eliyas5044 · November 18, 2023 19:15
diff --git a/web.conf b/web.conf
 upstream php {
  server unix:/run/php/php8.2-fpm.sock;
  server 127.0.0.1:9000;
 }

 server {
  listen 80;
  listen 443 ssl http2;

  if ( $scheme = "http" ) {
    return 301 https://$host$request_uri;
  }

  # indicate locations of SSL key files.
  ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

  # indicate the server name
  server_name example.com www.example.com;

  # Enable HSTS. This forces SSL on clients that respect it, most modern browsers. The includeSubDomains flag is optional.
  add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
  add_header X-Frame-Options "SAMEORIGIN";
  add_header X-XSS-Protection "1; mode=block";
  add_header X-Content-Type-Options "nosniff";

  # Set caches, protocols, and accepted ciphers. This config will merit an A+ SSL Labs score as of Sept 2015.
  ssl_session_cache shared:SSL:20m;
  ssl_session_timeout 10m;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_prefer_server_ciphers on;
  ssl_ciphers 'ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5';

  root /var/www/example;
  index index.php;

  location = /favicon.ico {
    log_not_found off;
    access_log off;
  }

  location = /robots.txt {
    allow all;
    log_not_found off;
    access_log off;
  }

  location / {
    try_files $uri $uri/ /index.php?$args;
  }

  location ~ \.php$ {
    #NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
    include fastcgi_params;
    fastcgi_intercept_errors on;
    fastcgi_pass php;
    fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;
  }

  location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
    expires max;
    log_not_found off;
  }

  # ACME-challenge
  location ^~ /.well-known/acme-challenge/ {
    root /var/www/_letsencrypt;
  }

  location ~ /\. {
    deny all;
  }

  location ~* /(?:uploads|files)/.*\.php$ {
    deny all;
  }

  access_log off;
  error_log  /var/log/nginx/example.com-error.log error;
 }
	upstream php {
	server unix:/run/php/php8.2-fpm.sock;
	server 127.0.0.1:9000;
	}

	server {
	listen 80;
	listen 443 ssl http2;

	if ( $scheme = "http" ) {
	return 301 https://$host$request_uri;
	}

	# indicate locations of SSL key files.
	ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

	# indicate the server name
	server_name example.com www.example.com;

	# Enable HSTS. This forces SSL on clients that respect it, most modern browsers. The includeSubDomains flag is optional.
	add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
	add_header X-Frame-Options "SAMEORIGIN";
	add_header X-XSS-Protection "1; mode=block";
	add_header X-Content-Type-Options "nosniff";

	# Set caches, protocols, and accepted ciphers. This config will merit an A+ SSL Labs score as of Sept 2015.
	ssl_session_cache shared:SSL:20m;
	ssl_session_timeout 10m;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_prefer_server_ciphers on;
	ssl_ciphers 'ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5';

	root /var/www/example;
	index index.php;

	location = /favicon.ico {
	log_not_found off;
	access_log off;
	}

	location = /robots.txt {
	allow all;
	log_not_found off;
	access_log off;
	}

	location / {
	try_files $uri $uri/ /index.php?$args;
	}

	location ~ \.php$ {
	#NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
	include fastcgi_params;
	fastcgi_intercept_errors on;
	fastcgi_pass php;
	fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
	}

	location ~* \.(js\|css\|png\|jpg\|jpeg\|gif\|ico)$ {
	expires max;
	log_not_found off;
	}

	# ACME-challenge
	location ^~ /.well-known/acme-challenge/ {
	root /var/www/_letsencrypt;
	}

	location ~ /\. {
	deny all;
	}

	location ~* /(?:uploads\|files)/.*\.php$ {
	deny all;
	}

	access_log off;
	error_log /var/log/nginx/example.com-error.log error;
	}