123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107 |
- server {
- listen 80;
- listen [::]:80;
- server_name YOUR_DOMAIN;
- return 301 https://$server_name$request_uri;
- }
- server {
- listen 443 ssl http2;
- listen [::]:443 ssl http2;
- server_name YOUR_DOMAIN;
- ssl_protocols TLSv1.2;
- ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
- ssl_prefer_server_ciphers on;
- ssl_session_cache shared:SSL:10m;
- ssl_stapling on;
- ssl_stapling_verify on;
- add_header Strict-Transport-Security "max-age=31536000";
- add_header X-XSS-Protection "1; mode=block";
- ssl_certificate /etc/CHANGE_THIS/fullchain.pem;
- ssl_certificate_key /etc/CHANGE_THIS/privkey.pem;
- ssl_dhparam /etc/CHANGE_THIS/dhparam.pem;
- keepalive_timeout 70;
- sendfile on;
- client_max_body_size 20m;
- root /var/www/example.com;
- location ~* (?:DESIGN|(?:gpl|README|LICENSE)[^.]*|LEGALNOTICE)(?:\.txt)*$ {
- return 302 /;
- }
- location ~* \.(?:bat|git|ini|sh|svn[^.]*|txt|tpl|xml)$ {
- return 404;
- }
- # Main
- rewrite ^/home/?$ / permanent;
- rewrite ^/login/?$ /login/login.php break;
- rewrite ^/auth/?$ /login/auth.php break;
- rewrite ^/logout/?$ /login/logout.php break;
- rewrite ^/terms/?$ /login/terms.php break;
- rewrite ^/privacy/?$ /login/privacy.php break;
- rewrite ^/imprint/?$ /login/imprint.php break;
- # LTL
- rewrite ^/local/?$ /local.php break;
- # FTL
- rewrite ^/federated/?$ /federated.php break;
- # Notice
- rewrite ^/notifications/?$ /notifications.php break;
- # Who to follow
- rewrite ^/whotofollow/?$ /who_to_follow.php break;
- # Direct
- rewrite ^/direct/?$ /direct.php break;
- # Instance
- rewrite ^/instance/?$ /instance.php break;
- # Lists
- rewrite ^/lists/?$ /lists.php break;
- rewrite ^/lists/(\d+)/?$ /lists_view.php?id=$1 break;
- rewrite ^/lists/(\d+)/add/?$ /lists_add.php?id=$1 break;
- # Search
- rewrite ^/search/?$ /search_hash_tag.php break;
- rewrite ^/search/users/?$ /search_user.php break;
- # Settings
- rewrite ^/settings/?$ /settings_general.php break;
- rewrite ^/settings/profile/?$ /settings_profile.php break;
- rewrite ^/settings/appearance/?$ /settings_appearance.php break;
- rewrite ^/settings/filters/?$ /settings_filters.php break;
- rewrite ^/settings/media/?$ /settings_media.php break;
- # User
- rewrite ^/@(.+)@(.+)\.([a-z]+)/?$ /user.php?user=@$1@$2\.$3 break;
- rewrite ^/@(.+)@(.+)\.([a-z]+)/status/(.+?)?$ /user.php?user=@$1@$2\.$3&status=$4 break;
- rewrite ^/@(.+)@(.+)\.([a-z]+)/media/?$ /user_only_media.php?user=@$1@$2\.$3 break;
- rewrite ^/@(.+)@(.+)\.([a-z]+)/with_replies/?$ /user_include_replies.php?user=@$1@$2\.$3 break;
- rewrite ^/@(.+)@(.+)\.([a-z]+)/followers/?$ /user_followers.php?user=@$1@$2\.$3 break;
- rewrite ^/@(.+)@(.+)\.([a-z]+)/following/?$ /user_following.php?user=@$1@$2\.$3 break;
- rewrite ^/@(.+)@(.+)\.([a-z]+)/favourites/?$ /user_favorite.php?user=@$1@$2\.$3 break;
- # Image
- rewrite ^/avatars/original/missing.png$ /assets/images/missing.png break;
- rewrite ^/headers/original/missing.png$ /assets/images/missing_header.png break;
- # 404
- rewrite ^/404/?$ /404.php break;
- location ~ [^/]\.php(/|$) {
- fastcgi_split_path_info ^(.+?\.php)(/.*)$;
- include fastcgi_params;
- fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
- if (!-f $document_root$fastcgi_script_name) {
- return 404;
- }
- fastcgi_param PATH_INFO $fastcgi_path_info;
- fastcgi_param HTTPS on;
- fastcgi_buffers 8 256k;
- fastcgi_buffer_size 128k;
- fastcgi_intercept_errors on;
- fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;
- }
- }
|