ansible-pet/web/roles/nginx/files/sites-enabled/root.conf

44 lines
1.3 KiB
Plaintext
Raw Permalink Normal View History

2021-02-25 17:50:16 +03:00
server {
listen 80;
# listen 443 ssl http2;
2021-02-25 18:02:15 +03:00
server_name {{domain}};
# ssl_certificate /etc/letsencrypt/live/{{domain}}/fullchain.pem; # managed by Certbot
# ssl_certificate_key /etc/letsencrypt/live/{{domain}}/privkey.pem; # managed by Certbot
# add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
# add_header X-Content-Type-Options nosniff;
# add_header X-XSS-Protection "1; mode=block";
2021-02-25 17:50:16 +03:00
root /var/www/root;
index index.html index.php;
access_log /var/log/nginx/access.log main;
# block cocksucking bots
if ($http_user_agent ~ (Ahrefs|MJ12bot|LinkpadBot|MauiBot|BLEXBot|SMTBot|SemrushBot|Nimbostratus-Bot)) {
return 444;
}
# https redirect
if ($scheme = http) {
return 301 https://$server_name$request_uri;
}
location / {
try_files $uri $uri/ =404;
}
location = /robots.txt {
allow all;
log_not_found off;
# access_log off;
}
location ^~ /.well-known/acme-challenge { }
location ~ .*.php$ {
include /etc/nginx/fastcgi.conf;
2021-02-27 14:51:13 +03:00
fastcgi_pass unix:/run/php/php-other.sock;
2021-02-25 17:50:16 +03:00
fastcgi_index index.php;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
}
}