Hamza/flash-call-otp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
693984b7d282af5ae6b8a88f1c3a635075e660d4
flash-call-otp/backend/nginx.conf
Hamza-Ayed 2bbaa1ee16 first commit
2026-05-23 16:17:20 +03:00

96 lines
2.3 KiB
Nginx Configuration File
Raw Blame History

server {
listen 80;
server_name otp.intaleqapp.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name otp.intaleqapp.com;
# SSL — Let's Encrypt
ssl_certificate /etc/letsencrypt/live/otp.intaleqapp.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/otp.intaleqapp.com/privkey.pem;
# SSL Hardening
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 1d;
ssl_session_tickets off;
# HSTS
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" always;
# Document root
root /var/www/otp.intaleqapp.com/public;
index index.php;
# Logging
access_log /var/log/nginx/otp.intaleqapp.com.access.log;
error_log /var/log/nginx/otp.intaleqapp.com.error.log;
# API endpoints — route to PHP files
location /api/ {
try_files $uri $uri/ /api$uri.php?$query_string;
# PHP handling
location ~ \.php$ {
include fastcgi_params;
fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_read_timeout 30;
}
}
# Block direct access to includes/
location /includes/ {
deny all;
return 404;
}
# Block access to config
location /config.php {
deny all;
return 404;
}
# Block access to hidden files
location ~ /\. {
deny all;
return 404;
}
# Block access to SQL files
location ~ \.sql$ {
deny all;
return 404;
}
# Block access to log files
location ~ \.log$ {
deny all;
return 404;
}
# Health check endpoint
location /health {
access_log off;
return 200 '{"status":"ok"}';
add_header Content-Type application/json;
}
# Default PHP handling
location ~ \.php$ {
include fastcgi_params;
fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
# Deny everything else
location / {
return 404;
}
}
Reference in New Issue View Git Blame Copy Permalink