Skip to content

Update default.conf.sample to deny dotfile access#535

Open
nemchik wants to merge 3 commits intopreviousfrom
deny-dotfile-access-previous
Open

Update default.conf.sample to deny dotfile access#535
nemchik wants to merge 3 commits intopreviousfrom
deny-dotfile-access-previous

Conversation

@nemchik
Copy link
Copy Markdown
Member

@nemchik nemchik commented Feb 8, 2026

No description provided.

@nemchik
Update default.conf.sample to deny dotfile access
f32d76d 
Signed-off-by: Eric Nemchik <eric@nemchik.com>
@LinuxServer-CI
Copy link
Copy Markdown
Collaborator

LinuxServer-CI commented Mar 11, 2026

This pull request has been automatically marked as stale because it has not had recent activity. This might be due to missing feedback from OP. It will be closed if no further activity occurs. Thank you for your contributions.

@LinuxServer-CI
Copy link
Copy Markdown
Collaborator

LinuxServer-CI commented Apr 24, 2026

I am a bot, here are the test results for this PR:
https://ci-tests.linuxserver.io/lspipepr/nextcloud/previous-32.0.8-pkg-9de873a0-dev-8101d94a8d6907d65105581635d91f3728d73087-pr-535/index.html
https://ci-tests.linuxserver.io/lspipepr/nextcloud/previous-32.0.8-pkg-9de873a0-dev-8101d94a8d6907d65105581635d91f3728d73087-pr-535/shellcheck-result.xml

Tag Passed
amd64-previous-32.0.8-pkg-9de873a0-dev-8101d94a8d6907d65105581635d91f3728d73087-pr-535
arm64v8-previous-32.0.8-pkg-9de873a0-dev-8101d94a8d6907d65105581635d91f3728d73087-pr-535

Copilot AI review requested due to automatic review settings May 4, 2026 20:53
@LinuxServer-CI LinuxServer-CI moved this from PRs to PRs Ready For Team Review in Issue & PR Tracker May 4, 2026
Copilot AI reviewed May 4, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the bundled Nginx sample site config to more broadly block access to dotfiles, and records the change in the generated README changelog source (readme-vars.yml).

Changes:

  • Update default.conf.sample to deny requests to dotfile paths (and suppress related logging).
  • Add a changelog entry advising existing users to update their Nginx site config.
  • Adjust the existing “Rebase to Alpine 3.22.” changelog entry date.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.

File Description
root/defaults/nginx/site-confs/default.conf.sample Expands dotfile blocking behavior in the sample Nginx server config.
readme-vars.yml Adds a changelog entry describing the dotfile access change (and modifies an older changelog date).

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread root/defaults/nginx/site-confs/default.conf.sample Outdated
Comment on lines +176 to +181
# deny access to all dotfiles
location ~ /\. {
deny all;
log_not_found off;
access_log off;
return 404;
Comment thread root/defaults/nginx/site-confs/default.conf.sample Outdated
location ~ /\.ht {
# deny access to all dotfiles
location ~ /\. {
deny all;
Comment thread readme-vars.yml
changelogs:
- {date: "14.10.25:", desc: "Rebase to Alpine 3.22."}
- {date: "08.02.26:", desc: "Existing users should update: site-confs/default.conf - Deny access to all dotfiles."}
- {date: "10.07.25:", desc: "Rebase to Alpine 3.22."}
@LinuxServer-CI
Copy link
Copy Markdown
Collaborator

LinuxServer-CI commented May 4, 2026

I am a bot, here are the test results for this PR:
https://ci-tests.linuxserver.io/lspipepr/nextcloud/previous-32.0.9-pkg-3db640cb-dev-3c2743f677cd9e1c2b6dbbd1eb06b3b31dd9ba71-pr-535/index.html
https://ci-tests.linuxserver.io/lspipepr/nextcloud/previous-32.0.9-pkg-3db640cb-dev-3c2743f677cd9e1c2b6dbbd1eb06b3b31dd9ba71-pr-535/shellcheck-result.xml

Tag Passed
amd64-previous-32.0.9-pkg-3db640cb-dev-3c2743f677cd9e1c2b6dbbd1eb06b3b31dd9ba71-pr-535
arm64v8-previous-32.0.9-pkg-3db640cb-dev-3c2743f677cd9e1c2b6dbbd1eb06b3b31dd9ba71-pr-535

@nemchik
Move dotfile denial up
b6e5155 
Signed-off-by: Eric Nemchik <eric@nemchik.com>
@LinuxServer-CI
Copy link
Copy Markdown
Collaborator

LinuxServer-CI commented May 5, 2026

I am a bot, here are the test results for this PR:
https://ci-tests.linuxserver.io/lspipepr/nextcloud/previous-32.0.9-pkg-d7059a54-dev-c5b99814c1c84ebbd1d7166c2bc92be1b4af84c2-pr-535/index.html
https://ci-tests.linuxserver.io/lspipepr/nextcloud/previous-32.0.9-pkg-d7059a54-dev-c5b99814c1c84ebbd1d7166c2bc92be1b4af84c2-pr-535/shellcheck-result.xml

Tag Passed
amd64-previous-32.0.9-pkg-d7059a54-dev-c5b99814c1c84ebbd1d7166c2bc92be1b4af84c2-pr-535
arm64v8-previous-32.0.9-pkg-d7059a54-dev-c5b99814c1c84ebbd1d7166c2bc92be1b4af84c2-pr-535

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

Issue & PR Tracker
Status: PRs Ready For Team Review

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@nemchik @LinuxServer-CI