Skip to content

Commit cb2970e

Browse files
crypto-titancrypto-titan
authored
Update default.conf
1 parent 37c2422 commit cb2970e

File tree

1 file changed

+29
-14
lines changed

1 file changed

+29
-14
lines changed

src/default.conf

Lines changed: 29 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,19 @@
1-
21
server {
32
listen 80 default_server;
4-
listen [::]:80 default_server;
3+
listen [::]:80 default_server;
54
server_name _;
5+
66
# Add index.php to setup Nginx, PHP & PHP-FPM config
7-
index index.php index.html index.htm index.nginx-debian.html; error_log /var/log/nginx/error.log;
7+
index index.php index.html index.htm index.nginx-debian.html;
8+
error_log /var/log/nginx/error.log;
89
access_log /var/log/nginx/access.log;
910
root /var/www/html;
10-
# pass PHP scripts on Nginx to FastCGI (PHP-FPM) server
11+
12+
# Trust Traefik headers for SSL detection
13+
set_real_ip_from 0.0.0.0/0; # Replace with Traefik's IP range if known
14+
real_ip_header X-Forwarded-For;
15+
16+
# Location block to pass PHP scripts to FastCGI (PHP-FPM) server
1117
location ~ \.php$ {
1218
try_files $uri =404;
1319
fastcgi_split_path_info ^(.+\.php)(/.+)$;
@@ -17,25 +23,34 @@ server {
1723
include fastcgi_params;
1824
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
1925
fastcgi_param PATH_INFO $fastcgi_path_info;
20-
26+
27+
# Enable SSL trust for Traefik
28+
if ($http_x_forwarded_proto = 'https') {
29+
set $https on;
30+
}
31+
32+
fastcgi_param HTTPS $https;
33+
fastcgi_param HTTP_X_FORWARDED_PROTO $http_x_forwarded_proto;
2134
}
35+
2236
client_max_body_size 15M;
2337
server_tokens off;
2438

25-
# Hide PHP headers
39+
# Hide PHP headers
2640
fastcgi_hide_header X-Powered-By;
2741
fastcgi_hide_header X-CF-Powered-By;
2842
fastcgi_hide_header X-Runtime;
2943

44+
# Location for static files and routing
3045
location / {
3146
try_files $uri $uri/ /index.php?$query_string;
3247
gzip_static on;
3348
}
34-
# deny access to Apache .htaccess on Nginx with PHP,
35-
# if Apache and Nginx document roots concur
36-
location ~ /\.ht {deny all;}
37-
location ~ /\.svn/ {deny all;}
38-
location ~ /\.git/ {deny all;}
39-
location ~ /\.hg/ {deny all;}
40-
location ~ /\.bzr/ {deny all;}
41-
}
49+
50+
# Deny access to sensitive files
51+
location ~ /\.ht { deny all; }
52+
location ~ /\.svn/ { deny all; }
53+
location ~ /\.git/ { deny all; }
54+
location ~ /\.hg/ { deny all; }
55+
location ~ /\.bzr/ { deny all; }
56+
}

0 commit comments

Comments
 (0)