-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdefault.conf
106 lines (80 loc) · 3.45 KB
/
default.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
log_format simasjid '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer"'
'"$http_user_agent" "$http_x_forwarded_for"';
server {
add_header X-Served-By "SIMASJID Server";
add_header X-XSS-Protection "1; mode=block";
add_header X-Frame-Options "SAMEORIGIN";
add_header X-Content-Type-Options "nosniff";
add_header Strict-Transport-Security "max-age=31536000; preload";
add_header Referrer-Policy "no-referrer-when-downgrade";
add_header Permissions-Policy "geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(self),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()";
add_header Cross-Origin-Embedder-Policy "require-corp; report-to='default'";
add_header Cross-Origin-Opener-Policy "same-origin; report-to='default'";
add_header Cross-Origin-Resource-Policy "same-site";
listen 8080; ## listen for ipv4; this line is default and implied
#listen [::]:8080 default ipv6only=on; ## listen for ipv6
root /usr/share/nginx/html/simasjid;
index index.php index.html;
if ($http_x_forwarded_proto = "http") {
return 301 https://$server_name$request_uri;
}
# Make site accessible from http://localhost/
server_name _;
client_max_body_size 70M;
# Disable sendfile as per https://docs.vagrantup.com/v2/synced-folders/virtualbox.html
sendfile off;
# Security - Hide nginx version number in error pages and Server header
server_tokens on;
# Add logging
error_log /var/log/nginx/simasjid-error.log;
access_log /var/log/nginx/simasjid-access.log simasjid;
# reduce the data that needs to be sent over network
gzip on;
gzip_min_length 10240;
gzip_proxied expired no-cache no-store private auth;
gzip_disable "MSIE [1-6]\.";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript application/x-font application/x-font-opentype application/x-font-otf application/x-font-truetype application/x-font-ttf application/x-javascript;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to index.php
limit_except GET POST { deny all; }
index index.php index.html;
try_files $uri $uri/ /index.php;
}
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# pass the PHP scripts to FastCGI server listening on socket
#
location ~ \.php$ {
try_files $uri $uri/ /index.php?$query_string;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/run/php/php8.0-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
location ~* ^.+.(js|css|png|jpg|jpeg|gif|webp|ico|html|woff2)$ {
expires 1y;
access_log off;
add_header Pragma public;
add_header Cache-Control "public";
log_not_found off;
}
# deny access to . files, for security
#
location ~ /\. {
log_not_found off;
deny all;
}
}