86 lines
3.2 KiB
Plaintext
86 lines
3.2 KiB
Plaintext
#
|
|
# Example nginx configuration for fluxbb
|
|
# The engine is installed at the root of the site
|
|
#
|
|
server {
|
|
listen 80; # 80 port only http:
|
|
server_name fluxbb-visman.local *.fluxbb-visman.local; # you need to set your values
|
|
root "/www/fluxbb-visman/"; # you need to set your values
|
|
autoindex off;
|
|
index index.html index.htm index.php;
|
|
charset utf-8;
|
|
server_tokens off;
|
|
|
|
add_header Content-Security-Policy "object-src 'none';frame-ancestors 'none';base-uri 'none';form-action 'self'" always;
|
|
add_header Feature-Policy "accelerometer 'none';ambient-light-sensor 'none';autoplay 'none';battery 'none';camera 'none';document-domain 'self';fullscreen 'self';geolocation 'none';gyroscope 'none';magnetometer 'none';microphone 'none';midi 'none';payment 'none';picture-in-picture 'none';sync-xhr 'self';usb 'none'" always;
|
|
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
|
|
# add_header Strict-Transport-Security "max-age=31536000" always; # for https only
|
|
add_header X-Content-Type-Options "nosniff" always;
|
|
# add_header X-Frame-Options "DENY" always; # fluxbb set this header, in nginx it is difficult to combine headers from two sources
|
|
add_header X-XSS-Protection "1; mode=block" always;
|
|
add_header Permissions-Policy "accelerometer=(),ambient-light-sensor=(),autoplay=(),battery=(),camera=(),document-domain=(self),fullscreen=(self),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),picture-in-picture=(),sync-xhr=(self),usb=()" always;
|
|
|
|
location = /favicon.ico {
|
|
try_files $uri =404;
|
|
|
|
access_log off;
|
|
log_not_found off;
|
|
|
|
expires 1w;
|
|
}
|
|
|
|
location = /robots.txt {
|
|
try_files $uri =404;
|
|
|
|
access_log off;
|
|
log_not_found off;
|
|
}
|
|
|
|
location / {
|
|
try_files $uri =404;
|
|
}
|
|
|
|
#
|
|
# Upload mod
|
|
#
|
|
location /img/members/ {
|
|
try_files $uri /img/members/nofile.gif;
|
|
}
|
|
|
|
location ~ /\.ht {
|
|
return 404;
|
|
}
|
|
|
|
# #
|
|
# Only php scripts located in the root of the site #
|
|
# #
|
|
location ~ ^/(?:[^/\\\.]+\.php)?$ {
|
|
# regex to split $uri to $fastcgi_script_name and $fastcgi_path
|
|
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
|
|
|
# Check that the PHP script exists before passing it
|
|
try_files $fastcgi_script_name =404;
|
|
|
|
# Bypass the fact that try_files resets $fastcgi_path_info
|
|
# see: http://trac.nginx.org/nginx/ticket/321
|
|
set $path_info $fastcgi_path_info; # always equal to an empty string due to location regex
|
|
fastcgi_param PATH_INFO $path_info;
|
|
|
|
fastcgi_index index.php;
|
|
|
|
include fastcgi_params;
|
|
|
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
|
fastcgi_param HTTP_PROXY "";
|
|
|
|
fastcgi_hide_header X-Powered-By;
|
|
|
|
fastcgi_pass php_upstream; # you need to set your values
|
|
#fastcgi_pass unix:/run/php/php7.0-fpm.sock;
|
|
}
|
|
|
|
location ~ \.php$ {
|
|
return 404;
|
|
}
|
|
}
|