Facere/FacereWeb
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Deny access to .git, deploy/, and deploy-pull.sh

Browse Source 
Prevents leaking repo history, the docker-compose / nginx config, and
the auto-pull script via the publicly served root.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Knowit
2026-05-03 01:43:09 +08:00
parent 8ea175fa78
commit 08d253cdb6
1 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
deploy/nginx.conf
View File

@@ -7,6 +7,12 @@ server {
charset utf-8; charset utf-8;
# Deny access to repo metadata, deploy scripts/configs, and dotfiles
location ~ /\.git { deny all; return 404; }
location ~ /\. { deny all; return 404; }
location ^~ /deploy/ { deny all; return 404; }
location = /deploy-pull.sh { deny all; return 404; }
location = / { location = / {
try_files /facere.html =404; try_files /facere.html =404;
} }