From 1e98b92d70fba3b11dab75c2c039cce4a4a0b906 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Lebleu?= <jerome@maroufle.fr>
Date: Sat, 14 May 2016 20:09:45 +0200
Subject: [PATCH] [enh] Deny access to hidden files and handle robots.txt in
 nginx.conf

---
 conf/nginx.conf | 11 +++++++++++
 scripts/install |  1 +
 2 files changed, 12 insertions(+)

diff --git a/conf/nginx.conf b/conf/nginx.conf
index b23a85b..e3d6ccb 100644
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@@ -15,6 +15,17 @@ location {LOCATION} {
         fastcgi_param SCRIPT_FILENAME $request_filename;
     }
 
+    location = {PATH}/robots.txt {
+        allow all;
+        log_not_found off;
+        access_log off;
+    }
+
     # Include SSOWAT user panel.
     include conf.d/yunohost_panel.conf.inc;
 }
+
+# Deny access to hidden files and directories
+location ~ ^{PATH}/. {
+    deny all;
+}
diff --git a/scripts/install b/scripts/install
index e775328..05a6707 100644
--- a/scripts/install
+++ b/scripts/install
@@ -82,6 +82,7 @@ ynh_app_setting_set "$app" user "$user"
 
 # Copy and set nginx configuration
 nginx_conf="/etc/nginx/conf.d/${domain}.d/${app}.conf"
+sed -i "s@{PATH}@${path}@g"        ../conf/nginx.conf
 sed -i "s@{LOCATION}@${path:-/}@g" ../conf/nginx.conf
 sed -i "s@{DESTDIR}@${DESTDIR}@g"  ../conf/nginx.conf
 sed -i "s@{POOLNAME}@${app}@g"     ../conf/nginx.conf