Diferencia entre revisiones de «LEMP»

# MariaDB 11.8 repository list - created 2026-02-23 08:31 UTC
# https://mariadb.org/download/
X-Repolib-Name: MariaDB
Types: deb
# deb.mariadb.org is a dynamic mirror if your preferred mirror goes offline. See https://mariadb.org/mirrorbits/ for details.
# URIs: https://deb.mariadb.org/11.8/ubuntu
URIs: https://mirror.raiolanetworks.com/mariadb/repo/11.8/ubuntu
Suites: noble
Components: main main/debug
Signed-By: /etc/apt/keyrings/mariadb-keyring.pgp

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
haven't set the root password yet, you should just press enter here.

Enter current password for root (enter for none):
OK, successfully used password, moving on...

Setting the root password or using the unix_socket ensures that nobody
can log into the MariaDB root user without the proper authorisation.

You already have your root account protected, so you can safely answer 'n'.

Switch to unix_socket authentication [Y/n] n
 ... skipping.

You already have your root account protected, so you can safely answer 'n'.

Change the root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
 ... Success!


By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] y
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] Y
 ... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] Y
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] Y
 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

[...]
; Maximum amount of memory a script may consume
; https://php.net/memory-limit
memory_limit = 128M
max_memory_limit = -1
[...]
; Maximum size of POST data that PHP will accept.
; Its value may be 0 to disable the limit. It is ignored if POST data reading
; is disabled through enable_post_data_reading.
; https://php.net/post-max-size
post_max_size = 100M
[...]
; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI.  PHP's
; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok
; what PATH_INFO is.  For more information on PATH_INFO, see the cgi specs.  Setting
; this to 1 will cause PHP CGI to fix its paths to conform to the spec.  A setting
; of zero causes PHP to behave as before.  Default is 1.  You should fix your scripts
; to use SCRIPT_FILENAME rather than PATH_TRANSLATED.
; https://php.net/cgi.fix-pathinfo
cgi.fix_pathinfo=0
[...]
; Whether to allow HTTP file uploads.
; https://php.net/file-uploads
file_uploads = On
[...]
; Maximum allowed size for uploaded files.
; https://php.net/upload-max-filesize
upload_max_filesize = 100M
[...]
; Maximum number of files that can be uploaded via a single request
max_file_uploads = 20
[...]
[Session]
; Handler used to store/retrieve data.
; https://php.net/session.save-handler
session.save_handler = files
[...]

[...]
; Maximum amount of memory a script may consume
; https://php.net/memory-limit
memory_limit = -1
max_memory_limit = -1
[...]
; Maximum size of POST data that PHP will accept.
; Its value may be 0 to disable the limit. It is ignored if POST data reading
; is disabled through enable_post_data_reading.
; https://php.net/post-max-size
post_max_size = 100M
[...]
; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI.  PHP's
; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok
; what PATH_INFO is.  For more information on PATH_INFO, see the cgi specs.  Setting
; this to 1 will cause PHP CGI to fix its paths to conform to the spec.  A setting
; of zero causes PHP to behave as before.  Default is 1.  You should fix your scripts
; to use SCRIPT_FILENAME rather than PATH_TRANSLATED.
; https://php.net/cgi.fix-pathinfo
cgi.fix_pathinfo=0
[...]
; Whether to allow HTTP file uploads.
; https://php.net/file-uploads
file_uploads = On
[...]
; Maximum allowed size for uploaded files.
; https://php.net/upload-max-filesize
upload_max_filesize = 100M
[...]
; Maximum number of files that can be uploaded via a single request
max_file_uploads = 20
[...]
[Session]
; Handler used to store/retrieve data.
; https://php.net/session.save-handler
session.save_handler = files
[...]

[...]
http {
        ##
        # Basic Settings
        ##
        sendfile on;
        tcp_nopush on;
        types_hash_max_size 2048;
        client_max_body_size 100M;
        server_tokens off;
[...]
        ##
        # SSL Settings
        ##
        #ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
        ssl_protocols TLSv1.2 TLSv1.3;
        ssl_prefer_server_ciphers on;
        ssl_dhparam /etc/nginx/ssl/dhparam.pem;
[...]
}

# Allow favicon.ico, robots.txt, .well-known/
location = /favicon.ico {
        log_not_found off;
        access_log off;
}

# Allow robots.txt
location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
}

# Allow "Well-Known URIs" as pwe RFC 5785 (e.g. Let's Encrypt)
location ~* ^/.well-known/ {
        auth_basic off;
        allow all;
}

# Deny *.txt, *.log, .*/*.php, .*, *.json, .lock, *.ht

# Not allow txt or logs to be downloaded
location ~* \.(txt|log)$ {
        deny all;
}

# Not allow execute php in hidden folders
location ~ \..*/.\.php$ {
        return 403;
}

# Not allow "hidden files"
location ~ (^|/)\. {
        return 403;
}

# Not allow *.json or *.lock
location ~* \.(json|lock)$ {
        return 403;
}

# Deny *.ht
location ~ /\.ht {
        deny all;
}

# Activate HSTS (HTTP Strict Transport Security)
# Note: if we set another header in a location we've to
#       rewrite it
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# http://wiki.nginx.org/Pitfalls
# http://wiki.nginx.org/QuickStart
# http://wiki.nginx.org/Configuration
#
# Generally, you will want to move this file somewhere, and start with a clean
# file but keep this around for reference. Or just disable in sites-enabled.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##

# Default server configuration
#
server {
        # Redirect HTTP to HTTPS
        listen 80 default_server;
        listen [::]:80 default_server;
        server_name www.culturetas.net culturetas.net;
        # Redirect HTTP to HTTPS
        return 301 https://$host$request_uri;
}

server {
        # SSL configuration
        #
        listen 443 ssl http2 default_server;
        listen [::]:443 ssl http2 default_server;
        ssl_certificate /etc/ssl/certs/selfsigned.crt;
        ssl_certificate_key /etc/ssl/private/selfsigned.key;
        #
        # Note: You should disable gzip for SSL traffic.
        # See: https://bugs.debian.org/773332
        #
        # Read up on ssl_ciphers to ensure a secure configuration.
        # See: https://bugs.debian.org/765782
        #
        # Self signed certs generated by the ssl-cert package
        # Don't use them in a production server!
        #
        # include snippets/snakeoil.conf;

        root /var/www/culturetas.net;

        # Add index.php to the list if you are using PHP
        index index.php index.html index.htm;

        server_name www.culturetas.net culturetas.net;

        access_log /var/log/nginx/culturetas.net-access.log;
        error_log /var/log/nginx/culturetas.net-error.log;

#       # Auth Basic (for developing)
#       auth_basic "Pagina Restringida";
#       auth_basic_user_file /etc/nginx/passwd/passwd-culturetas.net;

        # Activate HSTS (HTTP Strict Transport Security)
        # Note: reinclude if in a location a header is set
        include snippets/hsts.conf;

        # Allow favicon.ico, robots.txt, .well-known/
        # Deny *.txt, *.log, .*/*.php, .*, *.json, .lock, *.ht
        include snippets/allowed.conf;
        include snippets/denied.conf;

        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                #try_files $uri $uri/ =404;
                try_files $uri $uri/ /index.php?$args;
        }

        # pass the PHP scripts to FastCGI server
        #
        location ~ \.php$ {
                include snippets/fastcgi-php.conf;

        #       # With php8.5-cgi alone (TCP Ports):
        #       fastcgi_pass 127.0.0.1:9000;
                # With php8.5-fpm (UNIX Socket):
                fastcgi_pass unix:/run/php/php8.5-fpm.sock;
        }

        # Disable hidden files
        location ~ /\. {
                deny all;
        }
}

<!DOCTYPE html>
<html lang="es">
<head>
  <meta charset="UTF-8" />
  <meta name="viewport" content="width=device-width, initial-scale=1.0"/>
  <title>Culturetas.net - En construcción</title>
  <style>
    body {
      margin: 0;
      padding: 0;
      height: 100vh;
      font-family: system-ui, -apple-system, sans-serif;
      background: linear-gradient(135deg, #1e3a8a 0%, #3b82f6 100%);
      color: white;
      display: flex;
      flex-direction: column;
      align-items: center;
      justify-content: center;
      text-align: center;
    }
    
    .container {
      max-width: 700px;
      padding: 20px;
    }
    
    h1 {
      font-size: 4.5rem;
      margin: 0.2em 0;
      font-weight: 800;
      letter-spacing: -1px;
      text-shadow: 0 4px 12px rgba(0,0,0,0.3);
    }
    
    .subtitle {
      font-size: 1.6rem;
      margin: 0.8em 0 1.5em;
      opacity: 0.95;
    }
    
    .construction {
      font-size: 8rem;
      margin: 0.3em 0;
      animation: bounce 3s infinite;
    }
    
    p {
      font-size: 1.3rem;
      line-height: 1.6;
      max-width: 600px;
      margin: 1.5em auto;
      opacity: 0.9;
    }
    
    .soon {
      font-size: 2rem;
      font-weight: bold;
      margin-top: 2rem;
      color: #fef08a;
      text-shadow: 0 2px 10px rgba(0,0,0,0.4);
    }
    
    @keyframes bounce {
      0%, 20%, 50%, 80%, 100% { transform: translateY(0); }
      40% { transform: translateY(-25px); }
      60% { transform: translateY(-12px); }
    }
    
    @media (max-width: 600px) {
      h1 { font-size: 3.2rem; }
      .construction { font-size: 6rem; }
      .subtitle { font-size: 1.3rem; }
    }
  </style>
</head>
<body>

  <div class="container">
    <div class="construction">🚧</div>
    <h1>Culturetas.net</h1>
    <div class="subtitle">Está en construcción</div>
    
    <p>Estamos trabajando para traerte un espacio mucho más bonito, rápido y con mucho más contenido cultural interesante.</p>
    
    <p>¡Vuelve en unos días y te sorprenderás!</p>
    
    <div class="soon">Próximamente... ✨</div>
  </div>

</body>
</html>