Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- server {
- server_name oslopeace19.no www.oslopeace19.no;
- #Logger
- access_log /var/log/nginx/oslopeace19;
- error_log /var/log/nginx/error_oslopeace19;
- #Sikkerhet
- add_header X-Content-Type-Options nosniff;
- add_header X-Frame-Options SAMEORIGIN;
- add_header X-XSS-Protection "1; mode=block";
- add_header Content-Security-Policy "frame-ancestors 'self'";
- server_tokens off;
- index index.php;
- ## Begin - Server Info
- root /var/www/oslopeace19;
- ## End - Server Info
- ## Begin - Index
- # for subfolders, simply adjust the rewrite:
- # to use `/subfolder/index.php`
- location / {
- try_files $uri $uri/ /index.php?$query_string;
- }
- ## End - Index
- location = /.user.ini { deny all; }
- ## Begin - PHP
- location ~ \.php$ {
- # Choose either a socket or TCP/IP address
- fastcgi_pass unix:/run/php/php7.2-fpm.sock;
- # fastcgi_pass 127.0.0.1:9000;
- fastcgi_split_path_info ^(.+\.php)(/.+)$;
- fastcgi_index index.php;
- include fastcgi_params;
- fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
- }
- ## End - PHP
- ## Begin - Security
- # deny all direct access for these folders
- location ~* /(.git|cache|bin|logs|backups)/.*$ { return 403; }
- # deny running scripts inside core system folders
- location ~* /(system|vendor)/.*\.(txt|xml|md|html|yaml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
- # deny running scripts inside user folder
- location ~* /user/.*\.(txt|md|yaml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
- # deny access to specific files in the root folder
- location ~ /(LICENSE|composer.lock|composer.json|nginx.conf|web.config|htaccess.txt|\.htaccess) { return 403; }
- ## End - Security
- listen [::]:443 ssl; # managed by Certbot
- listen 443 ssl; # managed by Certbot
- ssl_certificate /etc/letsencrypt/live/oslopeace19.no/fullchain.pem; # managed by Certbot
- ssl_certificate_key /etc/letsencrypt/live/oslopeace19.no/privkey.pem; # managed by Certbot
- include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
- ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
- }
- server {
- if ($host = oslopeace19.no) {
- return 301 https://$host$request_uri;
- } # managed by Certbot
- if ($host = www.oslopeace19.no) {
- return 301 https://$host$request_uri;
- } # managed by Certbot
- listen 80;
- listen [::]:80;
- root /var/www/oslopeace19;
- server_name oslopeace19.no www.oslopeace19.no;
- return 404; # managed by Certbot
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement