0ct0pu5/FluxBB_by_Visman
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
FluxBB_by_Visman/nginx.dist.conf
Visman 951ca0afdf Update Referrer-Policy 
Change origin-when-cross-origin to strict-origin-when-cross-origin.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
2021-03-13 00:19:35 +07:00

85 lines
3.2 KiB
Text
Raw Permalink Blame History

#
# Example nginx configuration for fluxbb
# The engine is installed at the root of the site
#
server {
listen 80; # 80 port only http:
server_name fluxbb-visman.local *.fluxbb-visman.local; # you need to set your values
root "/www/fluxbb-visman/"; # you need to set your values
autoindex off;
index index.html index.htm index.php;
charset utf-8;
server_tokens off;
add_header Content-Security-Policy "object-src 'none';frame-ancestors 'none';base-uri 'none';form-action 'self'" always;
add_header Feature-Policy "accelerometer 'none';ambient-light-sensor 'none';autoplay 'none';battery 'none';camera 'none';document-domain 'self';fullscreen 'self';geolocation 'none';gyroscope 'none';magnetometer 'none';microphone 'none';midi 'none';payment 'none';picture-in-picture 'none';sync-xhr 'self';usb 'none'" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
# add_header Strict-Transport-Security "max-age=31536000" always; # for https only
add_header X-Content-Type-Options "nosniff" always;
# add_header X-Frame-Options "DENY" always; # fluxbb set this header, in nginx it is difficult to combine headers from two sources
add_header X-XSS-Protection "1; mode=block" always;
add_header Permissions-Policy "accelerometer=(),ambient-light-sensor=(),autoplay=(),battery=(),camera=(),document-domain=(self),fullscreen=(self),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),picture-in-picture=(),sync-xhr=(self),usb=()" always;
location = /favicon.ico {
try_files $uri =404;
access_log off;
log_not_found off;
expires 1w;
}
location = /robots.txt {
try_files $uri =404;
access_log off;
log_not_found off;
}
location / {
try_files $uri =404;
}
#
# Upload mod
#
location /img/members/ {
try_files $uri /img/members/nofile.gif;
}
location ~ /\.ht {
return 404;
}
# #
# Only php scripts located in the root of the site #
# #
location ~ ^/(?:[^/\\\.]+\.php)?$ {
# regex to split $uri to $fastcgi_script_name and $fastcgi_path
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# Check that the PHP script exists before passing it
try_files $fastcgi_script_name =404;
# Bypass the fact that try_files resets $fastcgi_path_info
# see: http://trac.nginx.org/nginx/ticket/321
set $path_info $fastcgi_path_info; # always equal to an empty string due to location regex
fastcgi_param PATH_INFO $path_info;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param HTTP_PROXY "";
fastcgi_hide_header X-Powered-By;
fastcgi_pass php_upstream; # you need to set your values
#fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
location ~ \.php$ {
return 404;
}
}
Reference in a new issue View git blame Copy permalink