Home Explore Help
Register Sign In
oleg
/
pixelfed
mirror of https://github.com/pixelfed/pixelfed.git
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

Merge pull request #1587 from pixelfed/trwnh-nginx-conf

Update nginx.conf
daniel 6 years ago
parent
aa7c6632c2 c644efa433
commit
f4e0788dc0
1 changed files with 47 additions and 20 deletions
Split View Show Diff Stats
  1. 47 20
      contrib/nginx.conf

+ 47 - 20
contrib/nginx.conf
View File 

@@ -1,22 +1,49 @@
 
 server {
 
-	listen 80 default_server;
 
-	listen [::]:80 default_server;
 
-	server_name localhost;
 
-
 
-	index index.php index.html;
 
-	root /var/www/html/public;
 
-
 
-	location / {
 
-		try_files $uri $uri/ /$is_args$args;
 
-	}
 
-
 
-	location ~ \.php$ {
 
-		try_files $uri =404;
 
-		fastcgi_split_path_info ^(.+\.php)(/.+)$;
 
-		fastcgi_pass php:9000;
 
-		fastcgi_index index.php;
 
-		include fastcgi_params;
 
-		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
 
-		fastcgi_param PATH_INFO $fastcgi_path_info;
 
-	}
 
+    listen 443 ssl http2;
 
+    listen [::]:443 ssl http2;
 
+    server_name pixelfed.example;                    # change this to your fqdn
 
+    root /home/pixelfed/public;                      # path to repo/public
 
+
 
+    ssl_certificate /etc/nginx/ssl/server.crt;       # generate your own
 
+    ssl_certificate_key /etc/nginx/ssl/server.key;   # or use letsencrypt
 
+
 
+    ssl_protocols TLSv1.2;
 
+    ssl_ciphers EECDH+AESGCM:EECDH+CHACHA20:EECDH+AES;
 
+    ssl_prefer_server_ciphers on;
 
+
 
+    add_header X-Frame-Options "SAMEORIGIN";
 
+    add_header X-XSS-Protection "1; mode=block";
 
+    add_header X-Content-Type-Options "nosniff";
 
+
 
+    index index.html index.htm index.php;
 
+
 
+    charset utf-8;
 
+
 
+    location / {
 
+        try_files $uri $uri/ /index.php?$query_string;
 
+    }
 
+
 
+    location = /favicon.ico { access_log off; log_not_found off; }
 
+    location = /robots.txt  { access_log off; log_not_found off; }
 
+
 
+    error_page 404 /index.php;
 
+
 
+    location ~ \.php$ {
 
+        fastcgi_split_path_info ^(.+\.php)(/.+)$;
 
+        fastcgi_pass unix:/run/php-fpm/php-fpm.sock; # make sure this is correct
 
+        fastcgi_index index.php;
 
+        include fastcgi_params;
 
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; # or $request_filename
 
+    }
 
+
 
+    location ~ /\.(?!well-known).* {
 
+        deny all;
 
+    }
 
+}
 
+
 
+server {                                             # Redirect http to https
 
+    server_name pixelfed.example;                    # change this to your fqdn
 
+    listen 80;
 
+    listen [::]:80;
 
+    return 301 https://$host$request_uri;
 
 }