mirror of
https://github.com/manualdousuario/marreta.git
synced 2025-04-09 23:29:08 +00:00
62 lines
1.5 KiB
Text
62 lines
1.5 KiB
Text
server {
|
|
listen 80 default_server;
|
|
listen [::]:80 default_server;
|
|
|
|
root /app;
|
|
index index.php index.html index.htm;
|
|
|
|
server_name _;
|
|
|
|
# Hide NGINX version to reduce exposed information
|
|
server_tokens off;
|
|
|
|
# NGINX-specific security configurations
|
|
|
|
# Limit upload size to prevent denial of service attacks
|
|
client_max_body_size 10M;
|
|
client_body_buffer_size 128k;
|
|
|
|
# Disable directory listing to prevent structure exposure
|
|
autoindex off;
|
|
|
|
# Block access to sensitive directories
|
|
location ~ ^/(logs|cache|inc|data|cli|bin|languages|vendor)/ {
|
|
deny all;
|
|
return 403;
|
|
}
|
|
|
|
# All requests go through index.php for FastRoute routing
|
|
location / {
|
|
try_files $uri $uri/ /index.php?$args;
|
|
}
|
|
|
|
location ~ \.php$ {
|
|
if ($uri ~ ^/p/) {
|
|
rewrite ^/p/(.*)$ /index.php?url=$1 last;
|
|
}
|
|
if ($uri ~ ^/api/) {
|
|
rewrite ^/api/(.*)$ /index.php?url=$1 last;
|
|
}
|
|
include snippets/fastcgi-php.conf;
|
|
fastcgi_pass 127.0.0.1:9000;
|
|
|
|
# Hide header that reveals PHP version
|
|
fastcgi_hide_header X-Powered-By;
|
|
}
|
|
|
|
# Block access to hidden files and directories
|
|
location ~ /\. {
|
|
deny all;
|
|
return 404;
|
|
}
|
|
|
|
# Block access to configuration and database files
|
|
location ~ \.(sql|conf|ini)$ {
|
|
deny all;
|
|
return 404;
|
|
}
|
|
|
|
# Minimize logs to reduce information exposure
|
|
access_log /dev/null;
|
|
error_log /dev/stderr warn;
|
|
}
|