diff options
Diffstat (limited to 'nginx.pi-hole.conf')
-rw-r--r-- | nginx.pi-hole.conf | 72 |
1 files changed, 28 insertions, 44 deletions
diff --git a/nginx.pi-hole.conf b/nginx.pi-hole.conf index f826f95d58c0..5ebede10b781 100644 --- a/nginx.pi-hole.conf +++ b/nginx.pi-hole.conf @@ -1,46 +1,30 @@ -# -# /etc/nginx/conf.d/pihole.conf -# -# https://github.com/pi-hole/pi-hole/wiki/Nginx-Configuration -# - server { - listen 80 default_server; - listen [::]:80 default_server; - - root /srv/http/pihole; - server_name _; - autoindex off; - - proxy_intercept_errors on; - - index index.php index.html index.htm; - - location / { - expires max; - return 301 /admin/; - } - - location ~ \.php$ { - include fastcgi.conf; - fastcgi_intercept_errors on; - fastcgi_pass 127.0.0.1:9000; - fastcgi_param SERVER_NAME $host; - } - - location /admin { - root /srv/http/pihole; - index index.php index.html index.htm; - add_header X-Pi-hole "The Pi-hole Web interface is working!"; - add_header X-Frame-Options "DENY"; - } - - location ~ /\.ttf { - add_header Access-Control-Allow-Origin "*"; - } - - location ~ /\.ht { - deny all; - } + listen :80 default_server; + server_name pi.hole + _; + access_log /var/log/nginx/pihole-access.log main; + error_log /var/log/nginx/pihole-error.log; + root /srv/http/pihole; + add_header X-Pi-hole "The Pi-hole Web interface is working!"; + add_header X-Frame-Options "SAMEORIGIN"; + add_header X-XSS-Protection "0"; + add_header X-Content-Type-Options "nosniff"; + add_header Content-Security-Policy "default-src 'self' 'unsafe-inline';"; + add_header X-Permitted-Cross-Domain-Policies "none"; + add_header Referrer-Policy "same-origin"; + #pi.hole + location / { + return 301 http://pi.hole/admin; + } + location /admin { + index index.php; + } + location ~ \.php$ { + fastcgi_pass unix:/run/php-fpm/php-fpm.sock; + fastcgi_param SERVER_NAME $host; + include fastcgi.conf; + } + location = /favicon.ico { access_log off; log_not_found off; } + location ~ /\. { access_log off; log_not_found off; deny all; } + location ~ ~$ { access_log off; log_not_found off; deny all; } } - |