1 files changed, 28 insertions, 44 deletions

diff --git a/nginx.pi-hole.conf b/nginx.pi-hole.conf
index f826f95d58c0..5ebede10b781 100644
--- a/nginx.pi-hole.conf
+++ b/nginx.pi-hole.conf
@@ -1,46 +1,30 @@
-#
-# /etc/nginx/conf.d/pihole.conf
-#
-# https://github.com/pi-hole/pi-hole/wiki/Nginx-Configuration
-#
-
 server {
-	listen 80 default_server;
-	listen [::]:80 default_server;
-
-	root /srv/http/pihole;
-	server_name _;
-	autoindex off;
-
-	proxy_intercept_errors on;
-
-	index index.php index.html index.htm;
-
-	location / {
-		expires max;
-		return 301 /admin/;
-	}
-
-	location ~ \.php$ {
-		include fastcgi.conf;
-		fastcgi_intercept_errors on;
-		fastcgi_pass  127.0.0.1:9000;
-		fastcgi_param SERVER_NAME $host;
-	}
-	
-	location /admin {
-		root /srv/http/pihole;
-		index index.php index.html index.htm;
-		add_header X-Pi-hole "The Pi-hole Web interface is working!";
-		add_header X-Frame-Options "DENY";
-	}
-	
-	location ~ /\.ttf {
-		add_header Access-Control-Allow-Origin "*";
-	}
-
-	location ~ /\.ht {
-		deny all;
-	}
+        listen          :80 default_server;
+        server_name     pi.hole
+                        _;
+        access_log      /var/log/nginx/pihole-access.log main;
+        error_log       /var/log/nginx/pihole-error.log;
+        root            /srv/http/pihole;
+        add_header      X-Pi-hole "The Pi-hole Web interface is working!";
+        add_header      X-Frame-Options "SAMEORIGIN";
+        add_header      X-XSS-Protection "0";
+        add_header      X-Content-Type-Options "nosniff";
+        add_header      Content-Security-Policy "default-src 'self' 'unsafe-inline';";
+        add_header      X-Permitted-Cross-Domain-Policies "none";
+        add_header      Referrer-Policy "same-origin";
+        #pi.hole
+        location / {
+                return          301 http://pi.hole/admin;
+        }
+        location /admin {
+                index           index.php;
+        }
+        location ~ \.php$ {
+                fastcgi_pass    unix:/run/php-fpm/php-fpm.sock;
+                fastcgi_param   SERVER_NAME $host;
+                include         fastcgi.conf;
+        }
+        location = /favicon.ico { access_log off; log_not_found off; }
+        location ~ /\.          { access_log off; log_not_found off; deny all; }
+        location ~ ~$           { access_log off; log_not_found off; deny all; }
 }
-