Initial Commit

nginx/nginxconfig.io/general.conf

@@ -0,0 +1,27 @@
+# favicon.ico
+location = /favicon.ico {
+    log_not_found off;
+}
+
+# robots.txt
+location = /robots.txt {
+    log_not_found off;
+}
+
+# assets, media
+location ~* \.(?:css(\.map)?|js(\.map)?|jpe?g|png|gif|ico|cur|heic|webp|tiff?|mp3|m4a|aac|ogg|midi?|wav|mp4|mov|webm|mpe?g|avi|ogv|flv|wmv)$ {
+    expires 7d;
+}
+
+# svg, fonts
+location ~* \.(?:svgz?|ttf|ttc|otf|eot|woff2?)$ {
+    add_header Access-Control-Allow-Origin "*";
+    expires    7d;
+}
+
+# gzip
+gzip            on;
+gzip_vary       on;
+gzip_proxied    any;
+gzip_comp_level 6;
+gzip_types      text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;

nginx/nginxconfig.io/php_fastcgi.conf

@@ -0,0 +1,15 @@
+# 404
+try_files                     $fastcgi_script_name =404;
+
+# default fastcgi_params
+include                       fastcgi_params;
+
+# fastcgi settings
+fastcgi_index                 index.php;
+fastcgi_buffers               8 16k;
+fastcgi_buffer_size           32k;
+
+# fastcgi params
+fastcgi_param DOCUMENT_ROOT   $realpath_root;
+fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
+fastcgi_param PHP_ADMIN_VALUE "open_basedir=$base/:/usr/lib/php/:/tmp/";

nginx/nginxconfig.io/security.conf

@@ -0,0 +1,12 @@
+# security headers
+add_header X-XSS-Protection          "1; mode=block" always;
+add_header X-Content-Type-Options    "nosniff" always;
+add_header Referrer-Policy           "no-referrer-when-downgrade" always;
+add_header Content-Security-Policy   "default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self';" always;
+add_header Permissions-Policy        "interest-cohort=()" always;
+add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+
+# . files
+location ~ /\.(?!well-known) {
+    deny all;
+}