2020-04-12 03:11:21 +02:00
|
|
|
# If using Ubuntu this file should be placed in:
|
2018-08-05 01:21:51 +02:00
|
|
|
# /etc/nginx/sites-available/
|
|
|
|
#
|
|
|
|
server {
|
|
|
|
listen 80;
|
|
|
|
server_name <domain>;
|
|
|
|
return 301 https://$server_name$request_uri;
|
|
|
|
}
|
|
|
|
|
|
|
|
server {
|
|
|
|
listen 443 ssl http2;
|
|
|
|
server_name <domain>;
|
|
|
|
|
2018-11-11 00:57:49 +01:00
|
|
|
root /app/public;
|
2018-08-05 01:21:51 +02:00
|
|
|
index index.php;
|
|
|
|
|
|
|
|
access_log /var/log/nginx/pterodactyl.app-access.log;
|
|
|
|
error_log /var/log/nginx/pterodactyl.app-error.log error;
|
|
|
|
|
|
|
|
# allow larger file uploads and longer script runtimes
|
|
|
|
client_max_body_size 100m;
|
|
|
|
client_body_timeout 120s;
|
|
|
|
|
|
|
|
sendfile off;
|
|
|
|
|
|
|
|
# strengthen ssl security
|
|
|
|
ssl_certificate /etc/letsencrypt/live/<domain>/fullchain.pem;
|
|
|
|
ssl_certificate_key /etc/letsencrypt/live/<domain>/privkey.pem;
|
|
|
|
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
|
|
|
ssl_prefer_server_ciphers on;
|
|
|
|
ssl_session_cache shared:SSL:10m;
|
|
|
|
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
|
|
|
|
|
|
|
|
# See the link below for more SSL information:
|
|
|
|
# https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
|
|
|
|
#
|
|
|
|
# ssl_dhparam /etc/ssl/certs/dhparam.pem;
|
|
|
|
|
|
|
|
# Add headers to serve security related headers
|
|
|
|
add_header Strict-Transport-Security "max-age=15768000; preload;";
|
|
|
|
add_header X-Content-Type-Options nosniff;
|
|
|
|
add_header X-XSS-Protection "1; mode=block";
|
|
|
|
add_header X-Robots-Tag none;
|
|
|
|
add_header Content-Security-Policy "frame-ancestors 'self'";
|
|
|
|
|
|
|
|
location / {
|
|
|
|
try_files $uri $uri/ /index.php?$query_string;
|
|
|
|
}
|
|
|
|
|
|
|
|
location ~ \.php$ {
|
|
|
|
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
2020-04-12 03:11:21 +02:00
|
|
|
fastcgi_pass 127.0.0.1:9000;
|
2018-08-05 01:21:51 +02:00
|
|
|
fastcgi_index index.php;
|
|
|
|
include fastcgi_params;
|
|
|
|
fastcgi_param PHP_VALUE "upload_max_filesize = 100M \n post_max_size=100M";
|
|
|
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
|
|
|
fastcgi_param HTTP_PROXY "";
|
|
|
|
fastcgi_intercept_errors off;
|
|
|
|
fastcgi_buffer_size 16k;
|
|
|
|
fastcgi_buffers 4 16k;
|
|
|
|
fastcgi_connect_timeout 300;
|
|
|
|
fastcgi_send_timeout 300;
|
|
|
|
fastcgi_read_timeout 300;
|
|
|
|
include /etc/nginx/fastcgi_params;
|
|
|
|
}
|
|
|
|
|
|
|
|
location ~ /\.ht {
|
|
|
|
deny all;
|
|
|
|
}
|
|
|
|
}
|