IDE:TYPO3: Unterschied zwischen den Versionen

Aus ahrensburg.city
Zur Navigation springen Zur Suche springen
← Zum vorherigen VersionsunterschiedZum nächsten Versionsunterschied →
VisuellWikitext
Keine Bearbeitungszusammenfassung
Zeile 7: Zeile 7:
# TYPO3 13 LTS – NGINX vhost
# TYPO3 13 LTS – NGINX vhost
# Datei: sudo nano /etc/nginx/conf.d//typo3.conf
# Datei: sudo nano /etc/nginx/conf.d//typo3.conf


server {
server {
    listen 80;
    listen 80;
     server_name example.com www.example.com;
     server_name example.com www.example.com;


Zeile 19: Zeile 21:
     client_max_body_size 32m;
     client_max_body_size 32m;


     # Basis-Security-Header
    include /etc/nginx/monitoring.conf;
     add_header X-Content-Type-Options nosniff;
 
     add_header X-Frame-Options SAMEORIGIN;
    index index.php index.htm index.html;
     add_header Referrer-Policy no-referrer-when-downgrade;
 
     add_header X-XSS-Protection "1; mode=block";
     # Disable sendfile as per https://docs.vagrantup.com/v2/synced-folders/virtualbox.html
    sendfile off;
    error_log /dev/stdout info;
    access_log /var/log/nginx/access.log;
 
    # Security: Content-Security-Policy
    # =================================
    #
     # Add CSP header for possible vulnerable files stored in fileadmin see:
    # * https://typo3.org/security/advisory/typo3-psa-2019-010
    # * https://docs.typo3.org/m/typo3/reference-coreapi/master/en-us/Security/GuidelinesAdministrators/ContentSecurityPolicy.html
     # * https://github.com/TYPO3/TYPO3.CMS/blob/master/typo3/sysext/install/Resources/Private/FolderStructureTemplateFiles/resources-root-htaccess
 
    # matching requested *.pdf files only (strict rules block Safari showing PDF documents)
     location ~ /(?:fileadmin|uploads)/.*\.pdf$ {
        add_header Content-Security-Policy "default-src 'self' 'unsafe-inline'; script-src 'none'; object-src 'self'; plugin-types application/pdf;";
     }
 
    # matching anything else, using negative lookbehind pattern
    location ~ /(?:fileadmin|uploads)/.*(?<!\.pdf)$ {
        add_header Content-Security-Policy "default-src 'self'; script-src 'none'; style-src 'none'; object-src 'none';";


     # Front-Controller
        # Deliver media files as WebP if available. The file as WebP must be in
        # the same place (Original: "example.jpg", WebP: "example.jpg.webp").
        try_files $uri$webp_suffix $uri =404;
    }
 
     # TYPO3 11 Frontend URL rewriting support
     location / {
     location / {
        absolute_redirect off;
         try_files $uri $uri/ /index.php$is_args$args;
         try_files $uri $uri/ /index.php$is_args$args;
     }
     }


     # TYPO3 Backend: leitet über Front-Controller
     # TYPO3 11 Backend URL rewriting support
     location ^~ /typo3/ {
     location = /typo3 {
        try_files $uri /index.php$is_args$args;
        rewrite ^ /typo3/;
    }
 
    # check if /typo3/index.php exists
    set $typo3_index_exists 0;
    if (-f $document_root/typo3/index.php) {
        set $typo3_index_exists 1;
     }
     }


     # Statische Assets
    location /typo3/ {
     location ~* \.(?:css|js|gif|ico|jpg|jpeg|png|svg|webp|avif|woff|woff2|ttf|eot)$ {
        absolute_redirect off;
        try_files $uri $typo3_index$is_args$args;
    }
 
     # pass the PHP scripts to FastCGI server listening on socket
     location ~ \.php$ {
         try_files $uri =404;
         try_files $uri =404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/run/php-fpm.sock;
        fastcgi_buffers 16 16k;
        fastcgi_buffer_size 32k;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param SCRIPT_NAME $fastcgi_script_name;
        fastcgi_index index.php;
        include fastcgi_params;
        fastcgi_intercept_errors off;
        # fastcgi_read_timeout should match max_execution_time in php.ini
        fastcgi_read_timeout 10m;
        fastcgi_param SERVER_NAME $host;
        fastcgi_param HTTPS $fcgi_https;
        # Pass the X-Accel-* headers to facilitate testing.
        fastcgi_pass_header "X-Accel-Buffering";
        fastcgi_pass_header "X-Accel-Charset";
        fastcgi_pass_header "X-Accel-Expires";
        fastcgi_pass_header "X-Accel-Limit-Rate";
        fastcgi_pass_header "X-Accel-Redirect";
    }
    # Compressing resource files will save bandwidth and so improve loading speed especially for users
    # with slower internet connections. TYPO3 can compress the .js and .css files for you.
    # *) Set $GLOBALS['TYPO3_CONF_VARS']['BE']['compressionLevel'] = 9 for the Backend
    # *) Set $GLOBALS['TYPO3_CONF_VARS']['FE']['compressionLevel'] = 9 together with the TypoScript properties
    #    config.compressJs and config.compressCss for GZIP compression of Frontend JS and CSS files.
    location ~ \.js\.gzip$ {
        add_header Content-Encoding gzip;
        gzip off;
        types { text/javascript gzip; }
    }
    location ~ \.css\.gzip$ {
        add_header Content-Encoding gzip;
        gzip off;
        types { text/css gzip; }
    }
    # Prevent clients from accessing hidden files (starting with a dot)
    # This is particularly important if you store .htpasswd files in the site hierarchy
    # Access to `/.well-known/` is allowed.
    # https://www.mnot.net/blog/2010/04/07/well-known
    # https://tools.ietf.org/html/rfc5785
    location ~* /\.(?!well-known\/) {
        deny all;
    }
    # Prevent clients from accessing to backup/config/source files
    location ~* (?:\.(?:bak|conf|dist|fla|in[ci]|log|psd|sh|sql|sw[op])|~)$ {
        deny all;
    }
    location = /favicon.ico {
        log_not_found off;
         access_log off;
         access_log off;
        expires 7d;
        add_header Cache-Control "public, immutable";
     }
     }


     # Favicons / Robots
     # TYPO3 - Block access to composer files
     location = /favicon.ico { log_not_found off; access_log off; }
     location ~* composer\.(?:json|lock) {
     location = /robots.txt  { log_not_found off; access_log off; }
        deny all;
    }
 
    # TYPO3 - Block access to flexform files
     location ~* flexform[^.]*\.xml {
        deny all;
    }


     # Versteckte/empfindliche Dateien sperren
     # TYPO3 - Block access to language files
    location ~ /\.(?!well-known) { deny all; }
     location ~* locallang[^.]*\.(?:xml|xlf)$ {
     location ~* /(composer\.(json|lock)|package\.json|yarn\.lock|webpack\..*|tsconfig\.json)$ { deny all; }
        deny all;
    location ~* (?:^|/)(?:LocalConfiguration|AdditionalConfiguration)\.php$ { deny all; }
     }
     location ~* ^/(?:typo3conf|var|vendor|Build|Tests)(?:/|$) { deny all; }


     # Keine PHP-Ausführung in Upload-/Asset-Ordnern
     # TYPO3 - Block access to static typoscript files
     location ~* ^/(?:fileadmin|uploads|typo3temp|typo3conf|storage)/.*\.php$ {
     location ~* ext_conf_template\.txt|ext_typoscript_constants\.(?:txt|typoscript)|ext_typoscript_setup\.(?:txt|typoscript) {
         deny all;
         deny all;
     }
     }


     # PHP-FPM
     # TYPO3 - Block access to miscellaneous protected files
     location ~ \.php$ {
     location ~* /.*\.(?:bak|co?nf|cfg|ya?ml|ts|typoscript|dist|fla|in[ci]|log|sh|sql)$ {
         try_files $uri =404;
         deny all;
         include fastcgi_params;
    }
        fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
 
        fastcgi_param DOCUMENT_ROOT $realpath_root;
    # TYPO3 - Block access to recycler and temporary directories
        fastcgi_param TYPO3_CONTEXT Production;
    location ~ _(?:recycler|temp)_/ {
        fastcgi_param HTTPS $https if_not_empty;
         deny all;
         fastcgi_buffers 16 16k;
    }
        fastcgi_buffer_size 32k;
 
        fastcgi_read_timeout 120s;
    # TYPO3 - Block access to configuration files stored in fileadmin
        # Pfad ggf. auf die installierte PHP-Version anpassen (8.2/8.3)
    location ~ fileadmin/(?:templates)/.*\.(?:txt|ts|typoscript)$ {
         fastcgi_pass unix:/run/php/php8.2-fpm.sock;
         deny all;
         fastcgi_index index.php;
    }
 
    # TYPO3 - Block access to libaries, source and temporary compiled data
    location ~ ^(?:vendor|typo3_src|typo3temp/var) {
         deny all;
    }
 
    # TYPO3 - Block access to protected extension directories
    location ~ (?:typo3conf/ext|typo3/sysext|typo3/ext)/[^/]+/(?:Configuration|Resources/Private|Tests?|Documentation|docs?)/ {
        deny all;
    }
 
    if (!-e $request_filename) {
         rewrite ^/(.+)\.(\d+)\.(php|js|css|png|jpg|gif|gzip)$ /$1.$3 last;
     }
     }
    include /etc/nginx/common.d/*.conf;
    include /mnt/ddev_config/nginx/*.conf;
}
}
</pre>


==Dateirechte==
==Dateirechte==

Version vom 26. Oktober 2025, 02:58 Uhr

composer create-project "typo3/cms-base-distribution:^13.4" /var/www/typo3


# TYPO3 13 LTS – NGINX vhost
# Datei: sudo nano /etc/nginx/conf.d//typo3.conf



server {
     listen 80;
    server_name example.com www.example.com;

    # Composer-Setup: DocumentRoot zeigt auf das "public" Verzeichnis
    root /var/www/typo3/public;
    index index.php index.html;
    charset utf-8;

    client_max_body_size 32m;

    include /etc/nginx/monitoring.conf;

    index index.php index.htm index.html;

    # Disable sendfile as per https://docs.vagrantup.com/v2/synced-folders/virtualbox.html
    sendfile off;
    error_log /dev/stdout info;
    access_log /var/log/nginx/access.log;

    # Security: Content-Security-Policy
    # =================================
    #
    # Add CSP header for possible vulnerable files stored in fileadmin see:
    # * https://typo3.org/security/advisory/typo3-psa-2019-010
    # * https://docs.typo3.org/m/typo3/reference-coreapi/master/en-us/Security/GuidelinesAdministrators/ContentSecurityPolicy.html
    # * https://github.com/TYPO3/TYPO3.CMS/blob/master/typo3/sysext/install/Resources/Private/FolderStructureTemplateFiles/resources-root-htaccess

    # matching requested *.pdf files only (strict rules block Safari showing PDF documents)
    location ~ /(?:fileadmin|uploads)/.*\.pdf$ {
        add_header Content-Security-Policy "default-src 'self' 'unsafe-inline'; script-src 'none'; object-src 'self'; plugin-types application/pdf;";
    }

    # matching anything else, using negative lookbehind pattern
    location ~ /(?:fileadmin|uploads)/.*(?<!\.pdf)$ {
        add_header Content-Security-Policy "default-src 'self'; script-src 'none'; style-src 'none'; object-src 'none';";

        # Deliver media files as WebP if available. The file as WebP must be in
        # the same place (Original: "example.jpg", WebP: "example.jpg.webp").
        try_files $uri$webp_suffix $uri =404;
    }

    # TYPO3 11 Frontend URL rewriting support
    location / {
        absolute_redirect off;
        try_files $uri $uri/ /index.php$is_args$args;
    }

    # TYPO3 11 Backend URL rewriting support
    location = /typo3 {
        rewrite ^ /typo3/;
    }

    # check if /typo3/index.php exists
    set $typo3_index_exists 0;
    if (-f $document_root/typo3/index.php) {
        set $typo3_index_exists 1;
    }

    location /typo3/ {
        absolute_redirect off;
        try_files $uri $typo3_index$is_args$args;
    }

    # pass the PHP scripts to FastCGI server listening on socket
    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/run/php-fpm.sock;
        fastcgi_buffers 16 16k;
        fastcgi_buffer_size 32k;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param SCRIPT_NAME $fastcgi_script_name;
        fastcgi_index index.php;
        include fastcgi_params;
        fastcgi_intercept_errors off;
        # fastcgi_read_timeout should match max_execution_time in php.ini
        fastcgi_read_timeout 10m;
        fastcgi_param SERVER_NAME $host;
        fastcgi_param HTTPS $fcgi_https;
        # Pass the X-Accel-* headers to facilitate testing.
        fastcgi_pass_header "X-Accel-Buffering";
        fastcgi_pass_header "X-Accel-Charset";
        fastcgi_pass_header "X-Accel-Expires";
        fastcgi_pass_header "X-Accel-Limit-Rate";
        fastcgi_pass_header "X-Accel-Redirect";
    }

    # Compressing resource files will save bandwidth and so improve loading speed especially for users
    # with slower internet connections. TYPO3 can compress the .js and .css files for you.
    # *) Set $GLOBALS['TYPO3_CONF_VARS']['BE']['compressionLevel'] = 9 for the Backend
    # *) Set $GLOBALS['TYPO3_CONF_VARS']['FE']['compressionLevel'] = 9 together with the TypoScript properties
    #    config.compressJs and config.compressCss for GZIP compression of Frontend JS and CSS files.
    location ~ \.js\.gzip$ {
        add_header Content-Encoding gzip;
        gzip off;
        types { text/javascript gzip; }
    }
    location ~ \.css\.gzip$ {
        add_header Content-Encoding gzip;
        gzip off;
        types { text/css gzip; }
    }

    # Prevent clients from accessing hidden files (starting with a dot)
    # This is particularly important if you store .htpasswd files in the site hierarchy
    # Access to `/.well-known/` is allowed.
    # https://www.mnot.net/blog/2010/04/07/well-known
    # https://tools.ietf.org/html/rfc5785
    location ~* /\.(?!well-known\/) {
        deny all;
    }

    # Prevent clients from accessing to backup/config/source files
    location ~* (?:\.(?:bak|conf|dist|fla|in[ci]|log|psd|sh|sql|sw[op])|~)$ {
        deny all;
    }

    location = /favicon.ico {
        log_not_found off;
        access_log off;
    }

    # TYPO3 - Block access to composer files
    location ~* composer\.(?:json|lock) {
        deny all;
    }

    # TYPO3 - Block access to flexform files
    location ~* flexform[^.]*\.xml {
        deny all;
    }

    # TYPO3 - Block access to language files
    location ~* locallang[^.]*\.(?:xml|xlf)$ {
        deny all;
    }

    # TYPO3 - Block access to static typoscript files
    location ~* ext_conf_template\.txt|ext_typoscript_constants\.(?:txt|typoscript)|ext_typoscript_setup\.(?:txt|typoscript) {
        deny all;
    }

    # TYPO3 - Block access to miscellaneous protected files
    location ~* /.*\.(?:bak|co?nf|cfg|ya?ml|ts|typoscript|dist|fla|in[ci]|log|sh|sql)$ {
        deny all;
    }

    # TYPO3 - Block access to recycler and temporary directories
    location ~ _(?:recycler|temp)_/ {
        deny all;
    }

    # TYPO3 - Block access to configuration files stored in fileadmin
    location ~ fileadmin/(?:templates)/.*\.(?:txt|ts|typoscript)$ {
        deny all;
    }

    # TYPO3 - Block access to libaries, source and temporary compiled data
    location ~ ^(?:vendor|typo3_src|typo3temp/var) {
        deny all;
    }

    # TYPO3 - Block access to protected extension directories
    location ~ (?:typo3conf/ext|typo3/sysext|typo3/ext)/[^/]+/(?:Configuration|Resources/Private|Tests?|Documentation|docs?)/ {
        deny all;
    }

    if (!-e $request_filename) {
        rewrite ^/(.+)\.(\d+)\.(php|js|css|png|jpg|gif|gzip)$ /$1.$3 last;
    }
    include /etc/nginx/common.d/*.conf;
    include /mnt/ddev_config/nginx/*.conf;
}

==Dateirechte==

<pre>

sudo chown -R www-data:www-data /var/www/typo3
sudo chmod -R 775 /var/www/typo3

sudo chown www-data:www-data /var/www/typo3/public/typo3/install.php sudo chmod 644 /var/www/typo3/public/typo3/install.php

Abgerufen von „https://ahrensburg.city/index.php?title=IDE:TYPO3&oldid=737