feat: add the nginx config to the git repo

configs/fox-api/nginx/nginx.conf

@@ -1,53 +1,39 @@
 # Generated by nginxconfig.io
+# See nginxconfig.txt for the configuration share link
 
-user www-data;
-pid /run/nginx.pid;
-worker_processes auto;
+user                 www-data;
+pid                  /run/nginx.pid;
+worker_processes     auto;
 worker_rlimit_nofile 65535;
 
+# Load modules
+include              /etc/nginx/modules-enabled/*.conf;
+
 events {
-	multi_accept on;
-	worker_connections 65535;
+    multi_accept       on;
+    worker_connections 65535;
 }
 
 http {
-	charset utf-8;
-	sendfile on;
-	tcp_nopush on;
-	tcp_nodelay on;
-	server_tokens off;
-	log_not_found off;
-	types_hash_max_size 2048;
-	client_max_body_size 16M;
+    charset                utf-8;
+    sendfile               on;
+    tcp_nopush             on;
+    tcp_nodelay            on;
+    server_tokens          off;
+    log_not_found          off;
+    types_hash_max_size    2048;
+    types_hash_bucket_size 64;
+    client_max_body_size   16M;
 
-	# MIME
-	include mime.types;
-	default_type application/octet-stream;
+    # MIME
+    include                mime.types;
+    default_type           application/octet-stream;
 
-	# logging
-	access_log /var/log/nginx/access.log;
-	error_log /var/log/nginx/error.log warn;
-
-	# SSL
-	ssl_session_timeout 1d;
-	ssl_session_cache shared:SSL:10m;
-	ssl_session_tickets off;
-
-	# Diffie-Hellman parameter for DHE ciphersuites
-	ssl_dhparam /etc/nginx/dhparam.pem;
-
-	# Mozilla Intermediate configuration
-	ssl_protocols TLSv1.2 TLSv1.3;
-	ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
-
-	# OCSP Stapling
-	ssl_stapling on;
-	ssl_stapling_verify on;
-	resolver 1.1.1.1 1.0.0.1 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220 valid=60s;
-	resolver_timeout 2s;
-
-	# load configs
-	include /etc/nginx/conf.d/*.conf;
-	include /etc/nginx/sites-enabled/*;
-}
+    # Logging
+    access_log             off;
+    error_log              /dev/null;
 
+    # Load configs
+    include                /etc/nginx/conf.d/*.conf;
+    include                /etc/nginx/sites-enabled/*;
+}

configs/fox-api/nginx/nginxconfig.io/general.conf

@@ -1,32 +1,27 @@
 # favicon.ico
 location = /favicon.ico {
-	log_not_found off;
-	access_log off;
+    log_not_found off;
 }
 
 # robots.txt
 location = /robots.txt {
-	log_not_found off;
-	access_log off;
+    log_not_found off;
 }
 
 # assets, media
 location ~* \.(?:css(\.map)?|js(\.map)?|jpe?g|png|gif|ico|cur|heic|webp|tiff?|mp3|m4a|aac|ogg|midi?|wav|mp4|mov|webm|mpe?g|avi|ogv|flv|wmv)$ {
-	expires 7d;
-	access_log off;
+    expires 7d;
 }
 
 # svg, fonts
 location ~* \.(?:svgz?|ttf|ttc|otf|eot|woff2?)$ {
-	add_header Access-Control-Allow-Origin "*";
-	expires 7d;
-	access_log off;
+    add_header Access-Control-Allow-Origin "*";
+    expires    7d;
 }
 
 # gzip
-gzip on;
-gzip_vary on;
-gzip_proxied any;
+gzip            on;
+gzip_vary       on;
+gzip_proxied    any;
 gzip_comp_level 6;
-gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;
-
+gzip_types      text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;

configs/fox-api/nginx/nginxconfig.io/php_fastcgi.conf

@@ -1,17 +1,15 @@
 # 404
-try_files $fastcgi_script_name =404;
+try_files                     $fastcgi_script_name =404;
 
 # default fastcgi_params
-include fastcgi_params;
+include                       fastcgi_params;
 
 # fastcgi settings
-fastcgi_pass			unix:/var/run/php/php8.2-fpm.sock;
-fastcgi_index			index.php;
-fastcgi_buffers			8 16k;
-fastcgi_buffer_size		32k;
+fastcgi_index                 index.php;
+fastcgi_buffers               8 16k;
+fastcgi_buffer_size           32k;
 
 # fastcgi params
-fastcgi_param DOCUMENT_ROOT		$realpath_root;
-fastcgi_param SCRIPT_FILENAME	$realpath_root$fastcgi_script_name;
-fastcgi_param PHP_ADMIN_VALUE	"open_basedir=$base/:/usr/lib/php/:/tmp/";
-
+fastcgi_param DOCUMENT_ROOT   $realpath_root;
+fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
+fastcgi_param PHP_ADMIN_VALUE "open_basedir=$base/:/usr/lib/php/:/tmp/";

configs/fox-api/nginx/nginxconfig.io/security.conf

@@ -1,13 +1,11 @@
 # security headers
-add_header X-Frame-Options "SAMEORIGIN" always;
-add_header X-XSS-Protection "1; mode=block" always;
-add_header X-Content-Type-Options "nosniff" always;
-add_header Referrer-Policy "no-referrer-when-downgrade" always;
-add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always;
-add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
+add_header X-XSS-Protection        "1; mode=block" always;
+add_header X-Content-Type-Options  "nosniff" always;
+add_header Referrer-Policy         "no-referrer-when-downgrade" always;
+add_header Content-Security-Policy "default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';" always;
+add_header Permissions-Policy      "interest-cohort=()" always;
 
 # . files
 location ~ /\.(?!well-known) {
-	deny all;
-}
-
+    deny all;
+}

configs/fox-api/nginx/nginxconfig.txt

@@ -0,0 +1 @@
+https://www.digitalocean.com/community/tools/nginx?domains.0.server.path=%2Fvar%2Fwww%2Fexample&domains.0.https.https=false&domains.0.https.http2=false&domains.0.php.phpServer=%2Fvar%2Frun%2Fphp%2Fphp8.2-fpm.sock

configs/fox-api/nginx/sites-available/fox-api.conf

@@ -0,0 +1,30 @@
+server {
+    listen      80;
+    listen      [::]:80;
+    set         $base /home/coder/fox-api;
+    root        $base/public;
+
+    # security
+    include     nginxconfig.io/security.conf;
+
+    # logging
+    access_log  /var/log/nginx/access.log combined buffer=512k flush=1m;
+    error_log   /var/log/nginx/error.log warn;
+
+    # index.php
+    index       index.php;
+
+    # index.php fallback
+    location / {
+        try_files $uri $uri/ /index.php?$query_string;
+    }
+
+    # additional config
+    include nginxconfig.io/general.conf;
+
+    # handle .php
+    location ~ \.php$ {
+        fastcgi_pass unix:/var/run/php/php8.2-fpm.sock;
+        include      nginxconfig.io/php_fastcgi.conf;
+    }
+}

scripts/fox-api/nginx-php.sh

@@ -3,5 +3,29 @@
 echo "[BOOTSTRAP] Running initial nginx setup for FOX-API..."
 
 # Download the nginx config files
-curl -s https://raw.githubusercontent.com/fox-api/fox-api/master/scripts/fox-api/nginx.conf > /etc/nginx/nginx.conf
-curl -s https://raw.githubusercontent.com/fox-api/fox-api/master/scripts/fox-api/default.conf > /etc/nginx/conf.d/default.conf
+curl -s https://git.kakio.us/Furality/coder-templates/raw/branch/main/configs/fox-api/nginx/nginx.conf > /etc/nginx/nginx.conf
+
+# Make a folder for the nginxconfig.io files
+mkdir -p /etc/nginx/nginxconfig.io/
+
+#Make sure the nginxconfig.io files are owned by www-data
+chown -R www-data:www-data /etc/nginx/nginxconfig.io/
+
+# Download the nginxconfig.io files
+curl -s https://git.kakio.us/Furality/coder-templates/raw/branch/main/configs/fox-api/nginx/nginxconfig.io/general.conf > /etc/nginx/nginxconfig.io/general.conf
+curl -s https://git.kakio.us/Furality/coder-templates/raw/branch/main/configs/fox-api/nginx/nginxconfig.io/php_fastcgi.conf > /etc/nginx/nginxconfig.io/php_fastcgi.conf
+curl -s https://git.kakio.us/Furality/coder-templates/raw/branch/main/configs/fox-api/nginx/nginxconfig.io/security.conf > /etc/nginx/nginxconfig.io/security.conf
+
+# Download the nginx sites-available files
+curl -s https://git.kakio.us/Furality/coder-templates/raw/branch/main/configs/fox-api/nginx/sites-available/fox-api.conf > /etc/nginx/sites-available/fox-api.conf
+
+# Link the sites-available files to sites-enabled
+ln -s /etc/nginx/sites-available/fox-api.conf /etc/nginx/sites-enabled/fox-api.conf
+
+# Remove the default nginx site
+rm /etc/nginx/sites-enabled/default
+
+# Restart nginx
+systemctl restart nginx
+
+echo "[BOOTSTRAP] Done!"