2024-03-05 08:32:15 -06:00
|
|
|
server {
|
|
|
|
|
listen 8544 ssl http2;
|
|
|
|
|
listen [::]:8544 ssl http2;
|
|
|
|
|
server_name flarum.bubblesthebunny.com;
|
|
|
|
|
|
|
|
|
|
ssl_protocols TLSv1.2 TLSv1.3;
|
|
|
|
|
|
|
|
|
|
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
|
|
|
|
|
|
|
|
|
|
ssl_prefer_server_ciphers on;
|
|
|
|
|
ssl_session_cache shared:SSL:10m;
|
|
|
|
|
ssl_session_tickets off;
|
|
|
|
|
|
|
|
|
|
ssl_certificate /etc/nginx/flarum.bubblesthebunny.com/fullchain.pem;
|
|
|
|
|
ssl_certificate_key /etc/nginx/flarum.bubblesthebunny.com/privkey.pem;
|
|
|
|
|
|
2024-03-06 11:39:48 -06:00
|
|
|
root /var/www/flarum/public;
|
|
|
|
|
index index.php index.html index.htm;
|
|
|
|
|
|
|
|
|
|
location ~ \.php$ {
|
|
|
|
|
include fastcgi_params;
|
|
|
|
|
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
|
|
|
|
fastcgi_pass 127.0.0.1:9000;
|
|
|
|
|
}
|
|
|
|
|
|
2024-03-05 08:32:15 -06:00
|
|
|
# Pass requests that don't refer directly to files in the filesystem to index.php
|
|
|
|
|
location / {
|
2024-03-06 11:39:48 -06:00
|
|
|
index index.php;
|
2024-03-05 08:32:15 -06:00
|
|
|
try_files $uri $uri/ /index.php?$query_string;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# Uncomment the following lines if you are not using a `public` directory
|
|
|
|
|
# to prevent sensitive resources from being exposed.
|
|
|
|
|
# <!-- BEGIN EXPOSED RESOURCES PROTECTION -->
|
|
|
|
|
# location ~* ^/(\.git|composer\.(json|lock)|auth\.json|config\.php|flarum|storage|vendor) {
|
|
|
|
|
# deny all;
|
|
|
|
|
# return 404;
|
|
|
|
|
# }
|
|
|
|
|
# <!-- END EXPOSED RESOURCES PROTECTION -->
|
|
|
|
|
|
|
|
|
|
# The following directives are based on best practices from H5BP Nginx Server Configs
|
|
|
|
|
# https://github.com/h5bp/server-configs-nginx
|
|
|
|
|
|
|
|
|
|
# Expire rules for static content
|
|
|
|
|
location ~* \.(?:manifest|appcache|html?|xml|json)$ {
|
|
|
|
|
add_header Cache-Control "max-age=0";
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
location ~* \.(?:rss|atom)$ {
|
|
|
|
|
add_header Cache-Control "max-age=3600";
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|mp4|ogg|ogv|webm|htc)$ {
|
|
|
|
|
add_header Cache-Control "max-age=2592000";
|
|
|
|
|
access_log off;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
location ~* \.(?:css|js)$ {
|
|
|
|
|
add_header Cache-Control "max-age=31536000";
|
|
|
|
|
access_log off;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
location ~* \.(?:ttf|ttc|otf|eot|woff|woff2)$ {
|
|
|
|
|
add_header Cache-Control "max-age=2592000";
|
|
|
|
|
access_log off;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# Gzip compression
|
|
|
|
|
gzip on;
|
|
|
|
|
gzip_comp_level 5;
|
|
|
|
|
gzip_min_length 256;
|
|
|
|
|
gzip_proxied any;
|
|
|
|
|
gzip_vary on;
|
|
|
|
|
gzip_types
|
|
|
|
|
application/atom+xml
|
|
|
|
|
application/javascript
|
|
|
|
|
application/json
|
|
|
|
|
application/ld+json
|
|
|
|
|
application/manifest+json
|
|
|
|
|
application/rss+xml
|
|
|
|
|
application/vnd.geo+json
|
|
|
|
|
application/vnd.ms-fontobject
|
|
|
|
|
application/x-font-ttf
|
|
|
|
|
application/x-web-app-manifest+json
|
|
|
|
|
application/xhtml+xml
|
|
|
|
|
application/xml
|
|
|
|
|
font/opentype
|
|
|
|
|
image/bmp
|
|
|
|
|
image/svg+xml
|
|
|
|
|
image/x-icon
|
|
|
|
|
text/cache-manifest
|
|
|
|
|
text/css
|
|
|
|
|
text/javascript
|
|
|
|
|
text/plain
|
|
|
|
|
text/vcard
|
|
|
|
|
text/vnd.rim.location.xloc
|
|
|
|
|
text/vtt
|
|
|
|
|
text/x-component
|
|
|
|
|
text/x-cross-domain-policy;
|
|
|
|
|
}
|
