-
-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathnginx.conf
executable file
·142 lines (118 loc) · 2.9 KB
/
nginx.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
# BEGIN Gzip Compression
gzip on;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript image/svg+xml;
# Serve pre-compressed files
map $http_accept_encoding $gzip_suffix {
"~gzip" ".gz";
default "";
}
# Serve the correct content type for gzipped files
map $gzip_suffix $gzip_type {
".css.gz" "text/css";
".js.gz" "application/javascript";
".svg.gz" "image/svg+xml";
default "";
}
# Apply gzip compression to matched files
server {
...
location ~* \.(css|js)$ {
add_header Content-Encoding gzip;
try_files $uri$gzip_suffix $uri =404;
types { $gzip_suffix $gzip_type; }
}
...
}
# Serve fonts and font-related file types
types {
text/javascript .js
image/webp .webp
image/x-icon .ico
image/svg+xml .svg
application/font-woff woff;
application/font-woff2 woff2;
application/vnd.ms-fontobject eot;
font/opentype otf;
font/truetype ttf;
}
# END Gzip Compression
# BEGIN Caching
location / {
expires 300s;
# No caching for PHP files
location ~* \.php$ {
expires epoch;
add_header Cache-Control "no-store, no-cache, must-revalidate, max-age=0";
}
# Caching for favicon.ico
location = /favicon.ico {
expires 2592000s;
}
}
# END Caching
# BEGIN Spelling
# This module is not available for nginx
# END Spelling
# BEGIN URL rewrite
location / {
rewrite ^/(.*)\.js$ /$1.js.gz break;
if ($request_filename ~* "\.(js|css)$") {
add_header Content-Encoding gzip;
}
# Rewrite all other requests to index.php
if (!-e $request_filename) {
rewrite ^/(.*)$ /?${query_string} last;
}
}
# Redirect to HTTPS
server {
listen 80;
server_name example.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name example.com;
ssl_certificate /path/to/cert.pem;
ssl_certificate_key /path/to/key.pem;
# ... other SSL-related configuration
# Normal server configuration
location / {
# ... server configuration for non-SSL requests
}
}
# END URL rewrite
# BEGIN Access control
location ~ \.php$ {
deny all;
allow 127.0.0.1;
}
location /index.php {
allow all;
}
# Disable directory view
location / {
autoindex off;
}
# Disable unsupported scripts
location ~ \.(pl|py|jsp|asp|shtml|sh|cgi)$ {
deny all;
}
#<ifmodule mod_headers.c>
# # XSS protection
# add_header X-XSS-Protection "1; mode=block";
#
# # Nosnif
# add_header X-Content-Type-Options "nosniff";
#
# # Iframes only from self
# add_header X-Frame-Options "SAMEORIGIN";
#</ifmodule>
location = /ServiceWorker.js {
add_header Service-Worker-Allowed "/";
}
# Php config
# This should be removed from here and adjusted in the php.ini file
php_value upload_max_filesize 40M;
php_value post_max_size 40M;
php_value memory_limit