2018-05-08 23:25:00 +02:00
|
|
|
server {
|
2021-06-07 15:46:30 +02:00
|
|
|
listen 8443 ssl http2;
|
|
|
|
listen [::]:8443 ssl http2;
|
|
|
|
|
2018-05-08 23:25:00 +02:00
|
|
|
server_name zabbix;
|
|
|
|
server_name_in_redirect off;
|
|
|
|
|
|
|
|
index index.php;
|
|
|
|
access_log /dev/fd/1 main;
|
|
|
|
error_log /dev/fd/2 error;
|
|
|
|
|
|
|
|
set $webroot '/usr/share/zabbix';
|
|
|
|
|
|
|
|
root $webroot;
|
|
|
|
|
|
|
|
large_client_header_buffers 8 8k;
|
|
|
|
|
|
|
|
client_max_body_size 10M;
|
|
|
|
|
|
|
|
ssl_certificate /etc/ssl/nginx/ssl.crt;
|
|
|
|
ssl_certificate_key /etc/ssl/nginx/ssl.key;
|
|
|
|
ssl_dhparam /etc/ssl/nginx/dhparam.pem;
|
|
|
|
|
2021-06-09 01:44:11 +02:00
|
|
|
ssl_session_timeout 1d;
|
|
|
|
ssl_session_cache shared:MozSSL:10m;
|
|
|
|
ssl_session_tickets off;
|
|
|
|
|
|
|
|
# intermediate configuration
|
|
|
|
ssl_protocols TLSv1.2 TLSv1.3;
|
|
|
|
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
|
|
|
|
ssl_prefer_server_ciphers off;
|
|
|
|
|
|
|
|
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
|
|
|
|
add_header Strict-Transport-Security "max-age=63072000" always;
|
2018-05-08 23:25:00 +02:00
|
|
|
|
|
|
|
add_header Content-Security-Policy-Report-Only "default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report";
|
|
|
|
|
|
|
|
location =/nginx_status {
|
|
|
|
stub_status on;
|
2021-06-09 01:44:11 +02:00
|
|
|
access_log off;
|
2018-05-08 23:25:00 +02:00
|
|
|
allow 127.0.0.1;
|
|
|
|
deny all;
|
|
|
|
}
|
|
|
|
|
|
|
|
location = /favicon.ico {
|
|
|
|
log_not_found off;
|
|
|
|
}
|
|
|
|
|
|
|
|
location = /robots.txt {
|
|
|
|
allow all;
|
|
|
|
log_not_found off;
|
|
|
|
access_log off;
|
|
|
|
}
|
|
|
|
|
|
|
|
# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
|
|
|
|
location ~ /\. {
|
|
|
|
deny all;
|
|
|
|
access_log off;
|
|
|
|
log_not_found off;
|
|
|
|
}
|
|
|
|
|
|
|
|
# caching of files
|
2021-06-09 01:44:11 +02:00
|
|
|
location ~* \.ico$ {
|
2018-05-08 23:25:00 +02:00
|
|
|
expires 1y;
|
|
|
|
}
|
|
|
|
|
2021-06-09 01:44:11 +02:00
|
|
|
location ~* \.(js|css|png|jpg|jpeg|gif|xml|txt)$ {
|
2018-05-08 23:25:00 +02:00
|
|
|
expires 14d;
|
|
|
|
}
|
|
|
|
|
2021-06-09 01:44:11 +02:00
|
|
|
location ~ /(app\/|conf[^\.]|include\/|local\/|locale\/) {
|
|
|
|
deny all;
|
|
|
|
return 404;
|
2018-05-08 23:25:00 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
location / {
|
|
|
|
try_files $uri $uri/ /index.php?$args;
|
2021-06-07 13:19:48 +02:00
|
|
|
}
|
|
|
|
|
2018-05-08 23:25:00 +02:00
|
|
|
location ~ .php$ {
|
2020-07-14 13:41:02 +02:00
|
|
|
fastcgi_pass unix:/tmp/php-fpm.sock;
|
2018-05-08 23:25:00 +02:00
|
|
|
fastcgi_index index.php;
|
|
|
|
|
|
|
|
fastcgi_param SCRIPT_FILENAME $webroot$fastcgi_script_name;
|
|
|
|
|
|
|
|
include fastcgi_params;
|
|
|
|
fastcgi_param QUERY_STRING $query_string;
|
|
|
|
fastcgi_param REQUEST_METHOD $request_method;
|
|
|
|
fastcgi_param CONTENT_TYPE $content_type;
|
|
|
|
fastcgi_param CONTENT_LENGTH $content_length;
|
|
|
|
fastcgi_intercept_errors on;
|
|
|
|
fastcgi_ignore_client_abort off;
|
|
|
|
fastcgi_connect_timeout 60;
|
|
|
|
fastcgi_send_timeout 180;
|
2020-10-14 15:01:05 +02:00
|
|
|
fastcgi_read_timeout {FCGI_READ_TIMEOUT};
|
2018-05-08 23:25:00 +02:00
|
|
|
fastcgi_buffer_size 128k;
|
|
|
|
fastcgi_buffers 4 256k;
|
|
|
|
fastcgi_busy_buffers_size 256k;
|
|
|
|
fastcgi_temp_file_write_size 256k;
|
|
|
|
}
|
|
|
|
}
|