nginx.conf 1.6 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950
  1. server {
  2. listen 443 ssl http2;
  3. listen [::]:443 ssl http2;
  4. server_name pixelfed.example; # change this to your fqdn
  5. root /home/pixelfed/public; # path to repo/public
  6. ssl_certificate /etc/nginx/ssl/server.crt; # generate your own
  7. ssl_certificate_key /etc/nginx/ssl/server.key; # or use letsencrypt
  8. ssl_protocols TLSv1.2;
  9. ssl_ciphers EECDH+AESGCM:EECDH+CHACHA20:EECDH+AES;
  10. ssl_prefer_server_ciphers on;
  11. add_header X-Frame-Options "SAMEORIGIN";
  12. add_header X-XSS-Protection "1; mode=block";
  13. add_header X-Content-Type-Options "nosniff";
  14. index index.html index.htm index.php;
  15. charset utf-8;
  16. location / {
  17. try_files $uri $uri/ /index.php?$query_string;
  18. }
  19. location = /favicon.ico { access_log off; log_not_found off; }
  20. location = /robots.txt { access_log off; log_not_found off; }
  21. error_page 404 /index.php;
  22. location ~ \.php$ {
  23. fastcgi_split_path_info ^(.+\.php)(/.+)$;
  24. try_files $fastcgi_script_name =404;
  25. fastcgi_pass unix:/run/php-fpm/php-fpm.sock; # make sure this is correct
  26. fastcgi_index index.php;
  27. include fastcgi_params;
  28. fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; # or $request_filename
  29. }
  30. location ~ /\.(?!well-known).* {
  31. deny all;
  32. }
  33. }
  34. server { # Redirect http to https
  35. server_name pixelfed.example; # change this to your fqdn
  36. listen 80;
  37. listen [::]:80;
  38. return 301 https://$host$request_uri;
  39. }