Skip to content

Письменов Дмитрий Иванович / yourroomads

Go to a project
Switch branch/tag
Nginx_1.19_vhost.conf 4.73 KB
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 
# ----------------------------
# Host config
# ----------------------------

server {

listen                        %ip%:%httpport%;
listen                        %ip%:%httpsport% ssl http2;

server_name                   %host% %aliases%;
root                          '%hostdir%';
limit_conn                    addr 64;
autoindex                     off;
index                         index.php index.html index.htm;

ssl_certificate               '%sprogdir%/userdata/config/cert_files/server.crt';
ssl_certificate_key           '%sprogdir%/userdata/config/cert_files/server.key';

client_max_body_size 150m;
# ssl_trusted_certificate     '';

# Force HTTPS
# add_header Strict-Transport-Security 'max-age=2592000' always;
# if ($scheme ~* ^(?!https).*$) {
#    return 301 https://$host$request_uri;
# }

# Force www.site.com => site.com
# if ($host ~* ^www\.(.+)$) {
#    return 301 $scheme://$1$request_uri;
# }

# Disable access to backup/config/command/log files
# if ($uri ~* ^.+\.(?:bak|co?nf|in[ci]|log|orig|sh|sql|tar|sql|t?gz|cmd|bat)$) {
#    return 404;
# }

# Disable access to hidden files/folders
if ($uri ~* /\.(?!well-known)) {
    return 404;
}

# Disable MIME sniffing
add_header X-Content-Type-Options 'nosniff' always;

location ~* ^.+\.(?:css(\.map)?|js(\.map)?|jpe?g|png|gif|ico|cur|heic|webp|tiff?|mp3|m4a|aac|ogg|midi?|wav|mp4|mov|webm|mpe?g|avi|ogv|flv|wmv|svgz?|ttf|ttc|otf|eot|woff2?)$ {
        expires 1d;
        access_log off;
}

location / {
    # Force index.php routing (if not found)
    try_files $uri $uri/ /index.php?$query_string;

	if ($request_method = OPTIONS) {
        add_header 'Access-Control-Allow-Origin' '*' always;
        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always;
        #
        # Custom headers and headers various browsers *should* be OK with but aren't
        #
        add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization' always;
        #
        # Tell client that this pre-flight info is valid for 20 days
        #
        add_header 'Access-Control-Max-Age' 1728000 always;
        add_header 'Content-Type' 'text/plain; charset=utf-8' always;
        add_header 'Content-Length' 0 always;
        return 204;
     }

      add_header 'Access-Control-Allow-Origin' '*' always;
      add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always;
      add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization' always;
      add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range,Authorization' always;
    # Force index.php routing (all requests)
    # rewrite ^/(.*)$ /index.php?/$1 last;

    location ~ \.php$ {
        try_files      $fastcgi_script_name =404;

        # limit_conn   addr 16;
        # limit_req    zone=flood        burst=32 nodelay;

        # add_header   X-Frame-Options   'SAMEORIGIN' always;
        # add_header   Referrer-Policy   'no-referrer-when-downgrade' always;

        # CSP syntax: <host-source> <scheme-source>(http: https: data: mediastream: blob: filesystem:) 'self' 'unsafe-inline' 'unsafe-eval' 'none'
        # Content-Security-Policy-Report-Only (report-uri https://site.com/csp/)
        # add_header   Content-Security-Policy  "default-src 'self'; connect-src 'self'; font-src 'self'; frame-src 'self'; img-src 'self'; manifest-src 'self'; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; base-uri 'none'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests" always;

        fastcgi_pass   backend;
        include        '%sprogdir%/userdata/config/nginx_fastcgi_params.txt';
    }
}

# Service configuration (do not edit!)
# ----------------------------
location /openserver/ {
    root      '%sprogdir%/modules/system/html';
    autoindex off;
    index     index.php index.html index.htm;

    %allow%allow all;
    allow 127.0.0.0/8;
    allow ::1/128;
    allow %ips%;
    deny all;

    location ~* ^/openserver/.+\.(?:css(\.map)?|js(\.map)?|jpe?g|png|gif|ico|cur|heic|webp|tiff?|mp3|m4a|aac|ogg|midi?|wav|mp4|mov|webm|mpe?g|avi|ogv|flv|wmv|svgz?|ttf|ttc|otf|eot|woff2?)$ {
        expires 1d;
        access_log off;
    }

    location /openserver/server-status {
        stub_status on;
    }

    location ~ ^/openserver/.*\.php$ {
        try_files      $fastcgi_script_name =404;
        fastcgi_index  index.php;
        fastcgi_pass   backend;
        include        '%sprogdir%/userdata/config/nginx_fastcgi_params.txt';
    }
}
# End service configuration
# ----------------------------

}
# ----------------------------
# End host config
# ----------------------------