webman/modules/Indexer/ { + deny all; + } + + location ~ ^/webapi/lib/ { + deny all; + } + + location ~ ^/webapi/(:?(:?.*)\.lib|(:?.*)\.api|(:?.*)\.auth|lib.def)$ { + deny all; + } + + location ~ /\. { access_log off; log_not_found off; deny all; } + + location ~* \.(?:js|css|png|jpg|gif|ico)$ { + access_log off; + log_not_found off; + } + + location = /favicon.ico { + access_log off; + log_not_found off; + } + + location = /robots.txt { + allow all; + access_log off; + log_not_found off; + } + + } + + server { + listen 5001 ssl; + listen [::]:5001 ssl; + + server_name ntc3-nas.direct.quickconnect.to *.ntc3-nas.direct.quickconnect.to; + set $fqdn $server_name; + + location ^~ /.well-known/acme-challenge { + root /var/lib/letsencrypt; + default_type text/plain; + } + + include /usr/syno/etc/www/certificate/system_quickconnect/cert.conf*; + + include /usr/syno/etc/security-profile/tls-profile/config/system_quickconnect.conf*; + + include conf.d/ssl.*.conf; + + include conf.d/alias.*.conf; + root /usr/syno/synoman; + index index.cgi; + + ignore_invalid_headers off; + + include /usr/syno/share/nginx/conf.d/dsm.*.conf; + include conf.d/dsm.*.conf; + + location = / { + try_files $uri /index.cgi$is_args$query_string; + } + + location ~ ^/volume(?:X|USB|SATA|Gluster)?\d+/ { + internal; + + root /; + + open_file_cache off; + + include conf.d/x-accel.*.conf; + } + + location ~ /webman/modules/(PersonalSettings|ExternalDevices|FileBrowser)/index_ds.php$ { + alias /usr/syno/share/OAuth/index_ds.php; + default_type text/html; + } + + location ~ \.cgi { + include scgi_params; + scgi_pass synoscgi; + + scgi_read_timeout 3600s; + } + + location ~ /synoscgi.sock/socket.io/ { + proxy_read_timeout 3600s; + include proxy.conf; + rewrite /synoscgi.sock/(.*)$ /$1 break; + proxy_set_header Connection $connection_upgrade; + proxy_pass http://synoscgi.sock; + + } + + location ~ /api/ { + include scgi_params; + scgi_pass synoscgi_restfulapi; + + scgi_read_timeout 3600s; + } + + error_page 403 404 500 502 503 504 /dsm_error_page; + + location /dsm_error_page { + internal; + root /usr/syno/share/nginx; + rewrite (.*) /error.html break; + allow all; + } + + location ~ ^/webman/modules/Indexer/ { + deny all; + } + + location ~ ^/webapi/lib/ { + deny all; + } + + location ~ ^/webapi/(:?(:?.*)\.lib|(:?.*)\.api|(:?.*)\.auth|lib.def)$ { + deny all; + } + + location ~ /\. { access_log off; log_not_found off; deny all; } + + location ~* \.(?:js|css|png|jpg|gif|ico)$ { + access_log off; + log_not_found off; + } + + location = /favicon.ico { + access_log off; + log_not_found off; + } + + location = /robots.txt { + allow all; + access_log off; + log_not_found off; + } + + } + + server { + listen 80 default_server; + listen [::]:80 default_server; + + server_name _; + gzip on; + + location ~ ^/volume(?:X|USB|SATA|Gluster)?\d+/ { + internal; + + root /; + + open_file_cache off; + + include conf.d/x-accel.*.conf; + } + + include conf.d/alias.*.conf; + include /usr/syno/share/nginx/conf.d/www.*.conf; + include conf.d/www.*.conf; + + location = /webdefault/images/logo.jpg { + alias /usr/syno/share/nginx/logo.jpg; + } + + error_page 403 404 500 502 503 504 /dsm_error_page; + + location /dsm_error_page { + internal; + root /usr/syno/share/nginx; + rewrite (.*) /error.html break; + allow all; + } + + location ^~ /.well-known/acme-challenge { + root /var/lib/letsencrypt; + default_type text/plain; + } + + include conf.d/.location.webstation.conf*; + + location / { + root /var/tmp/nginx/html; + add_header Cache-Control 'no-cache'; + rewrite (.*) /redirect.html break; + } + + } + + server { + listen 443 default_server ssl; + listen [::]:443 default_server ssl; + server_name _; + + location ~ ^/volume(?:X|USB|SATA|Gluster)?\d+/ { + internal; + + root /; + + open_file_cache off; + + include conf.d/x-accel.*.conf; + } + + include conf.d/alias.*.conf; + include /usr/syno/share/nginx/conf.d/www.*.conf; + include conf.d/www.*.conf; + + location = /webdefault/images/logo.jpg { + alias /usr/syno/share/nginx/logo.jpg; + } + + error_page 403 404 500 502 503 504 /dsm_error_page; + + location /dsm_error_page { + internal; + root /usr/syno/share/nginx; + rewrite (.*) /error.html break; + allow all; + } + + location ^~ /.well-known/acme-challenge { + root /var/lib/letsencrypt; + default_type text/plain; + } + + include conf.d/.location.webstation.conf*; + + location / { + root /var/tmp/nginx/html; + add_header Cache-Control 'no-cache'; + rewrite (.*) /redirect.html break; + } + + } + + server { + listen 80; + listen [::]:80; + + server_name ntc3-nas.direct.quickconnect.to *.ntc3-nas.direct.quickconnect.to; + set $fqdn $server_name; + + gzip on; + + location ~ ^/volume(?:X|USB|SATA|Gluster)?\d+/ { + internal; + + root /; + + open_file_cache off; + + include conf.d/x-accel.*.conf; + } + + include conf.d/alias.*.conf; + include /usr/syno/share/nginx/conf.d/www.*.conf; + include conf.d/www.*.conf; + + location = /webdefault/images/logo.jpg { + alias /usr/syno/share/nginx/logo.jpg; + } + + error_page 403 404 500 502 503 504 /dsm_error_page; + + location /dsm_error_page { + internal; + root /usr/syno/share/nginx; + rewrite (.*) /error.html break; + allow all; + } + + location ^~ /.well-known/acme-challenge { + root /var/lib/letsencrypt; + default_type text/plain; + } + + include conf.d/.location.webstation.conf*; + + location / { + root /var/tmp/nginx/html; + add_header Cache-Control 'no-cache'; + rewrite (.*) /redirect.html break; + } + + } + + server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name ntc3-nas.direct.quickconnect.to *.ntc3-nas.direct.quickconnect.to; + set $fqdn $server_name; + + include /usr/syno/etc/www/certificate/system_quickconnect/cert.conf*; + + include /usr/syno/etc/security-profile/tls-profile/config/system_quickconnect.conf*; + + location ~ ^/volume(?:X|USB|SATA|Gluster)?\d+/ { + internal; + + root /; + + open_file_cache off; + + include conf.d/x-accel.*.conf; + } + + include conf.d/alias.*.conf; + include /usr/syno/share/nginx/conf.d/www.*.conf; + include conf.d/www.*.conf; + + location = /webdefault/images/logo.jpg { + alias /usr/syno/share/nginx/logo.jpg; + } + + error_page 403 404 500 502 503 504 /dsm_error_page; + + location /dsm_error_page { + internal; + root /usr/syno/share/nginx; + rewrite (.*) /error.html break; + allow all; + } + + location ^~ /.well-known/acme-challenge { + root /var/lib/letsencrypt; + default_type text/plain; + } + + include conf.d/.location.webstation.conf*; + + location / { + root /var/tmp/nginx/html; + add_header Cache-Control 'no-cache'; + rewrite (.*) /redirect.html break; + } + + } + + include conf.d/http.*.conf; + include sites-enabled/*; +} + +# configuration file /etc/nginx/conf.d/main.login_rate_limit.conf: + +# configuration file /etc/nginx/mime.types: + +types { + text/html html htm shtml; + text/css css; + text/xml xml; + image/gif gif; + image/jpeg jpeg jpg; + application/javascript js; + application/atom+xml atom; + application/rss+xml rss; + + text/mathml mml; + text/plain txt; + text/vnd.sun.j2me.app-descriptor jad; + text/vnd.wap.wml wml; + text/x-component htc; + + image/avif avif; + image/png png; + image/svg+xml svg svgz; + image/tiff tif tiff; + image/vnd.wap.wbmp wbmp; + image/webp webp; + image/x-icon ico; + image/x-jng jng; + image/x-ms-bmp bmp; + + font/woff woff; + font/woff2 woff2; + + application/java-archive jar war ear; + application/json json; + application/mac-binhex40 hqx; + application/msword doc; + application/pdf pdf; + application/postscript ps eps ai; + application/rtf rtf; + application/vnd.apple.mpegurl m3u8; + application/vnd.google-earth.kml+xml kml; + application/vnd.google-earth.kmz kmz; + application/vnd.ms-excel xls; + application/vnd.ms-fontobject eot; + application/vnd.ms-powerpoint ppt; + application/vnd.oasis.opendocument.graphics odg; + application/vnd.oasis.opendocument.presentation odp; + application/vnd.oasis.opendocument.spreadsheet ods; + application/vnd.oasis.opendocument.text odt; + application/vnd.openxmlformats-officedocument.presentationml.presentation + pptx; + application/vnd.openxmlformats-officedocument.spreadsheetml.sheet + xlsx; + application/vnd.openxmlformats-officedocument.wordprocessingml.document + docx; + application/vnd.wap.wmlc wmlc; + application/wasm wasm; + application/x-7z-compressed 7z; + application/x-cocoa cco; + application/x-java-archive-diff jardiff; + application/x-java-jnlp-file jnlp; + application/x-makeself run; + application/x-perl pl pm; + application/x-pilot prc pdb; + application/x-rar-compressed rar; + application/x-redhat-package-manager rpm; + application/x-sea sea; + application/x-shockwave-flash swf; + application/x-stuffit sit; + application/x-tcl tcl tk; + application/x-x509-ca-cert der pem crt; + application/x-xpinstall xpi; + application/xhtml+xml xhtml; + application/xspf+xml xspf; + application/zip zip; + + application/octet-stream bin exe dll; + application/octet-stream deb; + application/octet-stream dmg; + application/octet-stream iso img; + application/octet-stream msi msp msm; + + audio/midi mid midi kar; + audio/mpeg mp3; + audio/ogg ogg; + audio/x-m4a m4a; + audio/x-realaudio ra; + + video/3gpp 3gpp 3gp; + video/mp2t ts; + video/mp4 mp4; + video/mpeg mpeg mpg; + video/quicktime mov; + video/webm webm; + video/x-flv flv; + video/x-m4v m4v; + video/x-mng mng; + video/x-ms-asf asx asf; + video/x-ms-wmv wmv; + video/x-msvideo avi; + +# Synology added mime type + application/wasm wasm; +} + +# configuration file /usr/syno/etc/www/certificate/system_default/cert.conf: +ssl_certificate /usr/syno/etc/www/certificate/system_default/03ed964b-e07d-4b55-9581-d4e274f27b7e.pem; +ssl_certificate_key /usr/syno/etc/www/certificate/system_default/bb4c1379-b658-4d7e-a3af-066a6171c339.pem; + +# configuration file /usr/syno/etc/security-profile/tls-profile/config/dsm.conf: + + +ssl_protocols TLSv1.2 TLSv1.3; +ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305; +ssl_dhparam /usr/syno/etc/ssl/dh2048.pem; + + +# configuration file /usr/syno/share/nginx/conf.d/dsm.PackageCenter.conf: +location ^~ /pkgimage { + internal; + alias /var/cache/synopkg/lfs/image; +} + +# configuration file /usr/syno/share/nginx/conf.d/dsm.SecurityAdvisor.conf: +location ~ ^/sar/(.*)$ { + rewrite ^/sar/(.*)$ /webapi/_______________________________________________________entry.cgi?path="$1"&api=SYNO.SecurityAdvisor.Report.HTML&method=open&version=1; +} + +# configuration file /usr/syno/share/nginx/conf.d/dsm.synosharing.conf: +location ~ ^/sharing/([-_\w\d]+)$ { + root /usr/syno/synoman; + rewrite /sharing/([^\/\.]+) /sharing.cgi?_sharing_id=$1 break; + + include scgi_params; + scgi_read_timeout 3600s; + scgi_param IS_SHARING 1; + scgi_pass synoscgi; +} + +location ~ ^/sharing/(.+)\.cgi { + root /usr/syno/synoman; + rewrite /sharing/(.+) /$1 break; + + include scgi_params; + scgi_read_timeout 3600s; + scgi_param IS_SHARING 1; + scgi_pass synoscgi; +} + +location ~ ^/sharing/$ { + root /usr/syno/synoman; + rewrite /sharing/ /sharing.cgi break; + + include scgi_params; + scgi_read_timeout 3600s; + scgi_param IS_SHARING 1; + scgi_pass synoscgi; +} + +location ~ ^/sharing/errors$ { + root /usr/syno/synoman; + rewrite /sharing/errors /sharing.cgi break; + + include scgi_params; + scgi_read_timeout 3600s; + scgi_param IS_SHARING 1; + scgi_pass synoscgi; +} + +location ~ ^/sharing/webman/modules/Indexer/ { + deny all; +} + +location ~ ^/sharing/webapi/lib/ { + deny all; +} + +location ~ ^/sharing/webapi/(:?(:?.*)\.lib|(:?.*)\.api|(:?.*)\.auth|lib.def)$ { + deny all; +} + +location ~ ^/sharing/(.+)$ { + root /usr/syno/synoman; + rewrite /sharing/(.+) /$1 break; +} + +# configuration file /etc/nginx/scgi_params: +scgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; +scgi_param CONTENT_LENGTH $content_length; +scgi_param SCRIPT_NAME $fastcgi_script_name; + +scgi_param REQUEST_METHOD $request_method; +scgi_param REQUEST_URI $request_uri; +scgi_param QUERY_STRING $query_string; +scgi_param CONTENT_TYPE $content_type; + +scgi_param DOCUMENT_URI $document_uri; +scgi_param DOCUMENT_ROOT $document_root; +scgi_param SCGI 1; +scgi_param SERVER_PROTOCOL $server_protocol; +scgi_param REQUEST_SCHEME $scheme; +scgi_param HTTPS $https if_not_empty; + +scgi_param GATEWAY_INTERFACE CGI/1.1; +scgi_param SERVER_SOFTWARE nginx/$nginx_version; + +scgi_param REMOTE_ADDR $remote_addr; +scgi_param REMOTE_PORT $remote_port; +scgi_param SERVER_ADDR $server_addr; +scgi_param SERVER_PORT $server_port; +scgi_param SERVER_NAME $host; + +fastcgi_split_path_info ^(.+?\.cgi)(.*)$; +scgi_param PATH_INFO $fastcgi_path_info; + +uninitialized_variable_warn off; + +if ($fqdn = false) { + set $fqdn ""; +} + +scgi_param HOST $fqdn if_not_empty; + +scgi_intercept_errors on; + +# configuration file /etc/nginx/conf.d/dsm.pkg-static.ContainerManager-70163528.conf: +location ~ ^/docker/ws { + proxy_set_header X-Server-IP $server_addr; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Real-HTTPS $https; + proxy_set_header X-Server-Port $server_port; + proxy_set_header X-Real-Port $remote_port; + proxy_set_header Host $http_host; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header X-Forwarded-Host $http_host; + proxy_http_version 1.1; + proxy_read_timeout 3600s; + + proxy_pass http://127.0.0.1:512; +} + +# configuration file /etc/nginx/conf.d/dsm.pkg-static.SynologyApplicationService-1255611987.conf: +location ~ /webman/3rdparty/SynologyApplicationService/browser_pair/service-worker.js$ { + add_header 'Service-Worker-Allowed' '/'; +} + +# configuration file /etc/nginx/conf.d/dsm.pkg-static.SynologyDrive-1350404196.conf: +location ~ ^/cstndownload/ { + rewrite ^/cstndownload/(.*)$ /webapi/entry.cgi?api=SYNO.SynologyDrive.Node.Download&version=1&method=finish; +} + +# configuration file /etc/nginx/conf.d/dsm.ssdp.conf: +location ~ ^/ssdp/ { + allow 172.20.36.211/24; + deny all; + root /tmp; + access_log off; + log_not_found off; +} + +# configuration file /etc/nginx/conf.d/dsm.syno-app-portal.FileStation.conf: + + +location ~ ^/sharing/([-_\w\d]+)$ { + root /usr/syno/synoman; + rewrite /sharing/([^\/\.]+) /sharing.cgi?_sharing_id=$1 break; + + include scgi_params; + scgi_read_timeout 3600s; + scgi_param IS_SHARING 1; + scgi_pass synoscgi; +} + +location ~ ^/sharing/(.+)\.cgi { + root /usr/syno/synoman; + rewrite /sharing/(.+) /$1 break; + + include scgi_params; + scgi_read_timeout 3600s; + scgi_param IS_SHARING 1; + scgi_pass synoscgi; +} + +location ~ ^/sharing/$ { + root /usr/syno/synoman; + rewrite /sharing/ /sharing.cgi break; + + include scgi_params; + scgi_read_timeout 3600s; + scgi_param IS_SHARING 1; + scgi_pass synoscgi; +} + +location ~ ^/sharing/errors$ { + root /usr/syno/synoman; + rewrite /sharing/errors /sharing.cgi break; + + include scgi_params; + scgi_read_timeout 3600s; + scgi_param IS_SHARING 1; + scgi_pass synoscgi; +} + +location ~ ^/sharing/webman/modules/Indexer/ { + deny all; +} + +location ~ ^/sharing/webapi/lib/ { + deny all; +} + +location ~ ^/sharing/webapi/(:?(:?.*)\.lib|(:?.*)\.api|(:?.*)\.auth|lib.def)$ { + deny all; +} + +location ~ ^/sharing/(.+)$ { + root /usr/syno/synoman; + rewrite /sharing/(.+) /$1 break; +} + +location ~ /webman/modules/FileBrowser/index_ds.php$ { + default_type text/html; + alias /usr/syno/share/OAuth/index_ds.php; +} + +location ~ ^/wfmlogindialog.js(.*) { + root /usr/syno/synoman; + rewrite /wfmlogindialog.js(.*) /webman/3rdparty/FileBrowser/directlogin.js$1 break; +} + +location ~ ^/fbsharing/(.*)$ { + root /usr/syno/synoman; + rewrite /fbsharing/(.*)$ $scheme://$http_host/sharing/fbsharing-$1 break; +} + +location ~ ^/fsdownload/webapi/file_download\.cgi/(.*)$ { + root /usr/syno/synoman; + rewrite /fsdownload/webapi/file_download\.cgi/(.*)$ /webapi/_______________________________________________________entry.cgi?api=SYNO.FolderSharing.Download&version=2&method=download break; + scgi_param REWRITE_APP "SYNO.SDS.App.FileStation3.Instance"; + scgi_read_timeout 3600s; + include scgi_params; + scgi_pass synoscgi; + +} + +location ~ ^/fsdownload/(webman|scripts|synoSDSjslib)/(.*)$ { + root /usr/syno/synoman; + rewrite /fsdownload/(.*)$ /$1 break; +} + +location ~ ^/fsdownload/webapi/(.*)$ { + root /usr/syno/synoman; + rewrite /fsdownload/(.*)$ /$1 break; + scgi_param REWRITE_APP "SYNO.SDS.App.FileStation3.Instance"; + scgi_read_timeout 3600s; + include scgi_params; + scgi_pass synoscgi; + +} + +location ~ ^/fsdownload/([-_\w\d]+)/(.*)$ { + root /usr/syno/synoman; + rewrite /fsdownload/([-_\w\d]+)/(.*)$ /webapi/_______________________________________________________entry.cgi?api=SYNO.FileStation.Sharing.Download&version=1&method=download&_sharing_id="$1"&mode=download break; + scgi_param REWRITE_APP "SYNO.SDS.App.FileStation3.Instance"; + scgi_read_timeout 3600s; + include scgi_params; + scgi_pass synoscgi; + +} + +location ~ ^/fbdownload/(.*)$ { + root /usr/syno/synoman; + if ($args ~* "^k=(.*)") { + rewrite ^.*$ $scheme://$http_host/sharing/fbsharing-$arg_k? last; + } + rewrite /fbdownload/(.*)$ /webapi/_______________________________________________________entry.cgi?api=SYNO.FileStation.Download&version=2&method=download&mode=download&stdhtml=true break; + scgi_param REWRITE_APP "SYNO.SDS.App.FileStation3.Instance"; + scgi_read_timeout 3600s; + include scgi_params; + scgi_pass synoscgi; + +} + +location ~ ^/fbgdrivedownload/(.*)$ { + root /usr/syno/synoman; + rewrite /fbgdrivedownload/(.*) /webapi/_______________________________________________________entry.cgi?api=SYNO.FileStation.VFS.GDrive&method=download&version=1&mode=download&stdhtml=true break; + scgi_param REWRITE_APP "SYNO.SDS.App.FileStation3.Instance"; + scgi_read_timeout 3600s; + include scgi_params; + scgi_pass synoscgi; + +} + +location ~ ^/viewer/(.*)/(.*)/(.*)/(.*)$ { + root /usr/syno/synoman; + rewrite /viewer/(.*)/(.*)/(.*)/(.*) /webapi/_______________________________________________________entry.cgi?api=SYNO.FileStation.Download&version=2&method=download&dlink="$1"&tid="$2"&SynoToken=$3&mode=open&stdhtml=true break; + scgi_param REWRITE_APP "SYNO.SDS.App.FileStation3.Instance"; + scgi_read_timeout 3600s; + include scgi_params; + scgi_pass synoscgi; + +} + + +# configuration file /etc/nginx/conf.d/dsm.syno-app-portal.SynologyDrive.conf: +location ~ ^/d/f/ { + root /usr/syno/synoman; + index index.cgi; + + rewrite /d/f/([0-9a-zA-Z_]+\.(txt|cgi))$ /$1 last; + rewrite /d/f/(webman|scripts|synoSDSjslib|synoSDSjslib-compatible-6.x|synohdpack|oauth|webapi)/(.*)$ /$1/$2 last; + rewrite /d/f/([0-9a-zA-Z]+)$ /webapi/entry.cgi?api=SYNO.SynologyDrive.Shard&version=1&method=get&link_id="$1"&sharing_type=simple_sharing break; + + include scgi_params; + scgi_pass synoscgi; + +} + +location ~ ^/d/s/ { + root /usr/syno/synoman; + index index.cgi; + + rewrite /d/s/([0-9a-zA-Z]+)/([0-9a-zA-Z_]+\.(txt|cgi))$ /$2 last; + rewrite /d/s/([0-9a-zA-Z]+)/(webman|scripts|synoSDSjslib|synoSDSjslib-compatible-6.x|synohdpack|oauth|webapi|oo|sc)/(.*)$ /$2/$3 last; + rewrite /d/s/([0-9a-zA-Z]+)/([^/]+)$ /webapi/entry.cgi?api=SYNO.SynologyDrive.Shard&version=1&method=get&link_id="$1"&sharing_link="$2"&sharing_type=public_sharing break; + + include scgi_params; + scgi_pass synoscgi; + +} + +location ~ ^/d/r/ { + root /usr/syno/synoman; + index index.cgi; + + rewrite /d/r/([0-9a-zA-Z]+)/([0-9a-zA-Z_]+\.(txt|cgi))$ /$2 last; + rewrite /d/r/([0-9a-zA-Z]+)/(webman|scripts|synoSDSjslib|synoSDSjslib-compatible-6.x|synohdpack|oauth|webapi|oo|sc)/(.*)$ /$2/$3 last; + rewrite /d/r/([0-9a-zA-Z]+)/([^/]+)$ /webapi/entry.cgi?api=SYNO.SynologyDrive.Shard&version=1&method=get&link_id="$1"&sharing_link="$2"&sharing_type=file_request break; + + include scgi_params; + scgi_pass synoscgi; + +} + + +# configuration file /etc/nginx/conf.d/dsm.synorelayd.conf: +location ~ ^/webman/pingpong.cgi { + default_type text/plain; + root /usr/syno/synoman; + if ($arg_quickconnect) { + add_header Access-Control-Allow-Origin *; + return 200 '{"success": true, "ezid": "7a392a5bf75f985997202aff4ba36a52"}'; + } + include scgi_params; + scgi_pass synoscgi; +} + +# configuration file /etc/nginx/proxy.conf: +proxy_set_header X-Forwarded-By $server_addr; +proxy_set_header X-Real-IP $remote_addr; +proxy_set_header X-Forwarded-Proto $scheme; +proxy_set_header X-Forwarded-Port $server_port; +proxy_set_header Host $http_host; +proxy_set_header Upgrade $http_upgrade; +proxy_http_version 1.1; + +# configuration file /etc/nginx/conf.d/ssl.compress.conf: +gzip off; + +# configuration file /usr/syno/etc/www/certificate/system_quickconnect/cert.conf: +ssl_certificate /usr/syno/etc/www/certificate/system_quickconnect/d3efac81-5201-430a-b1e1-889a54749cc2.pem; +ssl_certificate_key /usr/syno/etc/www/certificate/system_quickconnect/5aa70095-d40d-4c78-a844-5e8b213263f7.pem; +ssl_certificate /usr/syno/etc/www/certificate/system_quickconnect/75f7d883-2982-40cc-aaa1-dff3a6384c39.pem; +ssl_certificate_key /usr/syno/etc/www/certificate/system_quickconnect/d65137ec-841c-442d-8938-0f7fb7649778.pem; + +# configuration file /usr/syno/etc/security-profile/tls-profile/config/system_quickconnect.conf: + + +ssl_protocols TLSv1.2 TLSv1.3; +ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305; +ssl_dhparam /usr/syno/etc/ssl/dh2048.pem; + + +# configuration file /etc/nginx/conf.d/www.webservice_portal_6ba05a28-ac75-407d-8d06-a6df656d49c4.conf: + +location = /phpmyadmin { + rewrite ^/(.*)$ $1/ permanent; +} + +include conf.d/.service.6ba05a28-ac75-407d-8d06-a6df656d49c4.2202361b-2b4d-44a7-b676-811dc36c570c.conf*; + +location ~ ^/phpmyadmin/ { + + include conf.d/.webstation.error_page.default.conf*; + + return 404; +} + +# configuration file /etc/nginx/conf.d/.service.6ba05a28-ac75-407d-8d06-a6df656d49c4.2202361b-2b4d-44a7-b676-811dc36c570c.conf: + +location ^~ /phpmyadmin/ { + + include conf.d/.webstation.error_page.default.conf*; + + location = /phpmyadmin/ { + alias "/var/services/web_packages/phpmyadmin/"; + } + + alias "/var/services/web_packages/phpmyadmin/"; + index index.php index.htm index.html; + + location ~* \.(php[345]?|phtml)$ { + fastcgi_pass unix:/run/php-fpm/php-2202361b-2b4d-44a7-b676-811dc36c570c.sock; + + fastcgi_connect_timeout 60s; + fastcgi_read_timeout 3600s; + fastcgi_send_timeout 60s; + + fastcgi_param SCRIPT_FILENAME $request_filename; + + fastcgi_param QUERY_STRING $query_string; + + fastcgi_param REQUEST_METHOD $request_method; + + fastcgi_param CONTENT_TYPE $content_type; + + fastcgi_param CONTENT_LENGTH $content_length; + + fastcgi_param SCRIPT_NAME $fastcgi_script_name; + + fastcgi_param REQUEST_URI $request_uri; + + fastcgi_param DOCUMENT_URI $document_uri; + + fastcgi_param DOCUMENT_ROOT $document_root; + + fastcgi_param SERVER_PROTOCOL $server_protocol; + + fastcgi_param REQUEST_SCHEME $scheme; + + fastcgi_param HTTPS $https if_not_empty; + + fastcgi_param GATEWAY_INTERFACE CGI/1.1; + + fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; + + fastcgi_param REMOTE_ADDR $remote_addr; + + fastcgi_param REMOTE_PORT $remote_port; + + fastcgi_param SERVER_ADDR $server_addr; + + fastcgi_param SERVER_PORT $server_port; + + fastcgi_param SERVER_NAME $server_name; + + fastcgi_param REDIRECT_STATUS 200; + + include /usr/local/etc/nginx/conf.d/2202361b-2b4d-44a7-b676-811dc36c570c/fastcgi.conf*; + } + + include /usr/local/etc/nginx/conf.d/2202361b-2b4d-44a7-b676-811dc36c570c/user.conf*; + +} + + +# configuration file /etc/nginx/conf.d/.webstation.error_page.default.conf: + + +error_page 400 /webstation_error_page_custom_default_400; + +error_page 401 /webstation_error_page_custom_default_401; + +error_page 402 /webstation_error_page_custom_default_402; + +error_page 403 /webstation_error_page_custom_default_403; + +error_page 404 /webstation_error_page_custom_default_404; + +error_page 405 /webstation_error_page_custom_default_405; + +error_page 406 /webstation_error_page_custom_default_406; + +error_page 407 /webstation_error_page_custom_default_407; + +error_page 408 /webstation_error_page_custom_default_408; + +error_page 500 /webstation_error_page_custom_default_500; + +error_page 501 /webstation_error_page_custom_default_501; + +error_page 502 /webstation_error_page_custom_default_502; + +error_page 503 /webstation_error_page_custom_default_503; + +error_page 504 /webstation_error_page_custom_default_504; + +error_page 505 /webstation_error_page_custom_default_505; + +error_page 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 /webstation_error_page_custom_default_default; + +# configuration file /etc/nginx/conf.d/.location.webstation.conf: +location ~ ^/~([^\/]*)/ { + proxy_ignore_headers X-Accel-Redirect; + proxy_read_timeout 3600s; + proxy_set_header X-Forwarded-By $server_addr; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-HTTPS $https; + proxy_set_header X-Port $server_port; + proxy_set_header X-Real-Port $remote_port; + proxy_set_header Host $http_host; + proxy_set_header Upgrade $http_upgrade; + proxy_http_version 1.1; + proxy_intercept_errors off; + + error_page 404 /_webstation_/404.html; + return 404; + +} + +location ^~ /_webstation_/ { + alias /var/packages/WebStation/target/error_page/; +} + +include conf.d/.webstation.error_page.*.resource.conf*; + +location ~ ^ { + proxy_ignore_headers X-Accel-Redirect; + proxy_read_timeout 3600s; + proxy_set_header X-Forwarded-By $server_addr; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-HTTPS $https; + proxy_set_header X-Port $server_port; + proxy_set_header X-Real-Port $remote_port; + proxy_set_header Host $http_host; + proxy_set_header Upgrade $http_upgrade; + proxy_http_version 1.1; + proxy_intercept_errors off; + proxy_redirect http:// $scheme://; + + error_page 502 /_webstation_/$status.html; + proxy_pass http://unix:/run/webstation_default.sock; +} +# configuration file /etc/nginx/conf.d/.webstation.error_page.default.resource.conf: + + +location ~ /webstation_error_page_custom_default_400 { + internal; + root /var/packages/WebStation/var/error_page/default; + rewrite ^ /336f5e0b-f250-45db-b124-cab3c77adc5f.html break; + allow all; +} + +location ~ /webstation_error_page_custom_default_401 { + internal; + root /var/packages/WebStation/var/error_page/default; + rewrite ^ /e1ff34ae-678b-4c6d-9c75-f05f61461351.html break; + allow all; +} + +location ~ /webstation_error_page_custom_default_402 { + internal; + root /var/packages/WebStation/var/error_page/default; + rewrite ^ /01bec347-ca0a-4501-88f0-c24d0fa952ba.html break; + allow all; +} + +location ~ /webstation_error_page_custom_default_403 { + internal; + root /var/packages/WebStation/var/error_page/default; + rewrite ^ /8e0b3b6c-dbf8-449c-836f-0415c8b104fe.html break; + allow all; +} + +location ~ /webstation_error_page_custom_default_404 { + internal; + root /var/packages/WebStation/var/error_page/default; + rewrite ^ /9afb9e7a-d57c-4d5c-998e-70f62d9eaf6f.html break; + allow all; +} + +location ~ /webstation_error_page_custom_default_405 { + internal; + root /var/packages/WebStation/var/error_page/default; + rewrite ^ /e49ab32b-1ee6-4b35-8790-06667e81e2aa.html break; + allow all; +} + +location ~ /webstation_error_page_custom_default_406 { + internal; + root /var/packages/WebStation/var/error_page/default; + rewrite ^ /050fd3fb-2bb7-4b3f-ac11-c323ac5bae5a.html break; + allow all; +} + +location ~ /webstation_error_page_custom_default_407 { + internal; + root /var/packages/WebStation/var/error_page/default; + rewrite ^ /43e2f964-a2f5-4d8d-85b3-759e097c3020.html break; + allow all; +} + +location ~ /webstation_error_page_custom_default_408 { + internal; + root /var/packages/WebStation/var/error_page/default; + rewrite ^ /0f14ba31-a600-4bdc-a961-b78402e0b9fb.html break; + allow all; +} + +location ~ /webstation_error_page_custom_default_500 { + internal; + root /var/packages/WebStation/var/error_page/default; + rewrite ^ /70a86fb4-28dc-4e01-af28-4e984b4c0bff.html break; + allow all; +} + +location ~ /webstation_error_page_custom_default_501 { + internal; + root /var/packages/WebStation/var/error_page/default; + rewrite ^ /847c60bb-816b-45ab-af50-bff6ea2c17d9.html break; + allow all; +} + +location ~ /webstation_error_page_custom_default_502 { + internal; + root /var/packages/WebStation/var/error_page/default; + rewrite ^ /acba7191-33ca-49ba-9aeb-bba7e98e642f.html break; + allow all; +} + +location ~ /webstation_error_page_custom_default_503 { + internal; + root /var/packages/WebStation/var/error_page/default; + rewrite ^ /0605e1eb-d793-4dba-bfa8-44dc61bd3e0f.html break; + allow all; +} + +location ~ /webstation_error_page_custom_default_504 { + internal; + root /var/packages/WebStation/var/error_page/default; + rewrite ^ /bc7e53bc-2149-4d0c-8759-6ec7738c3ab2.html break; + allow all; +} + +location ~ /webstation_error_page_custom_default_505 { + internal; + root /var/packages/WebStation/var/error_page/default; + rewrite ^ /42fe9463-b04d-48ea-991a-88578696484f.html break; + allow all; +} + +location ~ /webstation_error_page_custom_default_default { + internal; + root /var/packages/WebStation/var/error_page/default; + rewrite ^ /e6977d21-8af9-43a7-9717-6e3b656e4d3e.html break; + allow all; +} + + +# configuration file /etc/nginx/sites-enabled/server.ReverseProxy.conf: + + +# configuration file /etc/nginx/sites-enabled/server.webstation.conf: +server { + listen unix:/run/webstation_default.sock; + root /var/services/web; + index index.html index.php index.cgi; + + set_real_ip_from unix:; + real_ip_header X-Real-IP; + + fastcgi_param QUERY_STRING $query_string; + fastcgi_param REQUEST_METHOD $request_method; + fastcgi_param CONTENT_TYPE $content_type; + fastcgi_param CONTENT_LENGTH $content_length; + + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param SCRIPT_NAME $fastcgi_script_name; + fastcgi_param REQUEST_URI $request_uri; + fastcgi_param DOCUMENT_URI $document_uri; + fastcgi_param DOCUMENT_ROOT $document_root; + fastcgi_param SERVER_PROTOCOL $server_protocol; + fastcgi_param HTTPS $http_x_https if_not_empty; + fastcgi_param GATEWAY_INTERFACE CGI/1.1; + fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; + + fastcgi_param REMOTE_ADDR $remote_addr; + fastcgi_param REMOTE_PORT $http_x_real_port; + fastcgi_param SERVER_ADDR $http_x_forwarded_by; + fastcgi_param SERVER_PORT $http_x_port; + fastcgi_param SERVER_NAME $host; + fastcgi_param REDIRECT_STATUS 200; + fastcgi_intercept_errors on; + fastcgi_read_timeout 3600s; + + include conf.d/.webstation.error_page.default.conf*; + + include conf.d/.webstation.error_page.default.resource.conf*; + + location ^~ /_webstation_/ { + alias /var/packages/WebStation/target/error_page/; + } + location ~* \.(php[345]?|phtml)$ { + + fastcgi_pass unix:/run/php-fpm/php-b9a41bca-af4e-11e9-9fc0-6335258c6d96.sock; + + } + location ~* \.cgi { + fastcgi_pass unix:/run/fcgiwrap.sock; + } +} + +# configuration file /etc/nginx/sites-enabled/synowstransfer-nginx.conf: +server { + listen 5357 default_server; + listen [::]:5357 default_server; + + location / { + proxy_pass http://unix:/tmp/synowstransfer.sock; + } +} + +# configuration file /etc/nginx/sites-enabled/webservice_portal_2cb0caad-5034-43b1-8f49-32aa6aafb709: + + +server { + + listen 8085 default_server; + listen [::]:8085 default_server; + + server_name _; + + error_log /var/packages/WebStation/var/log/nginx_error_log warn; + + include /usr/syno/etc/www/certificate/WebStation_2cb0caad-5034-43b1-8f49-32aa6aafb709/cert.conf*; + + include /usr/syno/etc/security-profile/tls-profile/config/WebStation_2cb0caad-5034-43b1-8f49-32aa6aafb709.conf*; + + ssl_prefer_server_ciphers on; + + include conf.d/.webstation.error_page.default.conf*; + + include conf.d/.webstation.error_page.default.resource.conf*; + + location / { + return 404; + } + +} + + +# configuration file /usr/syno/etc/www/certificate/WebStation_2cb0caad-5034-43b1-8f49-32aa6aafb709/cert.conf: +ssl_certificate /usr/syno/etc/www/certificate/WebStation_2cb0caad-5034-43b1-8f49-32aa6aafb709/ff57f193-ecaa-4582-b0e2-b54827f840b0.pem; +ssl_certificate_key /usr/syno/etc/www/certificate/WebStation_2cb0caad-5034-43b1-8f49-32aa6aafb709/624f702e-6a48-464d-9415-f504f14f5c9e.pem; + +# configuration file /usr/syno/etc/security-profile/tls-profile/config/WebStation_2cb0caad-5034-43b1-8f49-32aa6aafb709.conf: + + +ssl_protocols TLSv1.2 TLSv1.3; +ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305; +ssl_dhparam /usr/syno/etc/ssl/dh2048.pem; + + +# configuration file /etc/nginx/sites-enabled/webservice_portal_33a79a7d-ab22-4caa-aa38-3ab94a23f6e5: + + +server { + + listen 8087 default_server; + listen [::]:8087 default_server; + + server_name _; + + error_log /var/packages/WebStation/var/log/nginx_error_log warn; + + include /usr/syno/etc/www/certificate/WebStation_33a79a7d-ab22-4caa-aa38-3ab94a23f6e5/cert.conf*; + + include /usr/syno/etc/security-profile/tls-profile/config/WebStation_33a79a7d-ab22-4caa-aa38-3ab94a23f6e5.conf*; + + ssl_prefer_server_ciphers on; + + include conf.d/.webstation.error_page.default.conf*; + + include conf.d/.webstation.error_page.default.resource.conf*; + + location / { + return 404; + } + +} + + +# configuration file /usr/syno/etc/www/certificate/WebStation_33a79a7d-ab22-4caa-aa38-3ab94a23f6e5/cert.conf: +ssl_certificate /usr/syno/etc/www/certificate/WebStation_33a79a7d-ab22-4caa-aa38-3ab94a23f6e5/8b6cc71f-e8f0-4283-a69e-ce49e11971ae.pem; +ssl_certificate_key /usr/syno/etc/www/certificate/WebStation_33a79a7d-ab22-4caa-aa38-3ab94a23f6e5/88db9094-5dbb-44b3-8485-b16cd59795ad.pem; + +# configuration file /usr/syno/etc/security-profile/tls-profile/config/WebStation_33a79a7d-ab22-4caa-aa38-3ab94a23f6e5.conf: + + +ssl_protocols TLSv1.2 TLSv1.3; +ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305; +ssl_dhparam /usr/syno/etc/ssl/dh2048.pem; + + +# configuration file /etc/nginx/sites-enabled/webservice_portal_7531c0cc-0fb8-43c3-9765-d9713c59493e: + + +server { + + listen 50010 default_server; + listen [::]:50010 default_server; + + server_name _; + + error_log /var/packages/WebStation/var/log/nginx_error_log warn; + + include /usr/syno/etc/www/certificate/WebStation_7531c0cc-0fb8-43c3-9765-d9713c59493e/cert.conf*; + + include /usr/syno/etc/security-profile/tls-profile/config/WebStation_7531c0cc-0fb8-43c3-9765-d9713c59493e.conf*; + + ssl_prefer_server_ciphers on; + + include conf.d/.webstation.error_page.default.conf*; + + include conf.d/.webstation.error_page.default.resource.conf*; + + location / { + return 404; + } + +} + + +# configuration file /usr/syno/etc/www/certificate/WebStation_7531c0cc-0fb8-43c3-9765-d9713c59493e/cert.conf: +ssl_certificate /usr/syno/etc/www/certificate/WebStation_7531c0cc-0fb8-43c3-9765-d9713c59493e/2de8a8b3-e227-4f99-bcfe-ab3cbd6465d8.pem; +ssl_certificate_key /usr/syno/etc/www/certificate/WebStation_7531c0cc-0fb8-43c3-9765-d9713c59493e/7ad5d52a-3a0a-4121-991e-18cf907f934b.pem; + +# configuration file /usr/syno/etc/security-profile/tls-profile/config/WebStation_7531c0cc-0fb8-43c3-9765-d9713c59493e.conf: + + +ssl_protocols TLSv1.2 TLSv1.3; +ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305; +ssl_dhparam /usr/syno/etc/ssl/dh2048.pem; + + +# configuration file /etc/nginx/sites-enabled/webservice_portal_8059b45e-e99d-4a75-8ac5-b2d006061963: + + +server { + + listen 80; + listen [::]:80; + + server_name nas-ntc3.stc-spb.ru ; + + if ( $host !~ "(^nas-ntc3.stc-spb.ru$)" ) { return 404; } + + error_log /var/packages/WebStation/var/log/nginx_error_log warn; + + include /usr/syno/etc/www/certificate/WebStation_8059b45e-e99d-4a75-8ac5-b2d006061963/cert.conf*; + + include /usr/syno/etc/security-profile/tls-profile/config/WebStation_8059b45e-e99d-4a75-8ac5-b2d006061963.conf*; + + ssl_prefer_server_ciphers on; + + location ^~ /.well-known/acme-challenge { + root /var/lib/letsencrypt; + default_type text/plain; + } + + include conf.d/.webstation.error_page.default.conf*; + + include conf.d/.webstation.error_page.default.resource.conf*; + + include conf.d/.service.8059b45e-e99d-4a75-8ac5-b2d006061963.4e8330be-1351-43d8-a63e-cfff736f5d8b.conf*; + +} + + +# configuration file /usr/syno/etc/www/certificate/WebStation_8059b45e-e99d-4a75-8ac5-b2d006061963/cert.conf: +ssl_certificate /usr/syno/etc/www/certificate/WebStation_8059b45e-e99d-4a75-8ac5-b2d006061963/a6c94283-c1af-40dd-b550-3991ca6589b0.pem; +ssl_certificate_key /usr/syno/etc/www/certificate/WebStation_8059b45e-e99d-4a75-8ac5-b2d006061963/3f3d2818-d7b7-4436-8d48-d6d4383c4404.pem; + +# configuration file /usr/syno/etc/security-profile/tls-profile/config/WebStation_8059b45e-e99d-4a75-8ac5-b2d006061963.conf: + + +ssl_protocols TLSv1.2 TLSv1.3; +ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305; +ssl_dhparam /usr/syno/etc/ssl/dh2048.pem; + + +# configuration file /etc/nginx/conf.d/.service.8059b45e-e99d-4a75-8ac5-b2d006061963.4e8330be-1351-43d8-a63e-cfff736f5d8b.conf: + + + location ~ / { + + proxy_connect_timeout 300s; + proxy_read_timeout 300s; + proxy_send_timeout 300s; + + proxy_pass http://127.0.0.1:915; + + proxy_set_header X-Forwarded-By $server_addr; + + proxy_set_header X-Real-IP $remote_addr; + + proxy_set_header X-Forwarded-Proto $scheme; + + proxy_set_header X-Forwarded-Port $server_port; + + proxy_set_header Host $http_host; + + proxy_set_header Upgrade $http_upgrade; + + proxy_set_header Connection $connection_upgrade; + + proxy_http_version 1.1; + + include /usr/local/etc/nginx/conf.d/4e8330be-1351-43d8-a63e-cfff736f5d8b/proxy.conf*; + } + + include /usr/local/etc/nginx/conf.d/4e8330be-1351-43d8-a63e-cfff736f5d8b/user.conf*; + + +# configuration file /etc/nginx/sites-enabled/webservice_portal_b9ee969b-7e47-4383-a293-c630b5877830: + + +server { + + listen 50011 default_server; + listen [::]:50011 default_server; + + server_name _; + + error_log /var/packages/WebStation/var/log/nginx_error_log warn; + + include /usr/syno/etc/www/certificate/WebStation_b9ee969b-7e47-4383-a293-c630b5877830/cert.conf*; + + include /usr/syno/etc/security-profile/tls-profile/config/WebStation_b9ee969b-7e47-4383-a293-c630b5877830.conf*; + + ssl_prefer_server_ciphers on; + + include conf.d/.webstation.error_page.default.conf*; + + include conf.d/.webstation.error_page.default.resource.conf*; + + location / { + return 404; + } + +} + + +# configuration file /usr/syno/etc/www/certificate/WebStation_b9ee969b-7e47-4383-a293-c630b5877830/cert.conf: +ssl_certificate /usr/syno/etc/www/certificate/WebStation_b9ee969b-7e47-4383-a293-c630b5877830/3e42a9d2-2900-4ca0-ae05-d0b7c37dfc5b.pem; +ssl_certificate_key /usr/syno/etc/www/certificate/WebStation_b9ee969b-7e47-4383-a293-c630b5877830/ed4b380a-449b-47d6-adfc-23447835042c.pem; + +# configuration file /usr/syno/etc/security-profile/tls-profile/config/WebStation_b9ee969b-7e47-4383-a293-c630b5877830.conf: + + +ssl_protocols TLSv1.2 TLSv1.3; +ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305; +ssl_dhparam /usr/syno/etc/ssl/dh2048.pem; + + From 594107efb97b4ee48d803d8ea14cea46c9a49e6e Mon Sep 17 00:00:00 2001 From: Jester Date: Mon, 19 Jan 2026 11:43:37 +0300 Subject: [PATCH 4/7] =?UTF-8?q?=D0=9A=D1=80=D0=B0=D1=81=D1=8F=D0=B2=D0=BE?= =?UTF-8?q?=D1=81=D1=82=D0=B8?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- css/auth.css | 14 ++++++++++++++ index.html | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++-- login.html | 15 ++------------- 3 files changed, 66 insertions(+), 15 deletions(-) create mode 100644 css/auth.css diff --git a/css/auth.css b/css/auth.css new file mode 100644 index 0000000..f992f5c --- /dev/null +++ b/css/auth.css @@ -0,0 +1,14 @@ +.btn-primary { + width: 100%; + padding: 10px 12px; + border: none; + border-radius: 8px; + background: #3b82f6; + color: #fff; + font-size: 15px; + cursor: pointer; + transition: background 0.2s; +} +.btn-primary:hover { + background: #2563eb; +} diff --git a/index.html b/index.html index e9f0633..3d64776 100644 --- a/index.html +++ b/index.html @@ -1,11 +1,59 @@ + + Личный кабинет + + -
- +
+
+
+ +
+
- + + +
- + +
+
+
+
+ Комплект стендов учебных комплекса с БЛА БлД СТ АЦИЕ.01181-01 +
+
+ + + +
+ + +
+
+ + БЛА БлД СТ «Орлан-7» + +
+
+
+
+
+ БЛА БлД СТ «Орлан-7» +
+
+ Силовая установка БЛА БлД СТ «Орлан-7» +
+
+ САУ БЛА БлД СТ «Орлан-7» +
+
+ Система посадки БЛА БлД СТ «Орлан-7» +
+
+
+ +
- \ No newline at end of file + diff --git a/js/auth.js b/js/auth.js index c52c20b..6a3d5cb 100644 --- a/js/auth.js +++ b/js/auth.js @@ -48,14 +48,12 @@ if (document.getElementById('loginForm')) { if (!data.site_alias) { const metaAlias = document.querySelector('meta[name="site-alias"]'); if (metaAlias && metaAlias.content) { - data.site_alias = metaAlias.content.trim().toLowerCase(); + data.site_alias = metaAlias.content.trim(); } else { const path = window.location.pathname.replace(/\/+$/, ''); const parts = path.split('/').filter(Boolean); - data.site_alias = (parts[0] || 'root').toLowerCase(); + data.site_alias = parts[0] || 'root'; } - } else if (typeof data.site_alias === 'string') { - data.site_alias = data.site_alias.trim().toLowerCase(); } const result = await sendRequest('api/login.php', data); diff --git a/login.html b/login.html index 25386eb..fa53929 100644 --- a/login.html +++ b/login.html @@ -3,83 +3,14 @@ - Вход + - + Вход

Вход

-

Введите логин и пароль для доступа

+

Для доступа к стенду авторизуйтесь

@@ -89,9 +20,9 @@
- +
-
Доступ только для зарегистрированных пользователей
+
Доступ выдается по согласованию с комиссией ПДТК и с ГК ОКР
diff --git a/nginx_T.txt b/nginx_T.txt deleted file mode 100644 index d30b2c5..0000000 --- a/nginx_T.txt +++ /dev/null @@ -1,1786 +0,0 @@ -# configuration file /etc/nginx/nginx.conf: -# Copyright (c) 2000-2017 Synology Inc. All rights reserved. - -worker_processes auto; -#worker_cpu_affinity auto; -worker_rlimit_nofile 65535; - -include conf.d/main.*.conf; - -events { - use epoll; - multi_accept on; - accept_mutex off; - worker_connections 1024; - - include conf.d/events.*.conf; -} - -http { - include mime.types; - default_type application/octet-stream; - - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - - access_log off; - #access_log syslog:server=unix:/dev/log,facility=local7,tag=nginx_access,nohostname main; - error_log syslog:server=unix:/dev/log,facility=local7,tag=nginx_error,nohostname error; - - tcp_nopush on; - tcp_nodelay on; - - sendfile on; - server_tokens off; - - proxy_request_buffering off; - fastcgi_request_buffering off; - scgi_request_buffering off; - - proxy_buffering off; - fastcgi_buffering off; - scgi_buffering off; - - resolver_timeout 5s; - client_header_timeout 10s; - client_body_timeout 60s; - send_timeout 60s; - keepalive_timeout 65s 20s; - client_max_body_size 0; - http2_max_client_body_buffer_size 8m; - server_names_hash_max_size 8192; - server_names_hash_bucket_size 128; - - include /usr/syno/etc/www/certificate/system_default/cert.conf*; - include /usr/syno/etc/security-profile/tls-profile/config/dsm.conf*; - ssl_prefer_server_ciphers on; - - ssl_session_tickets off; - ssl_session_cache shared:SSL:1m; - ssl_session_timeout 3600s; - - ssl_early_data off; - - real_ip_header X-Forwarded-For; - real_ip_recursive on; - set_real_ip_from 127.0.0.1; - - include /var/tmp/nginx/trusted_proxy/*.conf; - - default_listen_option ssl_http2; - - map $http_upgrade $connection_upgrade { - default upgrade; - '' close; - } - - server_tag "nginx"; - - gzip_disable "msie6"; - gzip_min_length 1000; - gzip_types text/plain text/css application/javascript application/json; - gzip_vary on; - gzip_static on; - - open_file_cache max=1000 inactive=60s; - open_file_cache_valid 3s; - open_file_cache_min_uses 2; - open_file_cache_errors on; - - upstream synoscgi { - server unix:/run/synoscgi.sock; - } - - upstream synoscgi.sock { - server unix:/run/synoscgi_socket.sock; - } - - upstream synoscgi_restfulapi { - server unix:/run/synoscgi_restfulapi.sock; - } - - index index.html index.htm index.php; - - server { - listen 5000 default_server; - listen [::]:5000 default_server; - - server_name _; - - gzip on; - - include conf.d/alias.*.conf; - root /usr/syno/synoman; - index index.cgi; - - ignore_invalid_headers off; - - include /usr/syno/share/nginx/conf.d/dsm.*.conf; - include conf.d/dsm.*.conf; - - location = / { - try_files $uri /index.cgi$is_args$query_string; - } - - location ~ ^/volume(?:X|USB|SATA|Gluster)?\d+/ { - internal; - - root /; - - open_file_cache off; - - include conf.d/x-accel.*.conf; - } - - location ~ /webman/modules/(PersonalSettings|ExternalDevices|FileBrowser)/index_ds.php$ { - alias /usr/syno/share/OAuth/index_ds.php; - default_type text/html; - } - - location ~ \.cgi { - include scgi_params; - scgi_pass synoscgi; - - scgi_read_timeout 3600s; - } - - location ~ /synoscgi.sock/socket.io/ { - proxy_read_timeout 3600s; - include proxy.conf; - rewrite /synoscgi.sock/(.*)$ /$1 break; - proxy_set_header Connection $connection_upgrade; - proxy_pass http://synoscgi.sock; - - } - - location ~ /api/ { - include scgi_params; - scgi_pass synoscgi_restfulapi; - - scgi_read_timeout 3600s; - } - - error_page 403 404 500 502 503 504 /dsm_error_page; - - location /dsm_error_page { - internal; - root /usr/syno/share/nginx; - rewrite (.*) /error.html break; - allow all; - } - - location ~ ^/webman/modules/Indexer/ { - deny all; - } - - location ~ ^/webapi/lib/ { - deny all; - } - - location ~ ^/webapi/(:?(:?.*)\.lib|(:?.*)\.api|(:?.*)\.auth|lib.def)$ { - deny all; - } - - location ~ /\. { access_log off; log_not_found off; deny all; } - - location ~* \.(?:js|css|png|jpg|gif|ico)$ { - access_log off; - log_not_found off; - } - - location = /favicon.ico { - access_log off; - log_not_found off; - } - - location = /robots.txt { - allow all; - access_log off; - log_not_found off; - } - - } - - server { - listen 5001 default_server ssl; - listen [::]:5001 default_server ssl; - - server_name _; - - include conf.d/ssl.*.conf; - - include conf.d/alias.*.conf; - root /usr/syno/synoman; - index index.cgi; - - ignore_invalid_headers off; - - include /usr/syno/share/nginx/conf.d/dsm.*.conf; - include conf.d/dsm.*.conf; - - location = / { - try_files $uri /index.cgi$is_args$query_string; - } - - location ~ ^/volume(?:X|USB|SATA|Gluster)?\d+/ { - internal; - - root /; - - open_file_cache off; - - include conf.d/x-accel.*.conf; - } - - location ~ /webman/modules/(PersonalSettings|ExternalDevices|FileBrowser)/index_ds.php$ { - alias /usr/syno/share/OAuth/index_ds.php; - default_type text/html; - } - - location ~ \.cgi { - include scgi_params; - scgi_pass synoscgi; - - scgi_read_timeout 3600s; - } - - location ~ /synoscgi.sock/socket.io/ { - proxy_read_timeout 3600s; - include proxy.conf; - rewrite /synoscgi.sock/(.*)$ /$1 break; - proxy_set_header Connection $connection_upgrade; - proxy_pass http://synoscgi.sock; - - } - - location ~ /api/ { - include scgi_params; - scgi_pass synoscgi_restfulapi; - - scgi_read_timeout 3600s; - } - - error_page 403 404 500 502 503 504 /dsm_error_page; - - location /dsm_error_page { - internal; - root /usr/syno/share/nginx; - rewrite (.*) /error.html break; - allow all; - } - - location ~ ^/webman/modules/Indexer/ { - deny all; - } - - location ~ ^/webapi/lib/ { - deny all; - } - - location ~ ^/webapi/(:?(:?.*)\.lib|(:?.*)\.api|(:?.*)\.auth|lib.def)$ { - deny all; - } - - location ~ /\. { access_log off; log_not_found off; deny all; } - - location ~* \.(?:js|css|png|jpg|gif|ico)$ { - access_log off; - log_not_found off; - } - - location = /favicon.ico { - access_log off; - log_not_found off; - } - - location = /robots.txt { - allow all; - access_log off; - log_not_found off; - } - - } - - server { - listen 5000; - listen [::]:5000; - - server_name ntc3-nas.direct.quickconnect.to *.ntc3-nas.direct.quickconnect.to; - set $fqdn $server_name; - - gzip on; - - include conf.d/alias.*.conf; - root /usr/syno/synoman; - index index.cgi; - - ignore_invalid_headers off; - - include /usr/syno/share/nginx/conf.d/dsm.*.conf; - include conf.d/dsm.*.conf; - - location = / { - try_files $uri /index.cgi$is_args$query_string; - } - - location ~ ^/volume(?:X|USB|SATA|Gluster)?\d+/ { - internal; - - root /; - - open_file_cache off; - - include conf.d/x-accel.*.conf; - } - - location ~ /webman/modules/(PersonalSettings|ExternalDevices|FileBrowser)/index_ds.php$ { - alias /usr/syno/share/OAuth/index_ds.php; - default_type text/html; - } - - location ~ \.cgi { - include scgi_params; - scgi_pass synoscgi; - - scgi_read_timeout 3600s; - } - - location ~ /synoscgi.sock/socket.io/ { - proxy_read_timeout 3600s; - include proxy.conf; - rewrite /synoscgi.sock/(.*)$ /$1 break; - proxy_set_header Connection $connection_upgrade; - proxy_pass http://synoscgi.sock; - - } - - location ~ /api/ { - include scgi_params; - scgi_pass synoscgi_restfulapi; - - scgi_read_timeout 3600s; - } - - error_page 403 404 500 502 503 504 /dsm_error_page; - - location /dsm_error_page { - internal; - root /usr/syno/share/nginx; - rewrite (.*) /error.html break; - allow all; - } - - location ~ ^/webman/modules/Indexer/ { - deny all; - } - - location ~ ^/webapi/lib/ { - deny all; - } - - location ~ ^/webapi/(:?(:?.*)\.lib|(:?.*)\.api|(:?.*)\.auth|lib.def)$ { - deny all; - } - - location ~ /\. { access_log off; log_not_found off; deny all; } - - location ~* \.(?:js|css|png|jpg|gif|ico)$ { - access_log off; - log_not_found off; - } - - location = /favicon.ico { - access_log off; - log_not_found off; - } - - location = /robots.txt { - allow all; - access_log off; - log_not_found off; - } - - } - - server { - listen 5001 ssl; - listen [::]:5001 ssl; - - server_name ntc3-nas.direct.quickconnect.to *.ntc3-nas.direct.quickconnect.to; - set $fqdn $server_name; - - location ^~ /.well-known/acme-challenge { - root /var/lib/letsencrypt; - default_type text/plain; - } - - include /usr/syno/etc/www/certificate/system_quickconnect/cert.conf*; - - include /usr/syno/etc/security-profile/tls-profile/config/system_quickconnect.conf*; - - include conf.d/ssl.*.conf; - - include conf.d/alias.*.conf; - root /usr/syno/synoman; - index index.cgi; - - ignore_invalid_headers off; - - include /usr/syno/share/nginx/conf.d/dsm.*.conf; - include conf.d/dsm.*.conf; - - location = / { - try_files $uri /index.cgi$is_args$query_string; - } - - location ~ ^/volume(?:X|USB|SATA|Gluster)?\d+/ { - internal; - - root /; - - open_file_cache off; - - include conf.d/x-accel.*.conf; - } - - location ~ /webman/modules/(PersonalSettings|ExternalDevices|FileBrowser)/index_ds.php$ { - alias /usr/syno/share/OAuth/index_ds.php; - default_type text/html; - } - - location ~ \.cgi { - include scgi_params; - scgi_pass synoscgi; - - scgi_read_timeout 3600s; - } - - location ~ /synoscgi.sock/socket.io/ { - proxy_read_timeout 3600s; - include proxy.conf; - rewrite /synoscgi.sock/(.*)$ /$1 break; - proxy_set_header Connection $connection_upgrade; - proxy_pass http://synoscgi.sock; - - } - - location ~ /api/ { - include scgi_params; - scgi_pass synoscgi_restfulapi; - - scgi_read_timeout 3600s; - } - - error_page 403 404 500 502 503 504 /dsm_error_page; - - location /dsm_error_page { - internal; - root /usr/syno/share/nginx; - rewrite (.*) /error.html break; - allow all; - } - - location ~ ^/webman/modules/Indexer/ { - deny all; - } - - location ~ ^/webapi/lib/ { - deny all; - } - - location ~ ^/webapi/(:?(:?.*)\.lib|(:?.*)\.api|(:?.*)\.auth|lib.def)$ { - deny all; - } - - location ~ /\. { access_log off; log_not_found off; deny all; } - - location ~* \.(?:js|css|png|jpg|gif|ico)$ { - access_log off; - log_not_found off; - } - - location = /favicon.ico { - access_log off; - log_not_found off; - } - - location = /robots.txt { - allow all; - access_log off; - log_not_found off; - } - - } - - server { - listen 80 default_server; - listen [::]:80 default_server; - - server_name _; - gzip on; - - location ~ ^/volume(?:X|USB|SATA|Gluster)?\d+/ { - internal; - - root /; - - open_file_cache off; - - include conf.d/x-accel.*.conf; - } - - include conf.d/alias.*.conf; - include /usr/syno/share/nginx/conf.d/www.*.conf; - include conf.d/www.*.conf; - - location = /webdefault/images/logo.jpg { - alias /usr/syno/share/nginx/logo.jpg; - } - - error_page 403 404 500 502 503 504 /dsm_error_page; - - location /dsm_error_page { - internal; - root /usr/syno/share/nginx; - rewrite (.*) /error.html break; - allow all; - } - - location ^~ /.well-known/acme-challenge { - root /var/lib/letsencrypt; - default_type text/plain; - } - - include conf.d/.location.webstation.conf*; - - location / { - root /var/tmp/nginx/html; - add_header Cache-Control 'no-cache'; - rewrite (.*) /redirect.html break; - } - - } - - server { - listen 443 default_server ssl; - listen [::]:443 default_server ssl; - server_name _; - - location ~ ^/volume(?:X|USB|SATA|Gluster)?\d+/ { - internal; - - root /; - - open_file_cache off; - - include conf.d/x-accel.*.conf; - } - - include conf.d/alias.*.conf; - include /usr/syno/share/nginx/conf.d/www.*.conf; - include conf.d/www.*.conf; - - location = /webdefault/images/logo.jpg { - alias /usr/syno/share/nginx/logo.jpg; - } - - error_page 403 404 500 502 503 504 /dsm_error_page; - - location /dsm_error_page { - internal; - root /usr/syno/share/nginx; - rewrite (.*) /error.html break; - allow all; - } - - location ^~ /.well-known/acme-challenge { - root /var/lib/letsencrypt; - default_type text/plain; - } - - include conf.d/.location.webstation.conf*; - - location / { - root /var/tmp/nginx/html; - add_header Cache-Control 'no-cache'; - rewrite (.*) /redirect.html break; - } - - } - - server { - listen 80; - listen [::]:80; - - server_name ntc3-nas.direct.quickconnect.to *.ntc3-nas.direct.quickconnect.to; - set $fqdn $server_name; - - gzip on; - - location ~ ^/volume(?:X|USB|SATA|Gluster)?\d+/ { - internal; - - root /; - - open_file_cache off; - - include conf.d/x-accel.*.conf; - } - - include conf.d/alias.*.conf; - include /usr/syno/share/nginx/conf.d/www.*.conf; - include conf.d/www.*.conf; - - location = /webdefault/images/logo.jpg { - alias /usr/syno/share/nginx/logo.jpg; - } - - error_page 403 404 500 502 503 504 /dsm_error_page; - - location /dsm_error_page { - internal; - root /usr/syno/share/nginx; - rewrite (.*) /error.html break; - allow all; - } - - location ^~ /.well-known/acme-challenge { - root /var/lib/letsencrypt; - default_type text/plain; - } - - include conf.d/.location.webstation.conf*; - - location / { - root /var/tmp/nginx/html; - add_header Cache-Control 'no-cache'; - rewrite (.*) /redirect.html break; - } - - } - - server { - listen 443 ssl; - listen [::]:443 ssl; - - server_name ntc3-nas.direct.quickconnect.to *.ntc3-nas.direct.quickconnect.to; - set $fqdn $server_name; - - include /usr/syno/etc/www/certificate/system_quickconnect/cert.conf*; - - include /usr/syno/etc/security-profile/tls-profile/config/system_quickconnect.conf*; - - location ~ ^/volume(?:X|USB|SATA|Gluster)?\d+/ { - internal; - - root /; - - open_file_cache off; - - include conf.d/x-accel.*.conf; - } - - include conf.d/alias.*.conf; - include /usr/syno/share/nginx/conf.d/www.*.conf; - include conf.d/www.*.conf; - - location = /webdefault/images/logo.jpg { - alias /usr/syno/share/nginx/logo.jpg; - } - - error_page 403 404 500 502 503 504 /dsm_error_page; - - location /dsm_error_page { - internal; - root /usr/syno/share/nginx; - rewrite (.*) /error.html break; - allow all; - } - - location ^~ /.well-known/acme-challenge { - root /var/lib/letsencrypt; - default_type text/plain; - } - - include conf.d/.location.webstation.conf*; - - location / { - root /var/tmp/nginx/html; - add_header Cache-Control 'no-cache'; - rewrite (.*) /redirect.html break; - } - - } - - include conf.d/http.*.conf; - include sites-enabled/*; -} - -# configuration file /etc/nginx/conf.d/main.login_rate_limit.conf: - -# configuration file /etc/nginx/mime.types: - -types { - text/html html htm shtml; - text/css css; - text/xml xml; - image/gif gif; - image/jpeg jpeg jpg; - application/javascript js; - application/atom+xml atom; - application/rss+xml rss; - - text/mathml mml; - text/plain txt; - text/vnd.sun.j2me.app-descriptor jad; - text/vnd.wap.wml wml; - text/x-component htc; - - image/avif avif; - image/png png; - image/svg+xml svg svgz; - image/tiff tif tiff; - image/vnd.wap.wbmp wbmp; - image/webp webp; - image/x-icon ico; - image/x-jng jng; - image/x-ms-bmp bmp; - - font/woff woff; - font/woff2 woff2; - - application/java-archive jar war ear; - application/json json; - application/mac-binhex40 hqx; - application/msword doc; - application/pdf pdf; - application/postscript ps eps ai; - application/rtf rtf; - application/vnd.apple.mpegurl m3u8; - application/vnd.google-earth.kml+xml kml; - application/vnd.google-earth.kmz kmz; - application/vnd.ms-excel xls; - application/vnd.ms-fontobject eot; - application/vnd.ms-powerpoint ppt; - application/vnd.oasis.opendocument.graphics odg; - application/vnd.oasis.opendocument.presentation odp; - application/vnd.oasis.opendocument.spreadsheet ods; - application/vnd.oasis.opendocument.text odt; - application/vnd.openxmlformats-officedocument.presentationml.presentation - pptx; - application/vnd.openxmlformats-officedocument.spreadsheetml.sheet - xlsx; - application/vnd.openxmlformats-officedocument.wordprocessingml.document - docx; - application/vnd.wap.wmlc wmlc; - application/wasm wasm; - application/x-7z-compressed 7z; - application/x-cocoa cco; - application/x-java-archive-diff jardiff; - application/x-java-jnlp-file jnlp; - application/x-makeself run; - application/x-perl pl pm; - application/x-pilot prc pdb; - application/x-rar-compressed rar; - application/x-redhat-package-manager rpm; - application/x-sea sea; - application/x-shockwave-flash swf; - application/x-stuffit sit; - application/x-tcl tcl tk; - application/x-x509-ca-cert der pem crt; - application/x-xpinstall xpi; - application/xhtml+xml xhtml; - application/xspf+xml xspf; - application/zip zip; - - application/octet-stream bin exe dll; - application/octet-stream deb; - application/octet-stream dmg; - application/octet-stream iso img; - application/octet-stream msi msp msm; - - audio/midi mid midi kar; - audio/mpeg mp3; - audio/ogg ogg; - audio/x-m4a m4a; - audio/x-realaudio ra; - - video/3gpp 3gpp 3gp; - video/mp2t ts; - video/mp4 mp4; - video/mpeg mpeg mpg; - video/quicktime mov; - video/webm webm; - video/x-flv flv; - video/x-m4v m4v; - video/x-mng mng; - video/x-ms-asf asx asf; - video/x-ms-wmv wmv; - video/x-msvideo avi; - -# Synology added mime type - application/wasm wasm; -} - -# configuration file /usr/syno/etc/www/certificate/system_default/cert.conf: -ssl_certificate /usr/syno/etc/www/certificate/system_default/03ed964b-e07d-4b55-9581-d4e274f27b7e.pem; -ssl_certificate_key /usr/syno/etc/www/certificate/system_default/bb4c1379-b658-4d7e-a3af-066a6171c339.pem; - -# configuration file /usr/syno/etc/security-profile/tls-profile/config/dsm.conf: - - -ssl_protocols TLSv1.2 TLSv1.3; -ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305; -ssl_dhparam /usr/syno/etc/ssl/dh2048.pem; - - -# configuration file /usr/syno/share/nginx/conf.d/dsm.PackageCenter.conf: -location ^~ /pkgimage { - internal; - alias /var/cache/synopkg/lfs/image; -} - -# configuration file /usr/syno/share/nginx/conf.d/dsm.SecurityAdvisor.conf: -location ~ ^/sar/(.*)$ { - rewrite ^/sar/(.*)$ /webapi/_______________________________________________________entry.cgi?path="$1"&api=SYNO.SecurityAdvisor.Report.HTML&method=open&version=1; -} - -# configuration file /usr/syno/share/nginx/conf.d/dsm.synosharing.conf: -location ~ ^/sharing/([-_\w\d]+)$ { - root /usr/syno/synoman; - rewrite /sharing/([^\/\.]+) /sharing.cgi?_sharing_id=$1 break; - - include scgi_params; - scgi_read_timeout 3600s; - scgi_param IS_SHARING 1; - scgi_pass synoscgi; -} - -location ~ ^/sharing/(.+)\.cgi { - root /usr/syno/synoman; - rewrite /sharing/(.+) /$1 break; - - include scgi_params; - scgi_read_timeout 3600s; - scgi_param IS_SHARING 1; - scgi_pass synoscgi; -} - -location ~ ^/sharing/$ { - root /usr/syno/synoman; - rewrite /sharing/ /sharing.cgi break; - - include scgi_params; - scgi_read_timeout 3600s; - scgi_param IS_SHARING 1; - scgi_pass synoscgi; -} - -location ~ ^/sharing/errors$ { - root /usr/syno/synoman; - rewrite /sharing/errors /sharing.cgi break; - - include scgi_params; - scgi_read_timeout 3600s; - scgi_param IS_SHARING 1; - scgi_pass synoscgi; -} - -location ~ ^/sharing/webman/modules/Indexer/ { - deny all; -} - -location ~ ^/sharing/webapi/lib/ { - deny all; -} - -location ~ ^/sharing/webapi/(:?(:?.*)\.lib|(:?.*)\.api|(:?.*)\.auth|lib.def)$ { - deny all; -} - -location ~ ^/sharing/(.+)$ { - root /usr/syno/synoman; - rewrite /sharing/(.+) /$1 break; -} - -# configuration file /etc/nginx/scgi_params: -scgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; -scgi_param CONTENT_LENGTH $content_length; -scgi_param SCRIPT_NAME $fastcgi_script_name; - -scgi_param REQUEST_METHOD $request_method; -scgi_param REQUEST_URI $request_uri; -scgi_param QUERY_STRING $query_string; -scgi_param CONTENT_TYPE $content_type; - -scgi_param DOCUMENT_URI $document_uri; -scgi_param DOCUMENT_ROOT $document_root; -scgi_param SCGI 1; -scgi_param SERVER_PROTOCOL $server_protocol; -scgi_param REQUEST_SCHEME $scheme; -scgi_param HTTPS $https if_not_empty; - -scgi_param GATEWAY_INTERFACE CGI/1.1; -scgi_param SERVER_SOFTWARE nginx/$nginx_version; - -scgi_param REMOTE_ADDR $remote_addr; -scgi_param REMOTE_PORT $remote_port; -scgi_param SERVER_ADDR $server_addr; -scgi_param SERVER_PORT $server_port; -scgi_param SERVER_NAME $host; - -fastcgi_split_path_info ^(.+?\.cgi)(.*)$; -scgi_param PATH_INFO $fastcgi_path_info; - -uninitialized_variable_warn off; - -if ($fqdn = false) { - set $fqdn ""; -} - -scgi_param HOST $fqdn if_not_empty; - -scgi_intercept_errors on; - -# configuration file /etc/nginx/conf.d/dsm.pkg-static.ContainerManager-70163528.conf: -location ~ ^/docker/ws { - proxy_set_header X-Server-IP $server_addr; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Real-HTTPS $https; - proxy_set_header X-Server-Port $server_port; - proxy_set_header X-Real-Port $remote_port; - proxy_set_header Host $http_host; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_set_header X-Forwarded-Host $http_host; - proxy_http_version 1.1; - proxy_read_timeout 3600s; - - proxy_pass http://127.0.0.1:512; -} - -# configuration file /etc/nginx/conf.d/dsm.pkg-static.SynologyApplicationService-1255611987.conf: -location ~ /webman/3rdparty/SynologyApplicationService/browser_pair/service-worker.js$ { - add_header 'Service-Worker-Allowed' '/'; -} - -# configuration file /etc/nginx/conf.d/dsm.pkg-static.SynologyDrive-1350404196.conf: -location ~ ^/cstndownload/ { - rewrite ^/cstndownload/(.*)$ /webapi/entry.cgi?api=SYNO.SynologyDrive.Node.Download&version=1&method=finish; -} - -# configuration file /etc/nginx/conf.d/dsm.ssdp.conf: -location ~ ^/ssdp/ { - allow 172.20.36.211/24; - deny all; - root /tmp; - access_log off; - log_not_found off; -} - -# configuration file /etc/nginx/conf.d/dsm.syno-app-portal.FileStation.conf: - - -location ~ ^/sharing/([-_\w\d]+)$ { - root /usr/syno/synoman; - rewrite /sharing/([^\/\.]+) /sharing.cgi?_sharing_id=$1 break; - - include scgi_params; - scgi_read_timeout 3600s; - scgi_param IS_SHARING 1; - scgi_pass synoscgi; -} - -location ~ ^/sharing/(.+)\.cgi { - root /usr/syno/synoman; - rewrite /sharing/(.+) /$1 break; - - include scgi_params; - scgi_read_timeout 3600s; - scgi_param IS_SHARING 1; - scgi_pass synoscgi; -} - -location ~ ^/sharing/$ { - root /usr/syno/synoman; - rewrite /sharing/ /sharing.cgi break; - - include scgi_params; - scgi_read_timeout 3600s; - scgi_param IS_SHARING 1; - scgi_pass synoscgi; -} - -location ~ ^/sharing/errors$ { - root /usr/syno/synoman; - rewrite /sharing/errors /sharing.cgi break; - - include scgi_params; - scgi_read_timeout 3600s; - scgi_param IS_SHARING 1; - scgi_pass synoscgi; -} - -location ~ ^/sharing/webman/modules/Indexer/ { - deny all; -} - -location ~ ^/sharing/webapi/lib/ { - deny all; -} - -location ~ ^/sharing/webapi/(:?(:?.*)\.lib|(:?.*)\.api|(:?.*)\.auth|lib.def)$ { - deny all; -} - -location ~ ^/sharing/(.+)$ { - root /usr/syno/synoman; - rewrite /sharing/(.+) /$1 break; -} - -location ~ /webman/modules/FileBrowser/index_ds.php$ { - default_type text/html; - alias /usr/syno/share/OAuth/index_ds.php; -} - -location ~ ^/wfmlogindialog.js(.*) { - root /usr/syno/synoman; - rewrite /wfmlogindialog.js(.*) /webman/3rdparty/FileBrowser/directlogin.js$1 break; -} - -location ~ ^/fbsharing/(.*)$ { - root /usr/syno/synoman; - rewrite /fbsharing/(.*)$ $scheme://$http_host/sharing/fbsharing-$1 break; -} - -location ~ ^/fsdownload/webapi/file_download\.cgi/(.*)$ { - root /usr/syno/synoman; - rewrite /fsdownload/webapi/file_download\.cgi/(.*)$ /webapi/_______________________________________________________entry.cgi?api=SYNO.FolderSharing.Download&version=2&method=download break; - scgi_param REWRITE_APP "SYNO.SDS.App.FileStation3.Instance"; - scgi_read_timeout 3600s; - include scgi_params; - scgi_pass synoscgi; - -} - -location ~ ^/fsdownload/(webman|scripts|synoSDSjslib)/(.*)$ { - root /usr/syno/synoman; - rewrite /fsdownload/(.*)$ /$1 break; -} - -location ~ ^/fsdownload/webapi/(.*)$ { - root /usr/syno/synoman; - rewrite /fsdownload/(.*)$ /$1 break; - scgi_param REWRITE_APP "SYNO.SDS.App.FileStation3.Instance"; - scgi_read_timeout 3600s; - include scgi_params; - scgi_pass synoscgi; - -} - -location ~ ^/fsdownload/([-_\w\d]+)/(.*)$ { - root /usr/syno/synoman; - rewrite /fsdownload/([-_\w\d]+)/(.*)$ /webapi/_______________________________________________________entry.cgi?api=SYNO.FileStation.Sharing.Download&version=1&method=download&_sharing_id="$1"&mode=download break; - scgi_param REWRITE_APP "SYNO.SDS.App.FileStation3.Instance"; - scgi_read_timeout 3600s; - include scgi_params; - scgi_pass synoscgi; - -} - -location ~ ^/fbdownload/(.*)$ { - root /usr/syno/synoman; - if ($args ~* "^k=(.*)") { - rewrite ^.*$ $scheme://$http_host/sharing/fbsharing-$arg_k? last; - } - rewrite /fbdownload/(.*)$ /webapi/_______________________________________________________entry.cgi?api=SYNO.FileStation.Download&version=2&method=download&mode=download&stdhtml=true break; - scgi_param REWRITE_APP "SYNO.SDS.App.FileStation3.Instance"; - scgi_read_timeout 3600s; - include scgi_params; - scgi_pass synoscgi; - -} - -location ~ ^/fbgdrivedownload/(.*)$ { - root /usr/syno/synoman; - rewrite /fbgdrivedownload/(.*) /webapi/_______________________________________________________entry.cgi?api=SYNO.FileStation.VFS.GDrive&method=download&version=1&mode=download&stdhtml=true break; - scgi_param REWRITE_APP "SYNO.SDS.App.FileStation3.Instance"; - scgi_read_timeout 3600s; - include scgi_params; - scgi_pass synoscgi; - -} - -location ~ ^/viewer/(.*)/(.*)/(.*)/(.*)$ { - root /usr/syno/synoman; - rewrite /viewer/(.*)/(.*)/(.*)/(.*) /webapi/_______________________________________________________entry.cgi?api=SYNO.FileStation.Download&version=2&method=download&dlink="$1"&tid="$2"&SynoToken=$3&mode=open&stdhtml=true break; - scgi_param REWRITE_APP "SYNO.SDS.App.FileStation3.Instance"; - scgi_read_timeout 3600s; - include scgi_params; - scgi_pass synoscgi; - -} - - -# configuration file /etc/nginx/conf.d/dsm.syno-app-portal.SynologyDrive.conf: -location ~ ^/d/f/ { - root /usr/syno/synoman; - index index.cgi; - - rewrite /d/f/([0-9a-zA-Z_]+\.(txt|cgi))$ /$1 last; - rewrite /d/f/(webman|scripts|synoSDSjslib|synoSDSjslib-compatible-6.x|synohdpack|oauth|webapi)/(.*)$ /$1/$2 last; - rewrite /d/f/([0-9a-zA-Z]+)$ /webapi/entry.cgi?api=SYNO.SynologyDrive.Shard&version=1&method=get&link_id="$1"&sharing_type=simple_sharing break; - - include scgi_params; - scgi_pass synoscgi; - -} - -location ~ ^/d/s/ { - root /usr/syno/synoman; - index index.cgi; - - rewrite /d/s/([0-9a-zA-Z]+)/([0-9a-zA-Z_]+\.(txt|cgi))$ /$2 last; - rewrite /d/s/([0-9a-zA-Z]+)/(webman|scripts|synoSDSjslib|synoSDSjslib-compatible-6.x|synohdpack|oauth|webapi|oo|sc)/(.*)$ /$2/$3 last; - rewrite /d/s/([0-9a-zA-Z]+)/([^/]+)$ /webapi/entry.cgi?api=SYNO.SynologyDrive.Shard&version=1&method=get&link_id="$1"&sharing_link="$2"&sharing_type=public_sharing break; - - include scgi_params; - scgi_pass synoscgi; - -} - -location ~ ^/d/r/ { - root /usr/syno/synoman; - index index.cgi; - - rewrite /d/r/([0-9a-zA-Z]+)/([0-9a-zA-Z_]+\.(txt|cgi))$ /$2 last; - rewrite /d/r/([0-9a-zA-Z]+)/(webman|scripts|synoSDSjslib|synoSDSjslib-compatible-6.x|synohdpack|oauth|webapi|oo|sc)/(.*)$ /$2/$3 last; - rewrite /d/r/([0-9a-zA-Z]+)/([^/]+)$ /webapi/entry.cgi?api=SYNO.SynologyDrive.Shard&version=1&method=get&link_id="$1"&sharing_link="$2"&sharing_type=file_request break; - - include scgi_params; - scgi_pass synoscgi; - -} - - -# configuration file /etc/nginx/conf.d/dsm.synorelayd.conf: -location ~ ^/webman/pingpong.cgi { - default_type text/plain; - root /usr/syno/synoman; - if ($arg_quickconnect) { - add_header Access-Control-Allow-Origin *; - return 200 '{"success": true, "ezid": "7a392a5bf75f985997202aff4ba36a52"}'; - } - include scgi_params; - scgi_pass synoscgi; -} - -# configuration file /etc/nginx/proxy.conf: -proxy_set_header X-Forwarded-By $server_addr; -proxy_set_header X-Real-IP $remote_addr; -proxy_set_header X-Forwarded-Proto $scheme; -proxy_set_header X-Forwarded-Port $server_port; -proxy_set_header Host $http_host; -proxy_set_header Upgrade $http_upgrade; -proxy_http_version 1.1; - -# configuration file /etc/nginx/conf.d/ssl.compress.conf: -gzip off; - -# configuration file /usr/syno/etc/www/certificate/system_quickconnect/cert.conf: -ssl_certificate /usr/syno/etc/www/certificate/system_quickconnect/d3efac81-5201-430a-b1e1-889a54749cc2.pem; -ssl_certificate_key /usr/syno/etc/www/certificate/system_quickconnect/5aa70095-d40d-4c78-a844-5e8b213263f7.pem; -ssl_certificate /usr/syno/etc/www/certificate/system_quickconnect/75f7d883-2982-40cc-aaa1-dff3a6384c39.pem; -ssl_certificate_key /usr/syno/etc/www/certificate/system_quickconnect/d65137ec-841c-442d-8938-0f7fb7649778.pem; - -# configuration file /usr/syno/etc/security-profile/tls-profile/config/system_quickconnect.conf: - - -ssl_protocols TLSv1.2 TLSv1.3; -ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305; -ssl_dhparam /usr/syno/etc/ssl/dh2048.pem; - - -# configuration file /etc/nginx/conf.d/www.webservice_portal_6ba05a28-ac75-407d-8d06-a6df656d49c4.conf: - -location = /phpmyadmin { - rewrite ^/(.*)$ $1/ permanent; -} - -include conf.d/.service.6ba05a28-ac75-407d-8d06-a6df656d49c4.2202361b-2b4d-44a7-b676-811dc36c570c.conf*; - -location ~ ^/phpmyadmin/ { - - include conf.d/.webstation.error_page.default.conf*; - - return 404; -} - -# configuration file /etc/nginx/conf.d/.service.6ba05a28-ac75-407d-8d06-a6df656d49c4.2202361b-2b4d-44a7-b676-811dc36c570c.conf: - -location ^~ /phpmyadmin/ { - - include conf.d/.webstation.error_page.default.conf*; - - location = /phpmyadmin/ { - alias "/var/services/web_packages/phpmyadmin/"; - } - - alias "/var/services/web_packages/phpmyadmin/"; - index index.php index.htm index.html; - - location ~* \.(php[345]?|phtml)$ { - fastcgi_pass unix:/run/php-fpm/php-2202361b-2b4d-44a7-b676-811dc36c570c.sock; - - fastcgi_connect_timeout 60s; - fastcgi_read_timeout 3600s; - fastcgi_send_timeout 60s; - - fastcgi_param SCRIPT_FILENAME $request_filename; - - fastcgi_param QUERY_STRING $query_string; - - fastcgi_param REQUEST_METHOD $request_method; - - fastcgi_param CONTENT_TYPE $content_type; - - fastcgi_param CONTENT_LENGTH $content_length; - - fastcgi_param SCRIPT_NAME $fastcgi_script_name; - - fastcgi_param REQUEST_URI $request_uri; - - fastcgi_param DOCUMENT_URI $document_uri; - - fastcgi_param DOCUMENT_ROOT $document_root; - - fastcgi_param SERVER_PROTOCOL $server_protocol; - - fastcgi_param REQUEST_SCHEME $scheme; - - fastcgi_param HTTPS $https if_not_empty; - - fastcgi_param GATEWAY_INTERFACE CGI/1.1; - - fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; - - fastcgi_param REMOTE_ADDR $remote_addr; - - fastcgi_param REMOTE_PORT $remote_port; - - fastcgi_param SERVER_ADDR $server_addr; - - fastcgi_param SERVER_PORT $server_port; - - fastcgi_param SERVER_NAME $server_name; - - fastcgi_param REDIRECT_STATUS 200; - - include /usr/local/etc/nginx/conf.d/2202361b-2b4d-44a7-b676-811dc36c570c/fastcgi.conf*; - } - - include /usr/local/etc/nginx/conf.d/2202361b-2b4d-44a7-b676-811dc36c570c/user.conf*; - -} - - -# configuration file /etc/nginx/conf.d/.webstation.error_page.default.conf: - - -error_page 400 /webstation_error_page_custom_default_400; - -error_page 401 /webstation_error_page_custom_default_401; - -error_page 402 /webstation_error_page_custom_default_402; - -error_page 403 /webstation_error_page_custom_default_403; - -error_page 404 /webstation_error_page_custom_default_404; - -error_page 405 /webstation_error_page_custom_default_405; - -error_page 406 /webstation_error_page_custom_default_406; - -error_page 407 /webstation_error_page_custom_default_407; - -error_page 408 /webstation_error_page_custom_default_408; - -error_page 500 /webstation_error_page_custom_default_500; - -error_page 501 /webstation_error_page_custom_default_501; - -error_page 502 /webstation_error_page_custom_default_502; - -error_page 503 /webstation_error_page_custom_default_503; - -error_page 504 /webstation_error_page_custom_default_504; - -error_page 505 /webstation_error_page_custom_default_505; - -error_page 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 /webstation_error_page_custom_default_default; - -# configuration file /etc/nginx/conf.d/.location.webstation.conf: -location ~ ^/~([^\/]*)/ { - proxy_ignore_headers X-Accel-Redirect; - proxy_read_timeout 3600s; - proxy_set_header X-Forwarded-By $server_addr; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-HTTPS $https; - proxy_set_header X-Port $server_port; - proxy_set_header X-Real-Port $remote_port; - proxy_set_header Host $http_host; - proxy_set_header Upgrade $http_upgrade; - proxy_http_version 1.1; - proxy_intercept_errors off; - - error_page 404 /_webstation_/404.html; - return 404; - -} - -location ^~ /_webstation_/ { - alias /var/packages/WebStation/target/error_page/; -} - -include conf.d/.webstation.error_page.*.resource.conf*; - -location ~ ^ { - proxy_ignore_headers X-Accel-Redirect; - proxy_read_timeout 3600s; - proxy_set_header X-Forwarded-By $server_addr; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-HTTPS $https; - proxy_set_header X-Port $server_port; - proxy_set_header X-Real-Port $remote_port; - proxy_set_header Host $http_host; - proxy_set_header Upgrade $http_upgrade; - proxy_http_version 1.1; - proxy_intercept_errors off; - proxy_redirect http:// $scheme://; - - error_page 502 /_webstation_/$status.html; - proxy_pass http://unix:/run/webstation_default.sock; -} -# configuration file /etc/nginx/conf.d/.webstation.error_page.default.resource.conf: - - -location ~ /webstation_error_page_custom_default_400 { - internal; - root /var/packages/WebStation/var/error_page/default; - rewrite ^ /336f5e0b-f250-45db-b124-cab3c77adc5f.html break; - allow all; -} - -location ~ /webstation_error_page_custom_default_401 { - internal; - root /var/packages/WebStation/var/error_page/default; - rewrite ^ /e1ff34ae-678b-4c6d-9c75-f05f61461351.html break; - allow all; -} - -location ~ /webstation_error_page_custom_default_402 { - internal; - root /var/packages/WebStation/var/error_page/default; - rewrite ^ /01bec347-ca0a-4501-88f0-c24d0fa952ba.html break; - allow all; -} - -location ~ /webstation_error_page_custom_default_403 { - internal; - root /var/packages/WebStation/var/error_page/default; - rewrite ^ /8e0b3b6c-dbf8-449c-836f-0415c8b104fe.html break; - allow all; -} - -location ~ /webstation_error_page_custom_default_404 { - internal; - root /var/packages/WebStation/var/error_page/default; - rewrite ^ /9afb9e7a-d57c-4d5c-998e-70f62d9eaf6f.html break; - allow all; -} - -location ~ /webstation_error_page_custom_default_405 { - internal; - root /var/packages/WebStation/var/error_page/default; - rewrite ^ /e49ab32b-1ee6-4b35-8790-06667e81e2aa.html break; - allow all; -} - -location ~ /webstation_error_page_custom_default_406 { - internal; - root /var/packages/WebStation/var/error_page/default; - rewrite ^ /050fd3fb-2bb7-4b3f-ac11-c323ac5bae5a.html break; - allow all; -} - -location ~ /webstation_error_page_custom_default_407 { - internal; - root /var/packages/WebStation/var/error_page/default; - rewrite ^ /43e2f964-a2f5-4d8d-85b3-759e097c3020.html break; - allow all; -} - -location ~ /webstation_error_page_custom_default_408 { - internal; - root /var/packages/WebStation/var/error_page/default; - rewrite ^ /0f14ba31-a600-4bdc-a961-b78402e0b9fb.html break; - allow all; -} - -location ~ /webstation_error_page_custom_default_500 { - internal; - root /var/packages/WebStation/var/error_page/default; - rewrite ^ /70a86fb4-28dc-4e01-af28-4e984b4c0bff.html break; - allow all; -} - -location ~ /webstation_error_page_custom_default_501 { - internal; - root /var/packages/WebStation/var/error_page/default; - rewrite ^ /847c60bb-816b-45ab-af50-bff6ea2c17d9.html break; - allow all; -} - -location ~ /webstation_error_page_custom_default_502 { - internal; - root /var/packages/WebStation/var/error_page/default; - rewrite ^ /acba7191-33ca-49ba-9aeb-bba7e98e642f.html break; - allow all; -} - -location ~ /webstation_error_page_custom_default_503 { - internal; - root /var/packages/WebStation/var/error_page/default; - rewrite ^ /0605e1eb-d793-4dba-bfa8-44dc61bd3e0f.html break; - allow all; -} - -location ~ /webstation_error_page_custom_default_504 { - internal; - root /var/packages/WebStation/var/error_page/default; - rewrite ^ /bc7e53bc-2149-4d0c-8759-6ec7738c3ab2.html break; - allow all; -} - -location ~ /webstation_error_page_custom_default_505 { - internal; - root /var/packages/WebStation/var/error_page/default; - rewrite ^ /42fe9463-b04d-48ea-991a-88578696484f.html break; - allow all; -} - -location ~ /webstation_error_page_custom_default_default { - internal; - root /var/packages/WebStation/var/error_page/default; - rewrite ^ /e6977d21-8af9-43a7-9717-6e3b656e4d3e.html break; - allow all; -} - - -# configuration file /etc/nginx/sites-enabled/server.ReverseProxy.conf: - - -# configuration file /etc/nginx/sites-enabled/server.webstation.conf: -server { - listen unix:/run/webstation_default.sock; - root /var/services/web; - index index.html index.php index.cgi; - - set_real_ip_from unix:; - real_ip_header X-Real-IP; - - fastcgi_param QUERY_STRING $query_string; - fastcgi_param REQUEST_METHOD $request_method; - fastcgi_param CONTENT_TYPE $content_type; - fastcgi_param CONTENT_LENGTH $content_length; - - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_param SCRIPT_NAME $fastcgi_script_name; - fastcgi_param REQUEST_URI $request_uri; - fastcgi_param DOCUMENT_URI $document_uri; - fastcgi_param DOCUMENT_ROOT $document_root; - fastcgi_param SERVER_PROTOCOL $server_protocol; - fastcgi_param HTTPS $http_x_https if_not_empty; - fastcgi_param GATEWAY_INTERFACE CGI/1.1; - fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; - - fastcgi_param REMOTE_ADDR $remote_addr; - fastcgi_param REMOTE_PORT $http_x_real_port; - fastcgi_param SERVER_ADDR $http_x_forwarded_by; - fastcgi_param SERVER_PORT $http_x_port; - fastcgi_param SERVER_NAME $host; - fastcgi_param REDIRECT_STATUS 200; - fastcgi_intercept_errors on; - fastcgi_read_timeout 3600s; - - include conf.d/.webstation.error_page.default.conf*; - - include conf.d/.webstation.error_page.default.resource.conf*; - - location ^~ /_webstation_/ { - alias /var/packages/WebStation/target/error_page/; - } - location ~* \.(php[345]?|phtml)$ { - - fastcgi_pass unix:/run/php-fpm/php-b9a41bca-af4e-11e9-9fc0-6335258c6d96.sock; - - } - location ~* \.cgi { - fastcgi_pass unix:/run/fcgiwrap.sock; - } -} - -# configuration file /etc/nginx/sites-enabled/synowstransfer-nginx.conf: -server { - listen 5357 default_server; - listen [::]:5357 default_server; - - location / { - proxy_pass http://unix:/tmp/synowstransfer.sock; - } -} - -# configuration file /etc/nginx/sites-enabled/webservice_portal_2cb0caad-5034-43b1-8f49-32aa6aafb709: - - -server { - - listen 8085 default_server; - listen [::]:8085 default_server; - - server_name _; - - error_log /var/packages/WebStation/var/log/nginx_error_log warn; - - include /usr/syno/etc/www/certificate/WebStation_2cb0caad-5034-43b1-8f49-32aa6aafb709/cert.conf*; - - include /usr/syno/etc/security-profile/tls-profile/config/WebStation_2cb0caad-5034-43b1-8f49-32aa6aafb709.conf*; - - ssl_prefer_server_ciphers on; - - include conf.d/.webstation.error_page.default.conf*; - - include conf.d/.webstation.error_page.default.resource.conf*; - - location / { - return 404; - } - -} - - -# configuration file /usr/syno/etc/www/certificate/WebStation_2cb0caad-5034-43b1-8f49-32aa6aafb709/cert.conf: -ssl_certificate /usr/syno/etc/www/certificate/WebStation_2cb0caad-5034-43b1-8f49-32aa6aafb709/ff57f193-ecaa-4582-b0e2-b54827f840b0.pem; -ssl_certificate_key /usr/syno/etc/www/certificate/WebStation_2cb0caad-5034-43b1-8f49-32aa6aafb709/624f702e-6a48-464d-9415-f504f14f5c9e.pem; - -# configuration file /usr/syno/etc/security-profile/tls-profile/config/WebStation_2cb0caad-5034-43b1-8f49-32aa6aafb709.conf: - - -ssl_protocols TLSv1.2 TLSv1.3; -ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305; -ssl_dhparam /usr/syno/etc/ssl/dh2048.pem; - - -# configuration file /etc/nginx/sites-enabled/webservice_portal_33a79a7d-ab22-4caa-aa38-3ab94a23f6e5: - - -server { - - listen 8087 default_server; - listen [::]:8087 default_server; - - server_name _; - - error_log /var/packages/WebStation/var/log/nginx_error_log warn; - - include /usr/syno/etc/www/certificate/WebStation_33a79a7d-ab22-4caa-aa38-3ab94a23f6e5/cert.conf*; - - include /usr/syno/etc/security-profile/tls-profile/config/WebStation_33a79a7d-ab22-4caa-aa38-3ab94a23f6e5.conf*; - - ssl_prefer_server_ciphers on; - - include conf.d/.webstation.error_page.default.conf*; - - include conf.d/.webstation.error_page.default.resource.conf*; - - location / { - return 404; - } - -} - - -# configuration file /usr/syno/etc/www/certificate/WebStation_33a79a7d-ab22-4caa-aa38-3ab94a23f6e5/cert.conf: -ssl_certificate /usr/syno/etc/www/certificate/WebStation_33a79a7d-ab22-4caa-aa38-3ab94a23f6e5/8b6cc71f-e8f0-4283-a69e-ce49e11971ae.pem; -ssl_certificate_key /usr/syno/etc/www/certificate/WebStation_33a79a7d-ab22-4caa-aa38-3ab94a23f6e5/88db9094-5dbb-44b3-8485-b16cd59795ad.pem; - -# configuration file /usr/syno/etc/security-profile/tls-profile/config/WebStation_33a79a7d-ab22-4caa-aa38-3ab94a23f6e5.conf: - - -ssl_protocols TLSv1.2 TLSv1.3; -ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305; -ssl_dhparam /usr/syno/etc/ssl/dh2048.pem; - - -# configuration file /etc/nginx/sites-enabled/webservice_portal_7531c0cc-0fb8-43c3-9765-d9713c59493e: - - -server { - - listen 50010 default_server; - listen [::]:50010 default_server; - - server_name _; - - error_log /var/packages/WebStation/var/log/nginx_error_log warn; - - include /usr/syno/etc/www/certificate/WebStation_7531c0cc-0fb8-43c3-9765-d9713c59493e/cert.conf*; - - include /usr/syno/etc/security-profile/tls-profile/config/WebStation_7531c0cc-0fb8-43c3-9765-d9713c59493e.conf*; - - ssl_prefer_server_ciphers on; - - include conf.d/.webstation.error_page.default.conf*; - - include conf.d/.webstation.error_page.default.resource.conf*; - - location / { - return 404; - } - -} - - -# configuration file /usr/syno/etc/www/certificate/WebStation_7531c0cc-0fb8-43c3-9765-d9713c59493e/cert.conf: -ssl_certificate /usr/syno/etc/www/certificate/WebStation_7531c0cc-0fb8-43c3-9765-d9713c59493e/2de8a8b3-e227-4f99-bcfe-ab3cbd6465d8.pem; -ssl_certificate_key /usr/syno/etc/www/certificate/WebStation_7531c0cc-0fb8-43c3-9765-d9713c59493e/7ad5d52a-3a0a-4121-991e-18cf907f934b.pem; - -# configuration file /usr/syno/etc/security-profile/tls-profile/config/WebStation_7531c0cc-0fb8-43c3-9765-d9713c59493e.conf: - - -ssl_protocols TLSv1.2 TLSv1.3; -ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305; -ssl_dhparam /usr/syno/etc/ssl/dh2048.pem; - - -# configuration file /etc/nginx/sites-enabled/webservice_portal_8059b45e-e99d-4a75-8ac5-b2d006061963: - - -server { - - listen 80; - listen [::]:80; - - server_name nas-ntc3.stc-spb.ru ; - - if ( $host !~ "(^nas-ntc3.stc-spb.ru$)" ) { return 404; } - - error_log /var/packages/WebStation/var/log/nginx_error_log warn; - - include /usr/syno/etc/www/certificate/WebStation_8059b45e-e99d-4a75-8ac5-b2d006061963/cert.conf*; - - include /usr/syno/etc/security-profile/tls-profile/config/WebStation_8059b45e-e99d-4a75-8ac5-b2d006061963.conf*; - - ssl_prefer_server_ciphers on; - - location ^~ /.well-known/acme-challenge { - root /var/lib/letsencrypt; - default_type text/plain; - } - - include conf.d/.webstation.error_page.default.conf*; - - include conf.d/.webstation.error_page.default.resource.conf*; - - include conf.d/.service.8059b45e-e99d-4a75-8ac5-b2d006061963.4e8330be-1351-43d8-a63e-cfff736f5d8b.conf*; - -} - - -# configuration file /usr/syno/etc/www/certificate/WebStation_8059b45e-e99d-4a75-8ac5-b2d006061963/cert.conf: -ssl_certificate /usr/syno/etc/www/certificate/WebStation_8059b45e-e99d-4a75-8ac5-b2d006061963/a6c94283-c1af-40dd-b550-3991ca6589b0.pem; -ssl_certificate_key /usr/syno/etc/www/certificate/WebStation_8059b45e-e99d-4a75-8ac5-b2d006061963/3f3d2818-d7b7-4436-8d48-d6d4383c4404.pem; - -# configuration file /usr/syno/etc/security-profile/tls-profile/config/WebStation_8059b45e-e99d-4a75-8ac5-b2d006061963.conf: - - -ssl_protocols TLSv1.2 TLSv1.3; -ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305; -ssl_dhparam /usr/syno/etc/ssl/dh2048.pem; - - -# configuration file /etc/nginx/conf.d/.service.8059b45e-e99d-4a75-8ac5-b2d006061963.4e8330be-1351-43d8-a63e-cfff736f5d8b.conf: - - - location ~ / { - - proxy_connect_timeout 300s; - proxy_read_timeout 300s; - proxy_send_timeout 300s; - - proxy_pass http://127.0.0.1:915; - - proxy_set_header X-Forwarded-By $server_addr; - - proxy_set_header X-Real-IP $remote_addr; - - proxy_set_header X-Forwarded-Proto $scheme; - - proxy_set_header X-Forwarded-Port $server_port; - - proxy_set_header Host $http_host; - - proxy_set_header Upgrade $http_upgrade; - - proxy_set_header Connection $connection_upgrade; - - proxy_http_version 1.1; - - include /usr/local/etc/nginx/conf.d/4e8330be-1351-43d8-a63e-cfff736f5d8b/proxy.conf*; - } - - include /usr/local/etc/nginx/conf.d/4e8330be-1351-43d8-a63e-cfff736f5d8b/user.conf*; - - -# configuration file /etc/nginx/sites-enabled/webservice_portal_b9ee969b-7e47-4383-a293-c630b5877830: - - -server { - - listen 50011 default_server; - listen [::]:50011 default_server; - - server_name _; - - error_log /var/packages/WebStation/var/log/nginx_error_log warn; - - include /usr/syno/etc/www/certificate/WebStation_b9ee969b-7e47-4383-a293-c630b5877830/cert.conf*; - - include /usr/syno/etc/security-profile/tls-profile/config/WebStation_b9ee969b-7e47-4383-a293-c630b5877830.conf*; - - ssl_prefer_server_ciphers on; - - include conf.d/.webstation.error_page.default.conf*; - - include conf.d/.webstation.error_page.default.resource.conf*; - - location / { - return 404; - } - -} - - -# configuration file /usr/syno/etc/www/certificate/WebStation_b9ee969b-7e47-4383-a293-c630b5877830/cert.conf: -ssl_certificate /usr/syno/etc/www/certificate/WebStation_b9ee969b-7e47-4383-a293-c630b5877830/3e42a9d2-2900-4ca0-ae05-d0b7c37dfc5b.pem; -ssl_certificate_key /usr/syno/etc/www/certificate/WebStation_b9ee969b-7e47-4383-a293-c630b5877830/ed4b380a-449b-47d6-adfc-23447835042c.pem; - -# configuration file /usr/syno/etc/security-profile/tls-profile/config/WebStation_b9ee969b-7e47-4383-a293-c630b5877830.conf: - - -ssl_protocols TLSv1.2 TLSv1.3; -ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305; -ssl_dhparam /usr/syno/etc/ssl/dh2048.pem; - - diff --git a/users.txt b/users.txt new file mode 100644 index 0000000..bc4b5ec --- /dev/null +++ b/users.txt @@ -0,0 +1,6 @@ +ane.marin +r.abramov +a.agafonov +m.arkhipov +d.zaitsev +vlv.kuneevskii \ No newline at end of file diff --git a/users_with_passwords.txt b/users_with_passwords.txt new file mode 100644 index 0000000..6b6d462 --- /dev/null +++ b/users_with_passwords.txt @@ -0,0 +1,6 @@ +ane.marin:KhfG4c +r.abramov:WAtY45 +a.agafonov:XsmiAE +m.arkhipov:4nWj6J +d.zaitsev:ZgvacV +vlv.kuneevskii:RoAPfv