Version 1.6, initial AUR submission

1 files changed, 50 insertions, 0 deletions

diff --git a/nginx-example.conf b/nginx-example.conf
new file mode 100644
index 000000000000..135b9c040f0f
--- /dev/null
+++ b/nginx-example.conf
@@ -0,0 +1,50 @@
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name hauk.example.com;
+
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305';
+    ssl_session_cache shared:SSL:10m;
+    ssl_stapling on;
+    ssl_stapling_verify on;
+
+    ssl_ecdh_curve 'secp521r1:secp384r1';
+    ssl_prefer_server_ciphers on;
+    ssl_session_timeout 10m;
+    ssl_session_tickets off;
+
+    ssl_certificate /etc/letsencrypt/live/hauk.example.com/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/hauk.example.com/privkey.pem;
+
+    access_log /var/log/nginx/hauk.access.log;
+    error_log /var/log/nginx/hauk.error.log;
+
+    add_header Referrer-Policy same-origin always;
+    add_header X-Frame-Options DENY always;
+    add_header X-Content-Type-Options nosniff always;
+    add_header X-XSS-Protection "1; mode=block" always;
+    add_header X-Robots-Tag "noindex, nofollow" always;
+
+    root /usr/share/webapps/hauk-backend;
+    index index.html index.htm index.php;
+
+    location / {
+        try_files $uri $uri/ =404;
+    }
+
+    location ~ ^/include/ {
+        return 403;
+    }
+
+    location ~ \.php$ {
+        try_files $uri $document_root$fastcgi_script_name =404;
+
+        fastcgi_split_path_info ^(.+\.php)(/.*)$;
+        fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
+        fastcgi_index index.php;
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        include fastcgi_params;
+    }
+}