scripts/nginx_config_maker/prod/lxc_containers/caisse

server {

if ($host = caisse.cipherbliss.com ) {
        return 301 https://$host$request_uri;
    }
    listen caisse.cipherbliss.com:80;
    listen [::]:80;
    server_name caisse.cipherbliss.com;
    # enforce https
    return 301 https://$server_name$request_uri;
    add_header Permissions-Policy "interest-cohort=()";
}


server {

    listen 443 ssl default_server http2;
    listen [::]:443 default_server ssl http2;
    server_name caisse.cipherbliss.com;

    # Use Mozilla's guidelines for SSL/TLS settings
    # https://mozilla.github.io/server-side-tls/ssl-config-generator/
    # NOTE: some settings below might be redundant
    ssl_certificate /etc/letsencrypt/live/caisse.cipherbliss.com-0001/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/caisse.cipherbliss.com-0001/privkey.pem;

    # Path to the root of your installation
    root /home/www/tykayn/caisse-fanzine/web/;

         location / {
        # try to serve file directly, fallback to app.php
        try_files $uri /index.php /app.php$is_args$args;
        }

        location = /favicon.ico {
                log_not_found off;
                access_log off;
        }

        location = /robots.txt {
                allow all;
                log_not_found off;
                access_log off;
        }


        location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
                expires max;
                log_not_found off;
        }
# PROD
    location ~ ^/app\.php(/|$) {
		    include fastcgi.conf;
		      fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
                fastcgi_intercept_errors on;
#                fastcgi_pass php-handler;
       # When you are using symlinks to link the document root to the
       # current version of your application, you should pass the real
       # application path instead of the path to the symlink to PHP
       # FPM.
       # Otherwise, PHP's OPcache may not properly detect changes to
       # your PHP files (see https://github.com/zendtech/ZendOptimizerPlus/issues/126
       # for more information).
       fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
       fastcgi_param DOCUMENT_ROOT $realpath_root;
       # Prevents URIs that include the front controller. This will 404:
       # http://domain.tld/app.php/some-path
       # Remove the internal directive to allow URIs like this
       internal;
   }

   # return 404 for all other php files not matching the front controller
   # this prevents access to other php files you don't want to be accessible.
   location ~ \.php$ {
     return 404;
   }
    add_header Permissions-Policy "interest-cohort=()";
}
backup prod files 2023-06-15 19:42:12 +02:00			`server {`

			`if ($host = caisse.cipherbliss.com ) {`
			`return 301 https://$host$request_uri;`
			`}`
			`listen caisse.cipherbliss.com:80;`
			`listen [::]:80;`
			`server_name caisse.cipherbliss.com;`
			`# enforce https`
			`return 301 https://$server_name$request_uri;`
			`add_header Permissions-Policy "interest-cohort=()";`
			`}`


			`server {`

			`listen 443 ssl default_server http2;`
			`listen [::]:443 default_server ssl http2;`
			`server_name caisse.cipherbliss.com;`

			`# Use Mozilla's guidelines for SSL/TLS settings`
			`# https://mozilla.github.io/server-side-tls/ssl-config-generator/`
			`# NOTE: some settings below might be redundant`
			`ssl_certificate /etc/letsencrypt/live/caisse.cipherbliss.com-0001/fullchain.pem;`
			`ssl_certificate_key /etc/letsencrypt/live/caisse.cipherbliss.com-0001/privkey.pem;`

			`# Path to the root of your installation`
			`root /home/www/tykayn/caisse-fanzine/web/;`

			`location / {`
			`# try to serve file directly, fallback to app.php`
			`try_files $uri /index.php /app.php$is_args$args;`
			`}`

			`location = /favicon.ico {`
			`log_not_found off;`
			`access_log off;`
			`}`

			`location = /robots.txt {`
			`allow all;`
			`log_not_found off;`
			`access_log off;`
			`}`


			`location ~* \.(js\|css\|png\|jpg\|jpeg\|gif\|ico)$ {`
			`expires max;`
			`log_not_found off;`
			`}`
			`# PROD`
			`location ~ ^/app\.php(/\|$) {`
			`include fastcgi.conf;`
			`fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;`
			`fastcgi_intercept_errors on;`
			`# fastcgi_pass php-handler;`
			`# When you are using symlinks to link the document root to the`
			`# current version of your application, you should pass the real`
			`# application path instead of the path to the symlink to PHP`
			`# FPM.`
			`# Otherwise, PHP's OPcache may not properly detect changes to`
			`# your PHP files (see https://github.com/zendtech/ZendOptimizerPlus/issues/126`
			`# for more information).`
			`fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;`
			`fastcgi_param DOCUMENT_ROOT $realpath_root;`
			`# Prevents URIs that include the front controller. This will 404:`
			`# http://domain.tld/app.php/some-path`
			`# Remove the internal directive to allow URIs like this`
			`internal;`
			`}`

			`# return 404 for all other php files not matching the front controller`
			`# this prevents access to other php files you don't want to be accessible.`
			`location ~ \.php$ {`
			`return 404;`
			`}`
			`add_header Permissions-Policy "interest-cohort=()";`
			`}`