95 lines
2.8 KiB
Plaintext
95 lines
2.8 KiB
Plaintext
server {
|
|
listen 80;
|
|
|
|
client_body_buffer_size 100K;
|
|
client_header_buffer_size 1k;
|
|
client_max_body_size 100k;
|
|
large_client_header_buffers 2 1k;
|
|
|
|
client_body_timeout 10;
|
|
client_header_timeout 10;
|
|
keepalive_timeout 5 5;
|
|
send_timeout 10;
|
|
|
|
root /var/www/passbolt;
|
|
|
|
# X-Frame-Options is to prevent from clickJacking attack
|
|
add_header X-Frame-Options SAMEORIGIN;
|
|
|
|
# disable content-type sniffing on some browsers.
|
|
add_header X-Content-Type-Options nosniff;
|
|
|
|
# This header enables the Cross-site scripting (XSS) filter
|
|
add_header X-XSS-Protection "1; mode=block";
|
|
|
|
# This will enforce HTTP browsing into HTTPS and avoid ssl stripping attack
|
|
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
|
|
|
|
location / {
|
|
try_files $uri $uri/ /index.php?$args;
|
|
index index.php;
|
|
}
|
|
|
|
location ~ \.php$ {
|
|
fastcgi_index index.php;
|
|
fastcgi_pass 127.0.0.1:9000;
|
|
fastcgi_split_path_info ^(.+\.php)(.+)$;
|
|
include fastcgi_params;
|
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
|
fastcgi_param SERVER_NAME $http_host;
|
|
}
|
|
|
|
location ~* \.(jpe?g|woff|woff2|ttf|gif|png|bmp|ico|css|js|json|pdf|zip|htm|html|docx?|xlsx?|pptx?|txt|wav|swf|svg|avi|mp\d)$ {
|
|
access_log off;
|
|
log_not_found off;
|
|
try_files $uri /app/webroot/$uri /index.php?$args;
|
|
}
|
|
|
|
}
|
|
|
|
server {
|
|
listen 443;
|
|
|
|
ssl on;
|
|
ssl_certificate /etc/ssl/certs/certificate.crt;
|
|
ssl_certificate_key /etc/ssl/certs/certificate.key;
|
|
ssl_protocols TLSv1.2;
|
|
ssl_prefer_server_ciphers on;
|
|
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
|
|
ssl_session_tickets off;
|
|
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
|
|
add_header X-Frame-Options DENY;
|
|
add_header X-Content-Type-Options nosniff;
|
|
|
|
root /var/www/passbolt;
|
|
|
|
# X-Frame-Options is to prevent from clickJacking attack
|
|
add_header X-Frame-Options SAMEORIGIN;
|
|
|
|
# disable content-type sniffing on some browsers.
|
|
add_header X-Content-Type-Options nosniff;
|
|
|
|
# This header enables the Cross-site scripting (XSS) filter
|
|
add_header X-XSS-Protection "1; mode=block";
|
|
|
|
location / {
|
|
try_files $uri $uri/ /index.php?$args;
|
|
index index.php;
|
|
}
|
|
|
|
location ~ \.php$ {
|
|
fastcgi_index index.php;
|
|
fastcgi_pass 127.0.0.1:9000;
|
|
fastcgi_split_path_info ^(.+\.php)(.+)$;
|
|
include fastcgi_params;
|
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
|
fastcgi_param SERVER_NAME $http_host;
|
|
}
|
|
|
|
location ~* \.(jpe?g|woff|woff2|ttf|gif|png|bmp|ico|css|js|json|pdf|zip|htm|html|docx?|xlsx?|pptx?|txt|wav|swf|svg|avi|mp\d)$ {
|
|
access_log off;
|
|
log_not_found off;
|
|
try_files $uri /app/webroot/$uri /index.php?$args;
|
|
}
|
|
}
|