Skip to content

Instantly share code, notes, and snippets.

@eliyas5044

eliyas5044/api.example.com.conf.md

Created February 2, 2024 17:04
Show Gist options
  • Save eliyas5044/e7ef35c87191c6e3203d060e3bec9947 to your computer and use it in GitHub Desktop.
Save eliyas5044/e7ef35c87191c6e3203d060e3bec9947 to your computer and use it in GitHub Desktop.
Download ZIP
Nginx config for Laravel, PHP
Raw
api.example.com.conf.md

HTTP config

server {
  listen 80;
  server_name api.example.com;
  root /var/www/api/public;

  if ( $scheme = "http" ) {
    return 301 https://$host$request_uri;
  }

  # security headers
  # add_header X-Robots-Tag "noindex, nofollow";
  add_header X-XSS-Protection "1; mode=block" always;
  add_header X-Content-Type-Options "nosniff" always;
  add_header Referrer-Policy "no-referrer-when-downgrade" always;
  #add_header Content-Security-Policy "default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';" always;
  add_header Permissions-Policy "interest-cohort=()" always;
  add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

  index index.php;

  charset utf-8;

  location / {
    try_files $uri $uri/ /index.php?$query_string;
  }

  location ~ \.php$ {
    fastcgi_pass unix:/var/run/php/php8.3-fpm.sock;
    fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
    include fastcgi_params;
  }

  access_log off;
  error_log /var/log/nginx/api.example.com-error.log error;

  # ACME-challenge
  location ^~ /.well-known/acme-challenge/ {
    root /var/www/_letsencrypt;
  }

  location ~ /\.(?!well-known).* {
    deny all;
  }
}

HTTPS config

server {
  listen 80;
  listen 443 ssl http2;
  server_name api.example.com;
  root /var/www/api/public;

  if ( $scheme = "http" ) {
    return 301 https://$host$request_uri;
  }

  # SSL
  ssl_certificate /etc/letsencrypt/live/api.example.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/api.example.com/privkey.pem;

  # security headers
  # add_header X-Robots-Tag "noindex, nofollow";
  add_header X-XSS-Protection "1; mode=block" always;
  add_header X-Content-Type-Options "nosniff" always;
  add_header Referrer-Policy "no-referrer-when-downgrade" always;
  #add_header Content-Security-Policy "default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';" always;
  add_header Permissions-Policy "interest-cohort=()" always;
  add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

  index index.php;

  charset utf-8;

  location / {
    try_files $uri $uri/ /index.php?$query_string;
  }

  location ~ \.php$ {
    fastcgi_pass unix:/var/run/php/php8.3-fpm.sock;
    fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
    include fastcgi_params;
  }

  access_log off;
  error_log /var/log/nginx/api.example.com-error.log error;

  # ACME-challenge
  location ^~ /.well-known/acme-challenge/ {
    root /var/www/_letsencrypt;
  }

  location ~ /\.(?!well-known).* {
    deny all;
  }
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment