Inital Commit
This commit is contained in:
root
70
sites-available/portal.conf
Normal file
70
sites-available/portal.conf
Normal file
@@ -0,0 +1,70 @@
|
||||
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
server_name portal.egonetix.de;
|
||||
|
||||
# Redirect all HTTP traffic to HTTPS
|
||||
return 301 https://$server_name$request_uri;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 10.0.0.29:443 ssl http2;
|
||||
|
||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
||||
add_header Content-Security-Policy "default-src 'self'; connect-src 'self'; script-src 'self' https://cdn.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com;" always;
|
||||
|
||||
# Remove or update unsupported origin trial features.
|
||||
# For example, comment out or remove these if not using them:
|
||||
# add_header Permissions-Policy "private-state-token-issuance=(), join-ad-interest-group=(), browsing-topics=()";
|
||||
|
||||
# Content Security Policy to allow scripts, inline event handlers, styles, and fonts from trusted sources.
|
||||
|
||||
ssl on;
|
||||
ssl_certificate /etc/letsencrypt/live/portal.egonetix.de/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/portal.egonetix.de/privkey.pem;
|
||||
ssl_dhparam /etc/ssl/certs/dhparam.pem;
|
||||
|
||||
server_name portal.egonetix.de;
|
||||
access_log /var/log/nginx/portal-access_log;
|
||||
error_log /var/log/nginx/portal-error_log;
|
||||
|
||||
root /var/www/html;
|
||||
index index.html index.php; # Added index.php as potential index file
|
||||
|
||||
# PHP Processing Configuration - Updated for PHP 8.1
|
||||
location ~ \.php$ {
|
||||
include snippets/fastcgi-php.conf;
|
||||
|
||||
# Use PHP 8.1 socket (most common path on Ubuntu 22.04)
|
||||
fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
|
||||
|
||||
# Alternative options if the above doesn't work:
|
||||
#fastcgi_pass unix:/run/php/php8.1-fpm.sock;
|
||||
#fastcgi_pass 127.0.0.1:9000;
|
||||
|
||||
# Increase timeout and buffer size for troubleshooting
|
||||
fastcgi_connect_timeout 300;
|
||||
fastcgi_read_timeout 300;
|
||||
fastcgi_send_timeout 300;
|
||||
fastcgi_buffer_size 32k;
|
||||
fastcgi_buffers 16 16k;
|
||||
|
||||
# Set the correct document root
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_intercept_errors on;
|
||||
}
|
||||
|
||||
# Reverse proxy for API calls.
|
||||
# If your backend expects the API without the "/api" prefix, use the proxy_pass below.
|
||||
location /api/ {
|
||||
proxy_pass http://127.0.0.1:3000;
|
||||
# If your backend requires the /api prefix, change to:
|
||||
# proxy_pass http://127.0.0.1:3000/api/;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user