fluxbb, flyspray: Deny access to /.git

The gitdirs are just clones of public repos and don't seem to contain anything sensitive but better safe than sorry. Thanks to Christian Rebischke <chris@shibumi.dev>

fluxbb, flyspray: Deny access to /.git
The gitdirs are just clones of public repos and don't seem to contain anything sensitive but better safe than sorry. Thanks to Christian Rebischke <chris@shibumi.dev>
be259e1a · Jan Alexander Steffens (heftig) · b83828c1 · be259e1a · be259e1a
Verified Commit be259e1a authored Feb 28, 2020 by Jan Alexander Steffens (heftig)
--- a/roles/fluxbb/templates/nginx.conf.j2
+++ b/roles/fluxbb/templates/nginx.conf.j2
@@ -33,6 +33,10 @@ server {
    ssl_certificate_key  /etc/letsencrypt/live/{{ fluxbb_domain }}/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/{{ fluxbb_domain }}/chain.pem;

+    location /.git {
+        deny all;
+    }
+
    location ~ /extern\.php {
        limit_req zone=rsslimit burst=10 nodelay;
        fastcgi_pass   unix:/run/php-fpm/fluxbb.socket;

--- a/roles/flyspray/templates/nginx.d.conf.j2
+++ b/roles/flyspray/templates/nginx.d.conf.j2
@@ -32,6 +32,10 @@ server {

    root {{ flyspray_dir }};

+    location /.git {
+        deny all;
+    }
+
    location /setup {
        deny all;
    }