|
|
@@ -93,17 +93,21 @@ http {
|
|
|
listen [::]:8443;
|
|
|
server_name _;
|
|
|
root /usr/local/phyre/web/public;
|
|
|
- # Fix error "The plain HTTP request was sent to HTTPS port"
|
|
|
- error_page 497 https://$host:$server_port$request_uri;
|
|
|
- error_page 403 /error/404.html;
|
|
|
- error_page 404 /error/404.html;
|
|
|
- error_page 410 /error/410.html;
|
|
|
- error_page 500 501 502 503 504 505 /error/50x.html;
|
|
|
|
|
|
- location / {
|
|
|
- expires off;
|
|
|
- index index.php;
|
|
|
- }
|
|
|
+ add_header X-Frame-Options "SAMEORIGIN";
|
|
|
+ add_header X-Content-Type-Options "nosniff";
|
|
|
+
|
|
|
+ index index.php;
|
|
|
+ charset utf-8;
|
|
|
+
|
|
|
+ error_page 404 /index.php;
|
|
|
+
|
|
|
+ location / {
|
|
|
+ try_files $uri $uri/ /index.php?$query_string;
|
|
|
+ }
|
|
|
+
|
|
|
+ location = /favicon.ico { access_log off; log_not_found off; }
|
|
|
+ location = /robots.txt { access_log off; log_not_found off; }
|
|
|
|
|
|
location /error/ {
|
|
|
expires off;
|
|
|
@@ -118,12 +122,14 @@ http {
|
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
|
}
|
|
|
|
|
|
- location ~ \.php$ {
|
|
|
- include fastcgi_params;
|
|
|
- fastcgi_param SCRIPT_FILENAME /usr/local/phyre/web/public/$fastcgi_script_name;
|
|
|
- fastcgi_pass unix:/run/phyre-php.sock;
|
|
|
- fastcgi_intercept_errors on;
|
|
|
- break;
|
|
|
- }
|
|
|
+ location ~ \.php$ {
|
|
|
+ fastcgi_pass unix:/run/phyre-php.sock;
|
|
|
+ fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
|
|
|
+ include fastcgi_params;
|
|
|
+ }
|
|
|
+
|
|
|
+ location ~ /\.(?!well-known).* {
|
|
|
+ deny all;
|
|
|
+ }
|
|
|
}
|
|
|
}
|
Bozhidar Slaveykov