|
|
| Zeile 1: |
Zeile 1: |
| <pre>
| | == Frontend Frameworks – Reifegrade == |
| composer create-project "typo3/cms-base-distribution:^13.4" /var/www/typo3
| |
| </pre>
| |
|
| |
|
| <pre>
| | ; Tier-Definition (Kurzfassung) |
| | * Tier 1: Weit verbreitet, stabil, Langzeitpflege, starkes Ökosystem |
|
| |
|
| # TYPO3 13 LTS – NGINX vhost
| |
| # Datei: sudo nano /etc/nginx/conf.d//typo3.conf
| |
|
| |
|
| | {| class="wikitable sortable" |
| | ! Tier !! Framework !! Kategorie !! Erstveröffentlichung !! Governance/Backing !! Release-/LTS-Kadenz !! Kurzbewertung |
| | |- |
| | | 1 || React || Bibliothek || 2013 || Meta + Community || regelmäßig || Dominantes Ökosystem, sehr stabil |
| | |- |
| | | 1 || Angular || Framework || 2016 || Google || LTS || Enterprise‑fokussiert, integrierter Stack |
| | |- |
| | | 1 || Vue.js || Framework || 2014 || Core‑Team + Community || regelmäßig || Reif, breite Adoption |
| | |- |
| | | 1 || Next.js || Meta‑Framework (React) || 2016 || Vercel || schnell || Produktionsreif, SSR/ISR/RSC |
|
| |
|
| | | |} |
| server {
| |
| listen 80;
| |
| server_name example.com www.example.com;
| |
| | |
| # Composer-Setup: DocumentRoot zeigt auf das "public" Verzeichnis
| |
| root /var/www/typo3/public;
| |
| index index.php index.html;
| |
| charset utf-8;
| |
| | |
| client_max_body_size 32m;
| |
| | |
| include /etc/nginx/monitoring.conf;
| |
| | |
| index index.php index.htm index.html;
| |
| | |
| # Disable sendfile as per https://docs.vagrantup.com/v2/synced-folders/virtualbox.html
| |
| sendfile off;
| |
| error_log /dev/stdout info;
| |
| access_log /var/log/nginx/access.log;
| |
| | |
| # Security: Content-Security-Policy
| |
| # =================================
| |
| #
| |
| # Add CSP header for possible vulnerable files stored in fileadmin see:
| |
| # * https://typo3.org/security/advisory/typo3-psa-2019-010
| |
| # * https://docs.typo3.org/m/typo3/reference-coreapi/master/en-us/Security/GuidelinesAdministrators/ContentSecurityPolicy.html
| |
| # * https://github.com/TYPO3/TYPO3.CMS/blob/master/typo3/sysext/install/Resources/Private/FolderStructureTemplateFiles/resources-root-htaccess
| |
| | |
| # matching requested *.pdf files only (strict rules block Safari showing PDF documents)
| |
| location ~ /(?:fileadmin|uploads)/.*\.pdf$ {
| |
| add_header Content-Security-Policy "default-src 'self' 'unsafe-inline'; script-src 'none'; object-src 'self'; plugin-types application/pdf;";
| |
| }
| |
| | |
| # matching anything else, using negative lookbehind pattern
| |
| location ~ /(?:fileadmin|uploads)/.*(?<!\.pdf)$ {
| |
| add_header Content-Security-Policy "default-src 'self'; script-src 'none'; style-src 'none'; object-src 'none';";
| |
| | |
| # Deliver media files as WebP if available. The file as WebP must be in
| |
| # the same place (Original: "example.jpg", WebP: "example.jpg.webp").
| |
| try_files $uri$webp_suffix $uri =404;
| |
| }
| |
| | |
| # TYPO3 11 Frontend URL rewriting support
| |
| location / {
| |
| absolute_redirect off;
| |
| try_files $uri $uri/ /index.php$is_args$args;
| |
| }
| |
| | |
| # TYPO3 11 Backend URL rewriting support
| |
| location = /typo3 {
| |
| rewrite ^ /typo3/;
| |
| }
| |
| | |
| # check if /typo3/index.php exists
| |
| set $typo3_index_exists 0;
| |
| if (-f $document_root/typo3/index.php) {
| |
| set $typo3_index_exists 1;
| |
| }
| |
| | |
| location /typo3/ {
| |
| absolute_redirect off;
| |
| try_files $uri $typo3_index$is_args$args;
| |
| }
| |
| | |
| # pass the PHP scripts to FastCGI server listening on socket
| |
| location ~ \.php$ {
| |
| try_files $uri =404;
| |
| fastcgi_split_path_info ^(.+\.php)(/.+)$;
| |
| fastcgi_pass unix:/run/php-fpm.sock;
| |
| fastcgi_buffers 16 16k;
| |
| fastcgi_buffer_size 32k;
| |
| fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
| |
| fastcgi_param SCRIPT_NAME $fastcgi_script_name;
| |
| fastcgi_index index.php;
| |
| include fastcgi_params;
| |
| fastcgi_intercept_errors off;
| |
| # fastcgi_read_timeout should match max_execution_time in php.ini
| |
| fastcgi_read_timeout 10m;
| |
| fastcgi_param SERVER_NAME $host;
| |
| fastcgi_param HTTPS $fcgi_https;
| |
| # Pass the X-Accel-* headers to facilitate testing.
| |
| fastcgi_pass_header "X-Accel-Buffering";
| |
| fastcgi_pass_header "X-Accel-Charset";
| |
| fastcgi_pass_header "X-Accel-Expires";
| |
| fastcgi_pass_header "X-Accel-Limit-Rate";
| |
| fastcgi_pass_header "X-Accel-Redirect";
| |
| }
| |
| | |
| # Compressing resource files will save bandwidth and so improve loading speed especially for users
| |
| # with slower internet connections. TYPO3 can compress the .js and .css files for you.
| |
| # *) Set $GLOBALS['TYPO3_CONF_VARS']['BE']['compressionLevel'] = 9 for the Backend
| |
| # *) Set $GLOBALS['TYPO3_CONF_VARS']['FE']['compressionLevel'] = 9 together with the TypoScript properties
| |
| # config.compressJs and config.compressCss for GZIP compression of Frontend JS and CSS files.
| |
| location ~ \.js\.gzip$ {
| |
| add_header Content-Encoding gzip;
| |
| gzip off;
| |
| types { text/javascript gzip; }
| |
| }
| |
| location ~ \.css\.gzip$ {
| |
| add_header Content-Encoding gzip;
| |
| gzip off;
| |
| types { text/css gzip; }
| |
| }
| |
| | |
| # Prevent clients from accessing hidden files (starting with a dot)
| |
| # This is particularly important if you store .htpasswd files in the site hierarchy
| |
| # Access to `/.well-known/` is allowed.
| |
| # https://www.mnot.net/blog/2010/04/07/well-known
| |
| # https://tools.ietf.org/html/rfc5785
| |
| location ~* /\.(?!well-known\/) {
| |
| deny all;
| |
| }
| |
| | |
| # Prevent clients from accessing to backup/config/source files
| |
| location ~* (?:\.(?:bak|conf|dist|fla|in[ci]|log|psd|sh|sql|sw[op])|~)$ {
| |
| deny all;
| |
| }
| |
| | |
| location = /favicon.ico {
| |
| log_not_found off;
| |
| access_log off;
| |
| }
| |
| | |
| # TYPO3 - Block access to composer files
| |
| location ~* composer\.(?:json|lock) {
| |
| deny all;
| |
| }
| |
| | |
| # TYPO3 - Block access to flexform files
| |
| location ~* flexform[^.]*\.xml {
| |
| deny all;
| |
| }
| |
| | |
| # TYPO3 - Block access to language files
| |
| location ~* locallang[^.]*\.(?:xml|xlf)$ {
| |
| deny all;
| |
| }
| |
| | |
| # TYPO3 - Block access to static typoscript files
| |
| location ~* ext_conf_template\.txt|ext_typoscript_constants\.(?:txt|typoscript)|ext_typoscript_setup\.(?:txt|typoscript) {
| |
| deny all;
| |
| }
| |
| | |
| # TYPO3 - Block access to miscellaneous protected files
| |
| location ~* /.*\.(?:bak|co?nf|cfg|ya?ml|ts|typoscript|dist|fla|in[ci]|log|sh|sql)$ {
| |
| deny all;
| |
| }
| |
| | |
| # TYPO3 - Block access to recycler and temporary directories
| |
| location ~ _(?:recycler|temp)_/ {
| |
| deny all;
| |
| }
| |
| | |
| # TYPO3 - Block access to configuration files stored in fileadmin
| |
| location ~ fileadmin/(?:templates)/.*\.(?:txt|ts|typoscript)$ {
| |
| deny all;
| |
| }
| |
| | |
| # TYPO3 - Block access to libaries, source and temporary compiled data
| |
| location ~ ^(?:vendor|typo3_src|typo3temp/var) {
| |
| deny all;
| |
| }
| |
| | |
| # TYPO3 - Block access to protected extension directories
| |
| location ~ (?:typo3conf/ext|typo3/sysext|typo3/ext)/[^/]+/(?:Configuration|Resources/Private|Tests?|Documentation|docs?)/ {
| |
| deny all;
| |
| }
| |
| | |
| if (!-e $request_filename) {
| |
| rewrite ^/(.+)\.(\d+)\.(php|js|css|png|jpg|gif|gzip)$ /$1.$3 last;
| |
| }
| |
| include /etc/nginx/common.d/*.conf;
| |
| include /mnt/ddev_config/nginx/*.conf;
| |
| }
| |
| | |
| ==Dateirechte==
| |
| | |
| <pre>
| |
| | |
| sudo chown -R www-data:www-data /var/www/typo3
| |
| sudo chmod -R 775 /var/www/typo3
| |
| </pre>
| |
| sudo chown www-data:www-data /var/www/typo3/public/typo3/install.php
| |
| sudo chmod 644 /var/www/typo3/public/typo3/install.php
| |