Files
chat/nginx-example.conf
T
Ty Clifford a1971f9515 -
Groups is fully removed:

No homepage navigation, Account feature, tier setting, API, or client 
code.
Legacy group tables, entitlements, messages, voice files, and config are 
purged automatically.
New cache-busted client: cyberchat-app.js?v=20260609.3.
Browser and SQLite migration tests passed with no console errors.
2026-06-09 00:16:32 -04:00

78 lines
1.9 KiB
Plaintext

# nginx-example.conf — Example Nginx virtual host for CyberChat
server {
listen 80;
server_name chat.yourdomain.com;
# Redirect HTTP to HTTPS
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
server_name chat.yourdomain.com;
# SSL — update paths to your certs
ssl_certificate /etc/letsencrypt/live/chat.yourdomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/chat.yourdomain.com/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
root /var/www/html/cyberchat;
index index.html index.php;
client_max_body_size 16m;
# Serve static files directly
location ~* \.(css|js|ico|png|jpg|woff2?)$ {
expires 7d;
add_header Cache-Control "public, immutable";
}
location ~* \.html?$ {
expires -1;
add_header Cache-Control "no-cache, no-store, must-revalidate";
try_files $uri =404;
}
# Never execute files from the voice upload directory
location ~ ^/uploads/voice/.*\.(php|phtml|phar|cgi|pl|py|sh)$ {
deny all;
return 404;
}
# PHP files
location ~ \.php$ {
fastcgi_pass unix:/run/php/php8.1-fpm.sock; # adjust PHP version
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
# Block direct access to storage and internal libraries
location ~ ^/(db|archive|lib)/ {
deny all;
return 404;
}
# Block credentials and SQLite sidecar files
location = /config.json {
deny all;
return 404;
}
location ~* \.sqlite($|-wal$|-shm$) {
deny all;
return 404;
}
# Block dotfiles such as .htaccess and .gitignore
location ~ /\. {
deny all;
return 404;
}
# Default
location / {
try_files $uri $uri/ =404;
}
}