diff options
author | Marius Lindvall | 2019-12-29 20:16:22 +0100 |
---|---|---|
committer | Marius Lindvall | 2019-12-29 20:16:22 +0100 |
commit | 308426e866659a678fdf8f75d5c4fa42a9ed6890 (patch) | |
tree | 44d6948639a60483ad81bdbe5691efd915fb19ae /nginx-example.conf | |
download | aur-308426e866659a678fdf8f75d5c4fa42a9ed6890.tar.gz |
Version 1.6, initial AUR submission
Diffstat (limited to 'nginx-example.conf')
-rw-r--r-- | nginx-example.conf | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/nginx-example.conf b/nginx-example.conf new file mode 100644 index 000000000000..135b9c040f0f --- /dev/null +++ b/nginx-example.conf @@ -0,0 +1,50 @@ +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name hauk.example.com; + + ssl_protocols TLSv1.2 TLSv1.3; + ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305'; + ssl_session_cache shared:SSL:10m; + ssl_stapling on; + ssl_stapling_verify on; + + ssl_ecdh_curve 'secp521r1:secp384r1'; + ssl_prefer_server_ciphers on; + ssl_session_timeout 10m; + ssl_session_tickets off; + + ssl_certificate /etc/letsencrypt/live/hauk.example.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/hauk.example.com/privkey.pem; + + access_log /var/log/nginx/hauk.access.log; + error_log /var/log/nginx/hauk.error.log; + + add_header Referrer-Policy same-origin always; + add_header X-Frame-Options DENY always; + add_header X-Content-Type-Options nosniff always; + add_header X-XSS-Protection "1; mode=block" always; + add_header X-Robots-Tag "noindex, nofollow" always; + + root /usr/share/webapps/hauk-backend; + index index.html index.htm index.php; + + location / { + try_files $uri $uri/ =404; + } + + location ~ ^/include/ { + return 403; + } + + location ~ \.php$ { + try_files $uri $document_root$fastcgi_script_name =404; + + fastcgi_split_path_info ^(.+\.php)(/.*)$; + fastcgi_pass unix:/run/php-fpm/php-fpm.sock; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + } +} |