Last active
February 28, 2023 17:06
-
-
Save TommyPKeane/a2e50b3b47c49c276044c9b6a0ca62cc to your computer and use it in GitHub Desktop.
Examples of blocks of Nginx Configurations for a Site Config-File
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# These examples are not complete and will use `[...]` to indicate missing | |
# text that may be necessary to build a full example. | |
# | |
# You would likely use/find code from these examples in your site config | |
# when using Nginx, which will usually be (in a Unix-like system) at the | |
# path: | |
# /etc/nginx/sites-available/{site-config-name} | |
# Custom HTTP Error Page for single HTTP Error | |
# Note that this example shows how the syntax assumes that the custom | |
# custom error page follows from a URL that is mapped already to the | |
# `server` block's configuration for the `root` directory for any paths | |
# or files. If you want to use an application response instead of a | |
# static file for the response, then this example is inappropriate. | |
server { | |
[...] | |
error_page 404 /url/path/to/filename.html; | |
location = /url/path/to/filename.html { | |
internal; | |
} | |
} | |
# Server Block to force Redirect of HTTP to HTTPS Domain | |
# | |
# Note that this example relies on creating an explicitly separate | |
# `server` block which will do a 301 HTTP Redirect response to | |
# every request to the HTTP variant of the stated domain. By doing | |
# this, we can prevent any 4XX or 5XX HTTP Errors due to clients | |
# attempting (intentionally or accidentally) to visit an HTTP | |
# version of our site (`domain.tld` or `sub.domain.tld`). But be | |
# aware that this block should only be used if you already have | |
# an HTTPS `server` block properly configured, otherwise you may | |
# end-up blocking all other access to your site. | |
server { | |
listen 80; # IPv4 | |
listen [::]:80; # IPv6 | |
server_name domain.tld sub.domain.tld; | |
location / { | |
limit_except GET { deny all; } | |
} | |
return 301 https://sub.domain.tld$request_uri; | |
} | |
# Server Block to force Redirect of HTTPS Subdomain to Main Domain | |
# | |
# Note that this example relies on creating an explicitly separate | |
# `server` block which will do a 301 HTTP Redirect response to | |
# every request to the HTTPS request of the specific `sub` | |
# subdomain as a way to enforce your main domain as the "only" | |
# supported URL for your site. | |
# | |
# Also note that this likely requires separate pre-configuration of | |
# your DNS records with your Domain Registrar so that the given | |
# subdomain is actually accessible from the public internet. | |
server { | |
listen 443 ssl; # IPv4 | |
listen [::]:443 ssl; # IPv6 | |
server_name sub.domain.tld; | |
location / { | |
limit_except GET { deny all; } | |
} | |
ssl_certificate /path/to/sub.domain.tld/fullchain.cer; | |
ssl_certificate_key /path/to/sub.domain.tld/sub.domain.tld.key; | |
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |
return 301 https://domain.tld$request_uri; | |
} | |
# Minimum Viable HTTPS Server Block with Anti-Tracking Headers | |
server { | |
listen 443 ssl; # IPv4 | |
listen [::]:443 ssl; # IPv6 | |
server_name sub.domain.tld; | |
root /var/www/domain.tld; # Server Filesystem Path | |
include /etc/nginx/mime.types; # Server Filesystem Path | |
location / { | |
try_files $uri =404; | |
limit_except GET { deny all; } | |
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive"; | |
} | |
ssl_certificate /path/to/sub.domain.tld/fullchain.cer; | |
ssl_certificate_key /path/to/sub.domain.tld/sub.domain.tld.key; | |
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |
} | |
# Reference Links | |
# - http://nginx.org/en/docs/http/ngx_http_headers_module.html | |
# - https://developers.google.com/search/docs/crawling-indexing/robots-meta-tag | |
# - https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/#check-if-file-exists |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment