diff --git a/configs/fox-api/nginx/nginx.conf b/configs/fox-api/nginx/nginx.conf index 7920df9..bd99f06 100644 --- a/configs/fox-api/nginx/nginx.conf +++ b/configs/fox-api/nginx/nginx.conf @@ -1,53 +1,39 @@ # Generated by nginxconfig.io +# See nginxconfig.txt for the configuration share link -user www-data; -pid /run/nginx.pid; -worker_processes auto; +user www-data; +pid /run/nginx.pid; +worker_processes auto; worker_rlimit_nofile 65535; +# Load modules +include /etc/nginx/modules-enabled/*.conf; + events { - multi_accept on; - worker_connections 65535; + multi_accept on; + worker_connections 65535; } http { - charset utf-8; - sendfile on; - tcp_nopush on; - tcp_nodelay on; - server_tokens off; - log_not_found off; - types_hash_max_size 2048; - client_max_body_size 16M; + charset utf-8; + sendfile on; + tcp_nopush on; + tcp_nodelay on; + server_tokens off; + log_not_found off; + types_hash_max_size 2048; + types_hash_bucket_size 64; + client_max_body_size 16M; - # MIME - include mime.types; - default_type application/octet-stream; + # MIME + include mime.types; + default_type application/octet-stream; - # logging - access_log /var/log/nginx/access.log; - error_log /var/log/nginx/error.log warn; - - # SSL - ssl_session_timeout 1d; - ssl_session_cache shared:SSL:10m; - ssl_session_tickets off; - - # Diffie-Hellman parameter for DHE ciphersuites - ssl_dhparam /etc/nginx/dhparam.pem; - - # Mozilla Intermediate configuration - ssl_protocols TLSv1.2 TLSv1.3; - ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; - - # OCSP Stapling - ssl_stapling on; - ssl_stapling_verify on; - resolver 1.1.1.1 1.0.0.1 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220 valid=60s; - resolver_timeout 2s; - - # load configs - include /etc/nginx/conf.d/*.conf; - include /etc/nginx/sites-enabled/*; -} + # Logging + access_log off; + error_log /dev/null; + # Load configs + include /etc/nginx/conf.d/*.conf; + include /etc/nginx/sites-enabled/*; +} \ No newline at end of file diff --git a/configs/fox-api/nginx/nginxconfig.io/general.conf b/configs/fox-api/nginx/nginxconfig.io/general.conf index 525651b..65d8a75 100644 --- a/configs/fox-api/nginx/nginxconfig.io/general.conf +++ b/configs/fox-api/nginx/nginxconfig.io/general.conf @@ -1,32 +1,27 @@ # favicon.ico location = /favicon.ico { - log_not_found off; - access_log off; + log_not_found off; } # robots.txt location = /robots.txt { - log_not_found off; - access_log off; + log_not_found off; } # assets, media location ~* \.(?:css(\.map)?|js(\.map)?|jpe?g|png|gif|ico|cur|heic|webp|tiff?|mp3|m4a|aac|ogg|midi?|wav|mp4|mov|webm|mpe?g|avi|ogv|flv|wmv)$ { - expires 7d; - access_log off; + expires 7d; } # svg, fonts location ~* \.(?:svgz?|ttf|ttc|otf|eot|woff2?)$ { - add_header Access-Control-Allow-Origin "*"; - expires 7d; - access_log off; + add_header Access-Control-Allow-Origin "*"; + expires 7d; } # gzip -gzip on; -gzip_vary on; -gzip_proxied any; +gzip on; +gzip_vary on; +gzip_proxied any; gzip_comp_level 6; -gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml; - +gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml; \ No newline at end of file diff --git a/configs/fox-api/nginx/nginxconfig.io/php_fastcgi.conf b/configs/fox-api/nginx/nginxconfig.io/php_fastcgi.conf index 92da90a..04a17e9 100644 --- a/configs/fox-api/nginx/nginxconfig.io/php_fastcgi.conf +++ b/configs/fox-api/nginx/nginxconfig.io/php_fastcgi.conf @@ -1,17 +1,15 @@ # 404 -try_files $fastcgi_script_name =404; +try_files $fastcgi_script_name =404; # default fastcgi_params -include fastcgi_params; +include fastcgi_params; # fastcgi settings -fastcgi_pass unix:/var/run/php/php8.2-fpm.sock; -fastcgi_index index.php; -fastcgi_buffers 8 16k; -fastcgi_buffer_size 32k; +fastcgi_index index.php; +fastcgi_buffers 8 16k; +fastcgi_buffer_size 32k; # fastcgi params -fastcgi_param DOCUMENT_ROOT $realpath_root; -fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; -fastcgi_param PHP_ADMIN_VALUE "open_basedir=$base/:/usr/lib/php/:/tmp/"; - +fastcgi_param DOCUMENT_ROOT $realpath_root; +fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; +fastcgi_param PHP_ADMIN_VALUE "open_basedir=$base/:/usr/lib/php/:/tmp/"; \ No newline at end of file diff --git a/configs/fox-api/nginx/nginxconfig.io/security.conf b/configs/fox-api/nginx/nginxconfig.io/security.conf index 633d359..ed43969 100644 --- a/configs/fox-api/nginx/nginxconfig.io/security.conf +++ b/configs/fox-api/nginx/nginxconfig.io/security.conf @@ -1,13 +1,11 @@ # security headers -add_header X-Frame-Options "SAMEORIGIN" always; -add_header X-XSS-Protection "1; mode=block" always; -add_header X-Content-Type-Options "nosniff" always; -add_header Referrer-Policy "no-referrer-when-downgrade" always; -add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always; -add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; +add_header X-XSS-Protection "1; mode=block" always; +add_header X-Content-Type-Options "nosniff" always; +add_header Referrer-Policy "no-referrer-when-downgrade" always; +add_header Content-Security-Policy "default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';" always; +add_header Permissions-Policy "interest-cohort=()" always; # . files location ~ /\.(?!well-known) { - deny all; -} - + deny all; +} \ No newline at end of file diff --git a/configs/fox-api/nginx/nginxconfig.txt b/configs/fox-api/nginx/nginxconfig.txt new file mode 100644 index 0000000..3576e20 --- /dev/null +++ b/configs/fox-api/nginx/nginxconfig.txt @@ -0,0 +1 @@ +https://www.digitalocean.com/community/tools/nginx?domains.0.server.path=%2Fvar%2Fwww%2Fexample&domains.0.https.https=false&domains.0.https.http2=false&domains.0.php.phpServer=%2Fvar%2Frun%2Fphp%2Fphp8.2-fpm.sock \ No newline at end of file diff --git a/configs/fox-api/nginx/sites-available/fox-api.conf b/configs/fox-api/nginx/sites-available/fox-api.conf new file mode 100644 index 0000000..16f5038 --- /dev/null +++ b/configs/fox-api/nginx/sites-available/fox-api.conf @@ -0,0 +1,30 @@ +server { + listen 80; + listen [::]:80; + set $base /home/coder/fox-api; + root $base/public; + + # security + include nginxconfig.io/security.conf; + + # logging + access_log /var/log/nginx/access.log combined buffer=512k flush=1m; + error_log /var/log/nginx/error.log warn; + + # index.php + index index.php; + + # index.php fallback + location / { + try_files $uri $uri/ /index.php?$query_string; + } + + # additional config + include nginxconfig.io/general.conf; + + # handle .php + location ~ \.php$ { + fastcgi_pass unix:/var/run/php/php8.2-fpm.sock; + include nginxconfig.io/php_fastcgi.conf; + } +} \ No newline at end of file diff --git a/scripts/fox-api/nginx-php.sh b/scripts/fox-api/nginx-php.sh index 5fc0a66..80f56e9 100644 --- a/scripts/fox-api/nginx-php.sh +++ b/scripts/fox-api/nginx-php.sh @@ -3,5 +3,29 @@ echo "[BOOTSTRAP] Running initial nginx setup for FOX-API..." # Download the nginx config files -curl -s https://raw.githubusercontent.com/fox-api/fox-api/master/scripts/fox-api/nginx.conf > /etc/nginx/nginx.conf -curl -s https://raw.githubusercontent.com/fox-api/fox-api/master/scripts/fox-api/default.conf > /etc/nginx/conf.d/default.conf \ No newline at end of file +curl -s https://git.kakio.us/Furality/coder-templates/raw/branch/main/configs/fox-api/nginx/nginx.conf > /etc/nginx/nginx.conf + +# Make a folder for the nginxconfig.io files +mkdir -p /etc/nginx/nginxconfig.io/ + +#Make sure the nginxconfig.io files are owned by www-data +chown -R www-data:www-data /etc/nginx/nginxconfig.io/ + +# Download the nginxconfig.io files +curl -s https://git.kakio.us/Furality/coder-templates/raw/branch/main/configs/fox-api/nginx/nginxconfig.io/general.conf > /etc/nginx/nginxconfig.io/general.conf +curl -s https://git.kakio.us/Furality/coder-templates/raw/branch/main/configs/fox-api/nginx/nginxconfig.io/php_fastcgi.conf > /etc/nginx/nginxconfig.io/php_fastcgi.conf +curl -s https://git.kakio.us/Furality/coder-templates/raw/branch/main/configs/fox-api/nginx/nginxconfig.io/security.conf > /etc/nginx/nginxconfig.io/security.conf + +# Download the nginx sites-available files +curl -s https://git.kakio.us/Furality/coder-templates/raw/branch/main/configs/fox-api/nginx/sites-available/fox-api.conf > /etc/nginx/sites-available/fox-api.conf + +# Link the sites-available files to sites-enabled +ln -s /etc/nginx/sites-available/fox-api.conf /etc/nginx/sites-enabled/fox-api.conf + +# Remove the default nginx site +rm /etc/nginx/sites-enabled/default + +# Restart nginx +systemctl restart nginx + +echo "[BOOTSTRAP] Done!"