nginx.conf 1.5 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849
  1. server {
  2. listen 443 ssl http2;
  3. listen [::]:443 ssl http2;
  4. server_name pixelfed.example; # change this to your fqdn
  5. root /home/pixelfed/public; # path to repo/public
  6. ssl_certificate /etc/nginx/ssl/server.crt; # generate your own
  7. ssl_certificate_key /etc/nginx/ssl/server.key; # or use letsencrypt
  8. ssl_protocols TLSv1.2;
  9. ssl_ciphers EECDH+AESGCM:EECDH+CHACHA20:EECDH+AES;
  10. ssl_prefer_server_ciphers on;
  11. add_header X-Frame-Options "SAMEORIGIN";
  12. add_header X-XSS-Protection "1; mode=block";
  13. add_header X-Content-Type-Options "nosniff";
  14. index index.html index.htm index.php;
  15. charset utf-8;
  16. location / {
  17. try_files $uri $uri/ /index.php?$query_string;
  18. }
  19. location = /favicon.ico { access_log off; log_not_found off; }
  20. location = /robots.txt { access_log off; log_not_found off; }
  21. error_page 404 /index.php;
  22. location ~ \.php$ {
  23. fastcgi_split_path_info ^(.+\.php)(/.+)$;
  24. fastcgi_pass unix:/run/php-fpm/php-fpm.sock; # make sure this is correct
  25. fastcgi_index index.php;
  26. include fastcgi_params;
  27. fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; # or $request_filename
  28. }
  29. location ~ /\.(?!well-known).* {
  30. deny all;
  31. }
  32. }
  33. server { # Redirect http to https
  34. server_name pixelfed.example; # change this to your fqdn
  35. listen 80;
  36. listen [::]:80;
  37. return 301 https://$host$request_uri;
  38. }