tsd-zzz/nginx.conf

## nginx.conf
# FOR THOSE WHO TAKE THIS CONFIG:
#
# You only really need the "server" tab for this, the rest is mostly configured for me.
#
server {
    listen      your.ip.address.here:443;
    server_name brettw.xyz www.brettw.xyz;

    root        /your/root/directory/public_html;
    index       index.php index.html index.htm;
    access_log  /your/log/directory.log combined;
    access_log  /your/log/directory.log.bytes bytes;
    error_log   /your/log/directory.error.log error;

    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
    add_header X-Frame-Options "DENY";
    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Permitted-Cross-Domain-Policies none;
    add_header Content-Security-Policy "default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; font-src 'self'; frame-ancestors 'none'; block-all-mixed-content ";
    add_header 'Referrer-Policy' 'no-referrer';
    add_header Public-Key-Pins 'pin-sha256=""; pin-sha256=""; pin-sha256=""; max-age=5184000; includeSubDomains';
      # - Public Key Pinning -
     # DO NOT MESS WITH THIS IF YOU DONT KNOW WHAT YOU ARE DOING. THIS HAS THE ABILITY TO MAKE YOUR SITE INACESSIBLE FOR A LONG PERIOD
     # OF TIME. CHROME/FIREFOX HAVE BACKED AWAY FROM IT, BUT STILL SUPPORT IT.
    ssl         on;
    ssl_certificate      /your/ssl/certificate/here.pem;
    ssl_certificate_key  /your/ssl/key/here.key;

    # Below here is stuff you probably won't need.
    location / {

        location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
            expires     max;
        }
            location ~ [^/]\.php(/|$) {
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            if (!-f $document_root$fastcgi_script_name) {
                return  404;
            }

            fastcgi_pass    127.0.0.1:9003;
            fastcgi_index   index.php;
            include         /etc/nginx/fastcgi_params;
        }
    }

    error_page  403 /error/404.html;
    error_page  404 /error/404.html;
    error_page  500 502 503 504 /error/50x.html;

    location /error/ {
        alias   /your/directory/here/document_errors/;
    }

    location ~* "/\.(htaccess|htpasswd)$" {
        deny    all;
        return  404;
    }
	# FOR THOSE WHO TAKE THIS CONFIG:
	#
	# You only really need the "server" tab for this, the rest is mostly configured for me.
	#
	server {
	listen your.ip.address.here:443;
	server_name brettw.xyz www.brettw.xyz;

	root /your/root/directory/public_html;
	index index.php index.html index.htm;
	access_log /your/log/directory.log combined;
	access_log /your/log/directory.log.bytes bytes;
	error_log /your/log/directory.error.log error;

	add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
	add_header X-Frame-Options "DENY";
	add_header X-Content-Type-Options nosniff;
	add_header X-XSS-Protection "1; mode=block";
	add_header X-Permitted-Cross-Domain-Policies none;
	add_header Content-Security-Policy "default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; font-src 'self'; frame-ancestors 'none'; block-all-mixed-content ";
	add_header 'Referrer-Policy' 'no-referrer';
	add_header Public-Key-Pins 'pin-sha256=""; pin-sha256=""; pin-sha256=""; max-age=5184000; includeSubDomains';
	# - Public Key Pinning -
	# DO NOT MESS WITH THIS IF YOU DONT KNOW WHAT YOU ARE DOING. THIS HAS THE ABILITY TO MAKE YOUR SITE INACESSIBLE FOR A LONG PERIOD
	# OF TIME. CHROME/FIREFOX HAVE BACKED AWAY FROM IT, BUT STILL SUPPORT IT.
	ssl on;
	ssl_certificate /your/ssl/certificate/here.pem;
	ssl_certificate_key /your/ssl/key/here.key;

	# Below here is stuff you probably won't need.
	location / {

	location ~* ^.+\.(jpeg\|jpg\|png\|gif\|bmp\|ico\|svg\|css\|js)$ {
	expires max;
	}
	location ~ [^/]\.php(/\|$) {
	fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
	if (!-f $document_root$fastcgi_script_name) {
	return 404;
	}

	fastcgi_pass 127.0.0.1:9003;
	fastcgi_index index.php;
	include /etc/nginx/fastcgi_params;
	}
	}

	error_page 403 /error/404.html;
	error_page 404 /error/404.html;
	error_page 500 502 503 504 /error/50x.html;

	location /error/ {
	alias /your/directory/here/document_errors/;
	}

	location ~* "/\.(htaccess\|htpasswd)$" {
	deny all;
	return 404;
	}