44 lines
1.3 KiB
Plaintext
44 lines
1.3 KiB
Plaintext
server {
|
|
listen 80;
|
|
listen 443 ssl http2;
|
|
server_name {{domain}};
|
|
ssl_certificate /etc/letsencrypt/live/{{domain}}/fullchain.pem; # managed by Certbot
|
|
ssl_certificate_key /etc/letsencrypt/live/{{domain}}/privkey.pem; # managed by Certbot
|
|
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
|
|
add_header X-Content-Type-Options nosniff;
|
|
add_header X-XSS-Protection "1; mode=block";
|
|
|
|
root /var/www/root;
|
|
index index.html index.php;
|
|
access_log /var/log/nginx/access.log main;
|
|
|
|
# block cocksucking bots
|
|
if ($http_user_agent ~ (Ahrefs|MJ12bot|LinkpadBot|MauiBot|BLEXBot|SMTBot|SemrushBot|Nimbostratus-Bot)) {
|
|
return 444;
|
|
}
|
|
|
|
# https redirect
|
|
if ($scheme = http) {
|
|
return 301 https://$server_name$request_uri;
|
|
}
|
|
|
|
location / {
|
|
try_files $uri $uri/ =404;
|
|
}
|
|
location = /robots.txt {
|
|
allow all;
|
|
log_not_found off;
|
|
# access_log off;
|
|
}
|
|
location ^~ /.well-known/acme-challenge { }
|
|
location ~ .*.php$ {
|
|
include /etc/nginx/fastcgi.conf;
|
|
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
|
|
fastcgi_index index.php;
|
|
}
|
|
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
|
|
expires max;
|
|
log_not_found off;
|
|
}
|
|
}
|