Nodarx/server
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
chore/update-packages
server/deploy/nginx/vhost-dev.conf
root 4ae6befc7b Initial Version
2026-02-10 18:46:11 -05:00

126 lines
3.8 KiB
Plaintext
Raw Permalink Blame History

# HTTP to HTTPS redirect
server {
listen *:80;
listen [::]:80;
server_name ktrix;
return 301 https://$server_name$request_uri;
}
server {
listen *:443 ssl http2;
listen [::]:443 ssl http2;
#listen *:443 quic reuseport;
#listen [::]:443 quic reuseport;
#http2 on;
server_name ktrix;
### SSL Configuration ###
# SSL Certificates
ssl_certificate /etc/ssl/certs/localhost.crt;
ssl_certificate_key /etc/ssl/private/localhost.key;
# SSL Protocols and Ciphers
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers off;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_dhparam /etc/ssl/certs/dhparam.pem; # openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048
# SSL Sessions
ssl_session_timeout 60m;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
### Logging Configuration ###
error_log /var/log/nginx/ktrix-error.log;
access_log /var/log/nginx/ktrix-access.log;
### Upload Configuration ###
client_max_body_size 1024M;
### Site Configuration ###
root /var/www/ktrix/main/public;
index index.html;
# Serve index.html for root path only
#location = / {
# try_files /index.html =404;
#}
# Serve module static assets directly from module folders
# URL: /modules/<Module>/static/... -> FS: /var/www/ktrix/main/modules/<Module>/static/...
# Note: Linux is case-sensitive; ensure URL module casing matches folder name
location ~ ^/modules/([^/]+)/static/(.*)$ {
alias /var/www/ktrix/main/modules/$1/static/$2;
expires 10m;
add_header Cache-Control "public, immutable";
access_log on;
types {
text/css css;
application/javascript js;
application/javascript mjs;
image/svg+xml svg;
image/gif gif;
image/png png;
image/jpeg jpg;
image/jpeg jpeg;
image/x-icon ico;
font/woff woff;
font/woff2 woff2;
font/ttf ttf;
application/vnd.ms-fontobject eot;
application/json map;
}
}
# Handle asset files (css, js, images, etc.) - serve directly if they exist
location ~* \.(css|js|mjs|svg|gif|png|jpg|jpeg|ico|woff|woff2|ttf|eot|map)$ {
try_files $uri =404;
expires 1m;
add_header Cache-Control "public, immutable";
types {
text/css css;
application/javascript js;
application/javascript mjs;
image/svg+xml svg;
image/gif gif;
image/png png;
image/jpeg jpg;
image/jpeg jpeg;
image/x-icon ico;
font/woff woff;
font/woff2 woff2;
font/ttf ttf;
application/vnd.ms-fontobject eot;
application/json map;
}
}
# All other URLs should be handled by index.php
location / {
try_files $uri @php;
}
# Named location for PHP handling
location @php {
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $realpath_root/index.php;
fastcgi_param DOCUMENT_ROOT $realpath_root;
fastcgi_param SCRIPT_NAME /index.php;
fastcgi_param REQUEST_URI $uri?$args;
fastcgi_pass fpm;
}
# return 404 for all other php files not matching the front controller
# this prevents access to other php files you don't want to be accessible.
location ~ \.php$ {
return 404;
}
# Optional: Gzip compression
gzip on;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
}
Reference in New Issue View Git Blame Copy Permalink