v2.0.0
This commit is contained in:
@@ -0,0 +1,66 @@
|
||||
# nginx-example.conf — Example Nginx virtual host for CyberChat
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
server_name chat.yourdomain.com;
|
||||
# Redirect HTTP to HTTPS
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
server_name chat.yourdomain.com;
|
||||
|
||||
# SSL — update paths to your certs
|
||||
ssl_certificate /etc/letsencrypt/live/chat.yourdomain.com/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/chat.yourdomain.com/privkey.pem;
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_ciphers HIGH:!aNULL:!MD5;
|
||||
|
||||
root /var/www/html/cyberchat;
|
||||
index index.html index.php;
|
||||
client_max_body_size 16m;
|
||||
|
||||
# Serve static files directly
|
||||
location ~* \.(css|js|ico|png|jpg|woff2?)$ {
|
||||
expires 7d;
|
||||
add_header Cache-Control "public, immutable";
|
||||
}
|
||||
|
||||
# Never execute files from the voice upload directory
|
||||
location ~ ^/uploads/voice/.*\.(php|phtml|phar|cgi|pl|py|sh)$ {
|
||||
deny all;
|
||||
return 404;
|
||||
}
|
||||
|
||||
# PHP files
|
||||
location ~ \.php$ {
|
||||
fastcgi_pass unix:/run/php/php8.1-fpm.sock; # adjust PHP version
|
||||
fastcgi_index index.php;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
include fastcgi_params;
|
||||
}
|
||||
|
||||
# Block direct access to db/ and archive/ directories
|
||||
location ~ ^/(db|archive)/ {
|
||||
deny all;
|
||||
return 404;
|
||||
}
|
||||
|
||||
# Block .sqlite files from being served directly
|
||||
location ~* \.sqlite$ {
|
||||
deny all;
|
||||
return 404;
|
||||
}
|
||||
|
||||
# Block dotfiles such as .htaccess and .gitignore
|
||||
location ~ /\. {
|
||||
deny all;
|
||||
return 404;
|
||||
}
|
||||
|
||||
# Default
|
||||
location / {
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user