mirror of
https://github.com/ceratic/MediaCollectorLibary.git
synced 2026-05-13 23:56:46 +02:00
111 lines
3.1 KiB
Nginx Configuration File
111 lines
3.1 KiB
Nginx Configuration File
server {
|
|
listen 80;
|
|
server_name localhost;
|
|
root /var/www/media-collector/public;
|
|
index index.php index.html index.htm;
|
|
|
|
# Security: Hide nginx version
|
|
server_tokens off;
|
|
|
|
# Handle static files with caching
|
|
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
|
|
expires 1y;
|
|
add_header Cache-Control "public, immutable";
|
|
add_header X-Frame-Options "SAMEORIGIN";
|
|
try_files $uri =404;
|
|
}
|
|
|
|
# Main location block
|
|
location / {
|
|
try_files $uri $uri/ /index.php?$query_string;
|
|
}
|
|
|
|
# PHP processing via FastCGI
|
|
location ~ \.php$ {
|
|
# Security: Don't pass requests to PHP for non-existent files
|
|
try_files $uri =404;
|
|
|
|
fastcgi_pass unix:/run/php/php8.2-fpm.sock;
|
|
fastcgi_index index.php;
|
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
|
|
|
# FastCGI parameters
|
|
include fastcgi_params;
|
|
|
|
# Security and proxy headers
|
|
fastcgi_param HTTPS off;
|
|
fastcgi_param HTTP_X_FORWARDED_PROTO $scheme;
|
|
fastcgi_param HTTP_X_REAL_IP $remote_addr;
|
|
fastcgi_param HTTP_X_FORWARDED_FOR $proxy_add_x_forwarded_for;
|
|
|
|
# Performance settings
|
|
fastcgi_read_timeout 300;
|
|
fastcgi_send_timeout 300;
|
|
fastcgi_connect_timeout 300;
|
|
|
|
# Buffer settings for large uploads
|
|
fastcgi_buffer_size 128k;
|
|
fastcgi_buffers 256 16k;
|
|
fastcgi_busy_buffers_size 256k;
|
|
fastcgi_temp_file_write_size 256k;
|
|
}
|
|
|
|
# Security headers for all responses
|
|
add_header X-Frame-Options "SAMEORIGIN" always;
|
|
add_header X-XSS-Protection "1; mode=block" always;
|
|
add_header X-Content-Type-Options "nosniff" always;
|
|
add_header Referrer-Policy "no-referrer-when-downgrade" always;
|
|
add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always;
|
|
|
|
# Hide PHP version in headers
|
|
fastcgi_hide_header X-Powered-By;
|
|
|
|
# Gzip compression
|
|
gzip on;
|
|
gzip_vary on;
|
|
gzip_min_length 1024;
|
|
gzip_comp_level 6;
|
|
gzip_types
|
|
application/atom+xml
|
|
application/javascript
|
|
application/json
|
|
application/ld+json
|
|
application/manifest+json
|
|
application/rss+xml
|
|
application/vnd.geo+json
|
|
application/vnd.ms-fontobject
|
|
application/x-font-ttf
|
|
application/x-web-app-manifest+json
|
|
application/xhtml+xml
|
|
application/xml
|
|
font/opentype
|
|
image/bmp
|
|
image/svg+xml
|
|
image/x-icon
|
|
text/cache-manifest
|
|
text/css
|
|
text/plain
|
|
text/vcard
|
|
text/vnd.rim.location.xloc
|
|
text/vtt
|
|
text/x-component
|
|
text/x-cross-domain-policy;
|
|
|
|
# Handle .htaccess files (if using Apache-style rewrites)
|
|
location ~ /\.ht {
|
|
deny all;
|
|
}
|
|
|
|
# Prevent access to sensitive files
|
|
location ~* \.(env|log|sql|bak|backup)$ {
|
|
deny all;
|
|
}
|
|
|
|
# Health check endpoint for monitoring
|
|
location /health {
|
|
access_log off;
|
|
return 200 "healthy\n";
|
|
add_header Content-Type text/plain;
|
|
}
|
|
}
|