88 lines
1.9 KiB
Plaintext
88 lines
1.9 KiB
Plaintext
|
server {
|
||
|
# SSL configuration
|
||
|
#
|
||
|
# listen 443 ssl default_server;
|
||
|
# listen [::]:443 ssl default_server;
|
||
|
#
|
||
|
# Note: You should disable gzip for SSL traffic.
|
||
|
# See: https://bugs.debian.org/773332
|
||
|
#
|
||
|
# Read up on ssl_ciphers to ensure a secure configuration.
|
||
|
# See: https://bugs.debian.org/765782
|
||
|
#
|
||
|
# Self signed certs generated by the ssl-cert package
|
||
|
# Don't use them in a production server!
|
||
|
#
|
||
|
# include snippets/snakeoil.conf;
|
||
|
|
||
|
root /rootdir/of/hostas2/;
|
||
|
|
||
|
# Add index.php to the list if you are using PHP
|
||
|
index index.php index.html index.htm index.nginx-debian.html;
|
||
|
|
||
|
server_name example.net;
|
||
|
|
||
|
# For WebFinger lookup
|
||
|
location /.well-known/webfinger {
|
||
|
rewrite ^/.well-known/webfinger /api/webfinger-lookup.php;
|
||
|
}
|
||
|
|
||
|
# API
|
||
|
location /api/v1/ {
|
||
|
index router.php;
|
||
|
rewrite ^/api/v1/(.*)$ /api/v1/router.php?$args;
|
||
|
}
|
||
|
|
||
|
# pass PHP scripts to FastCGI server
|
||
|
|
||
|
location ~ \.php$ {
|
||
|
include snippets/fastcgi-php.conf;
|
||
|
|
||
|
# With php-fpm (or other unix sockets):
|
||
|
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
|
||
|
fastcgi_param DOCUMENT_ROOT $realpath_root;
|
||
|
fastcgi_pass unix:/run/php/php8.2-fpm.sock;
|
||
|
# With php-cgi (or other tcp sockets):
|
||
|
# fastcgi_pass 127.0.0.1:9000;
|
||
|
}
|
||
|
|
||
|
location / {
|
||
|
autoindex on;
|
||
|
# First attempt to serve request as file, then
|
||
|
# as directory, then fall back to displaying a 404.
|
||
|
try_files $uri $uri/ =404;
|
||
|
}
|
||
|
|
||
|
# deny access to .htaccess files, if Apache's document root
|
||
|
# concurs with nginx's one
|
||
|
#
|
||
|
#location ~ /\.ht {
|
||
|
# deny all;
|
||
|
#}
|
||
|
|
||
|
location /config.php {
|
||
|
deny all;
|
||
|
}
|
||
|
|
||
|
listen [::]:443 ssl;
|
||
|
listen 443 ssl;
|
||
|
ssl_certificate /etc/letsencrypt/live/example.net/fullchain.pem;
|
||
|
ssl_certificate_key /etc/letsencrypt/live/example.net/privkey.pem;
|
||
|
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||
|
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
|
||
|
}
|
||
|
server {
|
||
|
if ($host = example.net) {
|
||
|
return 301 https://$host$request_uri;
|
||
|
}
|
||
|
|
||
|
|
||
|
listen 80;
|
||
|
listen [::]:80;
|
||
|
|
||
|
server_name example.net;
|
||
|
return 404;
|
||
|
|
||
|
|
||
|
}
|