Examples of blocks of Nginx Configurations for a Site Config-File

nginx-snippets.nginx

# These examples are not complete and will use `[...]` to indicate missing
# text that may be necessary to build a full example.
#
# You would likely use/find code from these examples in your site config
# when using Nginx, which will usually be (in a Unix-like system) at the
# path:
# /etc/nginx/sites-available/{site-config-name}


# Custom HTTP Error Page for single HTTP Error
#    Note that this example shows how the syntax assumes that the custom
#    custom error page follows from a URL that is mapped already to the
#    `server` block's configuration for the `root` directory for any paths
#    or files. If you want to use an application response instead of a
#    static file for the response, then this example is inappropriate.
server {
  [...]
  error_page 404 /url/path/to/filename.html;
  location = /url/path/to/filename.html {
    internal;
  }
}


# Server Block to force Redirect of HTTP to HTTPS Domain
#
# Note that this example relies on creating an explicitly separate
#    `server` block which will do a 301 HTTP Redirect response to
#    every request to the HTTP variant of the stated domain. By doing
#    this, we can prevent any 4XX or 5XX HTTP Errors due to clients
#    attempting (intentionally or accidentally) to visit an HTTP
#    version of our site (`domain.tld` or `sub.domain.tld`). But be
#    aware that this block should only be used if you already have
#    an HTTPS `server` block properly configured, otherwise you may
#    end-up blocking all other access to your site.
server {
    listen 80;  # IPv4
    listen [::]:80;  # IPv6
    server_name domain.tld sub.domain.tld;
    location / {
      limit_except  GET { deny  all; }
    }
    return 301 https://sub.domain.tld$request_uri;
}

# Server Block to force Redirect of HTTPS Subdomain to Main Domain
#
# Note that this example relies on creating an explicitly separate
#    `server` block which will do a 301 HTTP Redirect response to
#    every request to the HTTPS request of the specific `sub`
#    subdomain as a way to enforce your main domain as the "only"
#    supported URL for your site.
#
# Also note that this likely requires separate pre-configuration of
#    your DNS records with your Domain Registrar so that the given
#    subdomain is actually accessible from the public internet.
server {
    listen 443 ssl;  # IPv4
    listen [::]:443 ssl;  # IPv6
    server_name sub.domain.tld;
    location / {
      limit_except  GET { deny  all; }
    }
    ssl_certificate     /path/to/sub.domain.tld/fullchain.cer;
    ssl_certificate_key /path/to/sub.domain.tld/sub.domain.tld.key;
    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
    return 301 https://domain.tld$request_uri;
}


# Minimum Viable HTTPS Server Block with Anti-Tracking Headers
server {
    listen 443 ssl;  # IPv4
    listen [::]:443 ssl;  # IPv6
    
    server_name sub.domain.tld;
    
    root /var/www/domain.tld;  # Server Filesystem Path
    include /etc/nginx/mime.types;  # Server Filesystem Path
    
    location / {
      try_files     $uri =404;
      limit_except  GET { deny  all; }
      add_header    X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
    }
    
    ssl_certificate     /path/to/sub.domain.tld/fullchain.cer;
    ssl_certificate_key /path/to/sub.domain.tld/sub.domain.tld.key;
    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
}


# Reference Links
# - http://nginx.org/en/docs/http/ngx_http_headers_module.html
# - https://developers.google.com/search/docs/crawling-indexing/robots-meta-tag
# - https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/#check-if-file-exists