Tuesday, February 19, 2019

Nginx Server Block

server {
listen 80;

# Allow IP
# allow 111.11.11.111; #IP address

# Block all
# deny all;

# added with Expires map
expires $expires;

# disable any unwanted HTTP methods
if ($request_method !~ ^(GET|HEAD|POST)$)
{
    return 444;
}

# enable compression
gzip on;
    gzip_comp_level    9;
    gzip_min_length    10240;
    gzip_proxied       expired no-cache no-store private auth;
    gzip_vary          on;

gzip_types
    application/atom+xml
    application/javascript
    application/json
    application/ld+json
    application/manifest+json
    application/rss+xml
    application/vnd.geo+json
    application/vnd.ms-fontobject
    application/x-font-ttf
    application/x-web-app-manifest+json
    application/xhtml+xml
    application/xml
    font/opentype
    image/bmp
    image/svg+xml
    image/x-icon
    text/cache-manifest
    text/css
    text/plain
    text/vcard
    text/vnd.rim.location.xloc
    text/vtt
    text/x-component
    text/x-cross-domain-policy;
    # text/html is always compressed by gzip module

location ~*  \.(jpg|jpeg|png|gif|ico|css|js|pdf)$ {
        expires 7d;
        #add_header Cache-control "public, no-transform";
        add_header ETag "";
    }
# enable compression

# added for stronger on Let's Encrypt SSL
ssl_dhparam /etc/ssl/certs/dhparam.pem;

# to increased upload file size
client_max_body_size 128m;

# for cookies
large_client_header_buffers 4 16k;

root /var/www/html/yourdomain.com;
index index.php index.html index.htm;

# Make site accessible from http://localhost/
server_name domian.com www.domain.com;

error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}

location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.2-fpm.sock;

# to increased upload file size
fastcgi_param PHP_VALUE "upload_max_filesize=128M \n post_max_size=128M";
}

# XSS Protection
add_header X-XSS-Protection "1; mode=block" always;

# to disable content-type sniffing on some browsers
add_header X-Content-Type-Options nosniff always;
 
# config to enable HSTS(HTTP Strict Transport Security)
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";

# for security
add_header X-Frame-Options SAMEORIGIN;

# access log off
access_log off;
log_not_found off;
error_log /var/log/nginx-error.log warn;

}
at No comments:
Labels:
Subscribe to: Posts (Atom)

Restricted Access to the website with http basic authentication for additional security layer

Restricted Access to the website with http basic authentication for additional security layer ############## #For Nginx Server #########...