server {
listen 80;
listen [::]:80;
server_name example.net www.example.net;
return 302 https://$server_name$request_uri;
}
server {
# SSL configuration
listen 443 quic reuseport; # QUIC
listen 443 ssl;
listen [::]:443 ssl;
http2 on;
ssl_certificate /etc/ssl/cert.pem;
ssl_certificate_key /etc/ssl/key.pem;
root /var/www/html/;
index index.php index.html index.htm index.nginx-debian.html;
add_header Alt-Svc ‘h3=“:$server_port”; ma=86400’;
add_header Strict-Transport-Security “max-age=31536000; includeSubdomains; preload”;
add_header Permissions-Policy “interest-cohort=()” always;
add_header X-Frame-Options sameorigin;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection ‘1; mode=block’;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header Content-Security-Policy upgrade-insecure-requests;
add_header Referrer-Policy strict-origin;
location / {
try_files $uri $uri/ /index.php;
}
location ~ .php$ {
fastcgi_pass unix:/run/php/php8.2-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
include snippets/fastcgi-php.conf;
}
A long browser cache lifetime can speed up repeat visits to your page
location ~* .(jpg|jpeg|gif|png|webp|svg|woff|woff2|ttf|css|js|ico|xml)$ {
access_log off;
log_not_found off;
expires 360d;
}
disable access to hidden files
location ~ /.ht {
access_log off;
log_not_found off;
deny all;
}
}
