secure (1688B)
1 server { 2 listen 80 default_server; 3 listen [::]:80 default_server; 4 5 server_name _; 6 7 return 301 https://www.caloyannis.xyz$uri; 8 } 9 10 server { 11 listen 443 ssl default_server; 12 listen [::]:443 ssl default_server; 13 14 server_name _; 15 16 ssl_certificate /etc/letsencrypt/live/caloyannis.xyz/fullchain.pem; 17 ssl_certificate_key /etc/letsencrypt/live/caloyannis.xyz/privkey.pem; 18 19 return 301 https://www.caloyannis.xyz$uri; 20 } 21 22 server { 23 listen 443 ssl; 24 listen [::]:443 ssl; 25 26 server_name www.caloyannis.xyz; 27 28 ssl_certificate /etc/letsencrypt/live/caloyannis.xyz/fullchain.pem; 29 ssl_certificate_key /etc/letsencrypt/live/caloyannis.xyz/privkey.pem; 30 31 add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; 32 add_header X-Content-Type-Options "nosniff" always; 33 add_header X-Frame-Options "DENY" always; 34 add_header Referrer-Policy "no-referrer" always; 35 36 # add_header Content-Security-Policy "" always; 37 # add_header Referrer-Policy "strict-origin-when-cross-origin" always; 38 # add_header Permissions-Policy "geolocation=(), microphone=(), camera=()" always; 39 40 root /srv/http/caloyannis; 41 42 index index.php index.html index.htm; 43 44 location / { 45 #try_files $uri $uri/ =404; 46 try_files $uri $uri/ @rewrite; 47 } 48 49 location @rewrite { 50 rewrite ^/([^/?]+)/?$ /?q=$1 last; 51 } 52 53 location ~ \.php$ { 54 include snippets/fastcgi-php.conf; 55 56 # With php-fpm (or other unix sockets): 57 fastcgi_pass unix:/run/php/php8.4-fpm.sock; 58 #fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 59 } 60 61 # deny access to .htaccess files, if Apache's document root 62 # concurs with nginx's one 63 # 64 #location ~ /\.ht { 65 # deny all; 66 #} 67 }