Add some deny blocks to secure cache directories for tt-rss

ubuntu/site.yml

@@ -235,6 +235,12 @@
         - ssl_stapling on
         - resolver 8.8.8.8 valid=300s
         - add_header Strict-Transport-Security max-age=31536000
+        - location /cache {
+            deny all;
+          }
+        - location = /config.php {
+            deny all;
+          }
         - location / {
             try_files $uri $uri/ /index.php?$args;
           }