Files
chat/nginx-example.conf
T
2026-06-08 15:44:15 -04:00

72 lines
1.7 KiB
Plaintext

# nginx-example.conf — Example Nginx virtual host for CyberChat
server {
listen 80;
server_name chat.yourdomain.com;
# Redirect HTTP to HTTPS
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
server_name chat.yourdomain.com;
# SSL — update paths to your certs
ssl_certificate /etc/letsencrypt/live/chat.yourdomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/chat.yourdomain.com/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
root /var/www/html/cyberchat;
index index.html index.php;
client_max_body_size 16m;
# Serve static files directly
location ~* \.(css|js|ico|png|jpg|woff2?)$ {
expires 7d;
add_header Cache-Control "public, immutable";
}
# Never execute files from the voice upload directory
location ~ ^/uploads/voice/.*\.(php|phtml|phar|cgi|pl|py|sh)$ {
deny all;
return 404;
}
# PHP files
location ~ \.php$ {
fastcgi_pass unix:/run/php/php8.1-fpm.sock; # adjust PHP version
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
# Block direct access to storage and internal libraries
location ~ ^/(db|archive|lib)/ {
deny all;
return 404;
}
# Block credentials and SQLite sidecar files
location = /config.json {
deny all;
return 404;
}
location ~* \.sqlite($|-wal$|-shm$) {
deny all;
return 404;
}
# Block dotfiles such as .htaccess and .gitignore
location ~ /\. {
deny all;
return 404;
}
# Default
location / {
try_files $uri $uri/ =404;
}
}