Does this config block access to the site for search robots and users?

S

Sergey Khlopov2021-11-28 12:58:55

Nginx

Sergey Khlopov, 2021-11-28 12:58:55

Hello, tell me please, it is necessary to make such a config so that search robots and users who do not have a login and password can not enter the site, do I understand correctly that with such a config I achieve this goal? I just ask to make sure, otherwise maybe I'm missing something, when I go to the login request and the password crashes, the site is on modx. Thank you in advance for your response.

server {

    server_name domain.ru;
    root /var/www/user/chroot/domain;
    index index.html index.htm index.php;
   
    location / {
    auth_basic "Restricted";
    auth_basic_user_file /var/www/user/chroot/.htpasswd; 
        try_files $uri $uri/ /index.php?$query_string;
    }
    location ~* ^.+\.(js|css|svg|jpg|png|ico|pdf|woff2|woff|ttf)$ {
        expires max;
    }

    location = /favicon.svg { access_log off; log_not_found off; }
    location = /robots.txt  { access_log off; log_not_found off; }
    
    error_page 404 /index.php;
    
    location ~ \.php$ {
        fastcgi_pass unix:/var/www/user/chroot/tmp/php.sock;
        fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
        include fastcgi_params;
    }
    
    location ~ /\.(?!well-known).* {
        deny all;
    }
    
    if ($request_uri ~ "^(.*)index\.(?:php|html)") {
        return 301 $1;
    }


    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/domain/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/domain/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server {
    if ($host = domain.ru) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    server_name domain.ru;
    listen 80;
    return 404; # managed by Certbot
}