Ellrion · April 3, 2025 19:15
diff --git a/php-restrictions.nginxconf b/php-restrictions.nginxconf
 # /etc/nginx/global/php-restrictions.conf
 # Don't throw any errors for missing favicons and don't display them in the logs
 location = /favicon.ico {
    log_not_found off;
    access_log off;
 }

 # Don't log missing robots or show them in the nginx logs
 location = /robots.txt {
    allow all;
    log_not_found off;
    access_log off;
 }

 # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
 # Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
 location ~ /\. {
    deny all;
 }

 # Deny access to any files with a .php extension in the uploads directory
 # Works in sub-directory installs and also in multisite network
 # Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
 location ~* /(?:uploads|files)/.*\.php$ {
    deny all;
 }
diff --git a/site.net.nginxconf b/site.net.nginxconf
 # /etc/nginx/sites-available/site.net.conf
 server {
    # Force non-www version of the site
    listen       80;
    server_name  www.site.net;
    return       301 http://site.net$request_uri;
 }

 server {
    listen 80;
    server_name  site.net;

    # SEO trailing slash problem fix
    rewrite ^/(.*)/$ /$1 permanent; # remove trailing slash
    #rewrite ^(.*[^/])$ $1/ permanent; # add a trailing slash

    root /var/www/site.net/public; # Laravels public folder

    access_log /var/www/site.net/app/storage/logs/nginx.access.log;
    error_log /var/www/site.net/app/storage/logs/nginx.error.log;

    autoindex on;
    index index.php;

    # Cache static files for a long time
    include global/static-asset-caching.conf;

    # Pull in some good PHP defaults
    include global/php-restrictions.conf;

    location / {

        # First try and load files from the public folder, if they don't exist
        # then send the request through to laravel
        try_files $uri $uri/ /index.php;

        # Forward requests on to PHP-FPM
        location = /index.php {
            include /etc/nginx/fastcgi_params;
            fastcgi_index index.php;
            fastcgi_intercept_errors on;
            fastcgi_split_path_info ^(.+\.php)(/.+)$;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            fastcgi_pass unix:/var/run/php-fpm.sock;
        }
    }

    # If someone explicitly tries to load a PHP file return a 404 error,
    # always use url rewrites and never have the .php extension in the url
    location ~ \.php$ {
        return 404;
    }
 }
diff --git a/static-asset-caching.nginxconf b/static-asset-caching.nginxconf
 # /etc/nginx/global/static-asset-caching.conf
 # Any files matching these extensions are cached for a long time
 location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
    expires max;
    add_header Cache-Control public;
    access_log off;
 }
	# /etc/nginx/global/php-restrictions.conf
	# Don't throw any errors for missing favicons and don't display them in the logs
	location = /favicon.ico {
	log_not_found off;
	access_log off;
	}

	# Don't log missing robots or show them in the nginx logs
	location = /robots.txt {
	allow all;
	log_not_found off;
	access_log off;
	}

	# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
	# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
	location ~ /\. {
	deny all;
	}

	# Deny access to any files with a .php extension in the uploads directory
	# Works in sub-directory installs and also in multisite network
	# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
	location ~* /(?:uploads\|files)/.*\.php$ {
	deny all;
	}
	# /etc/nginx/sites-available/site.net.conf
	server {
	# Force non-www version of the site
	listen 80;
	server_name www.site.net;
	return 301 http://site.net$request_uri;
	}

	server {
	listen 80;
	server_name site.net;

	# SEO trailing slash problem fix
	rewrite ^/(.*)/$ /$1 permanent; # remove trailing slash
	#rewrite ^(.*[^/])$ $1/ permanent; # add a trailing slash

	root /var/www/site.net/public; # Laravels public folder

	access_log /var/www/site.net/app/storage/logs/nginx.access.log;
	error_log /var/www/site.net/app/storage/logs/nginx.error.log;

	autoindex on;
	index index.php;

	# Cache static files for a long time
	include global/static-asset-caching.conf;

	# Pull in some good PHP defaults
	include global/php-restrictions.conf;

	location / {

	# First try and load files from the public folder, if they don't exist
	# then send the request through to laravel
	try_files $uri $uri/ /index.php;

	# Forward requests on to PHP-FPM
	location = /index.php {
	include /etc/nginx/fastcgi_params;
	fastcgi_index index.php;
	fastcgi_intercept_errors on;
	fastcgi_split_path_info ^(.+\.php)(/.+)$;
	fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
	fastcgi_pass unix:/var/run/php-fpm.sock;
	}
	}

	# If someone explicitly tries to load a PHP file return a 404 error,
	# always use url rewrites and never have the .php extension in the url
	location ~ \.php$ {
	return 404;
	}
	}
	# /etc/nginx/global/static-asset-caching.conf
	# Any files matching these extensions are cached for a long time
	location ~* \.(jpg\|jpeg\|png\|gif\|ico\|css\|js)$ {
	expires max;
	add_header Cache-Control public;
	access_log off;
	}