123 lines
5.0 KiB
Plaintext
123 lines
5.0 KiB
Plaintext
|
##### Process http start #######################################################
|
||
|
server {
|
||
|
listen 80;
|
||
|
server_name DOMAIN;
|
||
|
return 301 https://DOMAIN$request_uri;
|
||
|
server_tokens off;
|
||
|
}
|
||
|
##### Process http stop ########################################################
|
||
|
|
||
|
##### Process https start ######################################################
|
||
|
server {
|
||
|
listen 443 ssl http2;
|
||
|
server_name DOMAIN;
|
||
|
server_tokens off;
|
||
|
root /usr/share/zabbix;
|
||
|
index index.php;
|
||
|
|
||
|
##### SSL configuration start ##############################################
|
||
|
# ssl_protocols TLSv1.2 TLSv1.3;
|
||
|
# ssl_ciphers EECDH+AESGCM:EDH+AESGCM;
|
||
|
# ssl_prefer_server_ciphers off;
|
||
|
# ssl_stapling on;
|
||
|
# ssl_stapling_verify on;
|
||
|
# resolver 8.8.4.4 8.8.8.8;
|
||
|
# resolver_timeout 5s;
|
||
|
# ssl_session_timeout 1d;
|
||
|
# ssl_session_tickets off;
|
||
|
# ssl_session_cache shared:SSL:10m;
|
||
|
# ssl_certificate /etc/letsencrypt/live/DOMAIN/fullchain.pem;
|
||
|
# ssl_certificate_key /etc/letsencrypt/live/DOMAIN/privkey.pem;
|
||
|
# ssl_trusted_certificate /etc/letsencrypt/live/DOMAIN/fullchain.pem;
|
||
|
##### SSL configuration stop ###############################################
|
||
|
|
||
|
##### XSS headers start ####################################################
|
||
|
# add_header X-Frame-Options DENY;
|
||
|
# add_header X-Frame-Options SAMEORIGIN;
|
||
|
# add_header X-Content-Type-Options nosniff;
|
||
|
# add_header X-XSS-Protection "1; mode=block";
|
||
|
# add_header Permissions-Policy interest-cohort=();
|
||
|
# add_header Content-Security-Policy "default-src 'self'";
|
||
|
# add_header Referrer-Policy strict-origin-when-cross-origin;
|
||
|
# add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
|
||
|
##### XSS headers stop #####################################################
|
||
|
|
||
|
##### Optional include custom Error pages start ############################
|
||
|
include /etc/nginx/nginxsnippets/custom-errors.conf;
|
||
|
##### Optional include custom Error pages stop #############################
|
||
|
|
||
|
##### Optional disable gzip start ##########################################
|
||
|
# gzip off;
|
||
|
##### Optional disable gzip stop ###########################################
|
||
|
|
||
|
##### Optional disable access log start ####################################
|
||
|
# access_log off;
|
||
|
##### Optional disable access log stop #####################################
|
||
|
|
||
|
##### Block Bad referers and bad bots start ################################
|
||
|
if ($bad_referer) { return 444; }
|
||
|
if ($bad_user_agent) { return 444; }
|
||
|
##### Block Bad referers and bad bots stop #################################
|
||
|
|
||
|
##### Optional stuff start #################################################
|
||
|
# include /etc/nginx/nginxsnippets/block-engines.conf;
|
||
|
include /etc/nginx/nginxsnippets/log-exclude.conf;
|
||
|
include /etc/nginx/nginxsnippets/block-htaccess.conf;
|
||
|
include /etc/nginx/nginxsnippets/block-file-access.conf;
|
||
|
##### Optional stuff stop ##################################################
|
||
|
|
||
|
##### Enable fastcgi cache start ###########################################
|
||
|
set $skip_cache 0;
|
||
|
##### Enable fastcgi cache stop ############################################
|
||
|
|
||
|
##### Misc content start ###################################################
|
||
|
location / {
|
||
|
|
||
|
try_files $uri $uri/ =404;
|
||
|
}
|
||
|
|
||
|
location /assets {
|
||
|
access_log off;
|
||
|
expires 10d;
|
||
|
}
|
||
|
|
||
|
location ~ /(api\/|conf[^\.]|include|locale) {
|
||
|
deny all;
|
||
|
return 404;
|
||
|
}
|
||
|
##### Misc content stop ####################################################
|
||
|
|
||
|
##### Process php ##########################################################
|
||
|
location ~ [^/]\.php(/|$) {
|
||
|
fastcgi_pass unix:/var/run/php/zabbix.sock;
|
||
|
|
||
|
fastcgi_param DOCUMENT_ROOT /usr/share/zabbix;
|
||
|
fastcgi_param SCRIPT_FILENAME /usr/share/zabbix$fastcgi_script_name;
|
||
|
fastcgi_param PATH_TRANSLATED /usr/share/zabbix$fastcgi_script_name;
|
||
|
|
||
|
include fastcgi_params;
|
||
|
fastcgi_param QUERY_STRING $query_string;
|
||
|
fastcgi_param REQUEST_METHOD $request_method;
|
||
|
fastcgi_param CONTENT_TYPE $content_type;
|
||
|
fastcgi_param CONTENT_LENGTH $content_length;
|
||
|
|
||
|
fastcgi_intercept_errors on;
|
||
|
fastcgi_ignore_client_abort off;
|
||
|
fastcgi_connect_timeout 60;
|
||
|
fastcgi_send_timeout 180;
|
||
|
fastcgi_read_timeout 180;
|
||
|
fastcgi_buffer_size 128k;
|
||
|
fastcgi_buffers 4 256k;
|
||
|
fastcgi_busy_buffers_size 256k;
|
||
|
fastcgi_temp_file_write_size 256k;
|
||
|
}
|
||
|
##### Process php ##########################################################
|
||
|
|
||
|
##### Cache js css and all statics start ###################################
|
||
|
include /etc/nginx/nginxsnippets/cache-open-files.conf;
|
||
|
include /etc/nginx/nginxsnippets/cache-statics.conf;
|
||
|
include /etc/nginx/nginxsnippets/cache-js-css.conf;
|
||
|
##### Cache js css and all statics stop ####################################
|
||
|
}
|
||
|
##### Process https start ######################################################
|