feat: add nginx configuration example
This commit is contained in:
@@ -0,0 +1,96 @@
|
||||
server {
|
||||
listen 80;
|
||||
server_name votre-domaine.com;
|
||||
return 301 https://$server_name$request_uri;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
server_name votre-domaine.com;
|
||||
root /path/to/your/site;
|
||||
index index.php index.html;
|
||||
|
||||
# SSL Configuration (adaptez selon votre certificat)
|
||||
ssl_certificate /path/to/your/certificate.crt;
|
||||
ssl_certificate_key /path/to/your/private.key;
|
||||
|
||||
# ======================
|
||||
# SÉCURITÉ
|
||||
# ======================
|
||||
|
||||
# Bloquer l'accès aux fichiers de configuration
|
||||
location ~* \.(php|inc|conf|config|local)$ {
|
||||
deny all;
|
||||
return 404;
|
||||
}
|
||||
|
||||
# Protéger les répertoires sensibles
|
||||
location ~ ^/(includes|cache|docs)/ {
|
||||
deny all;
|
||||
return 404;
|
||||
}
|
||||
|
||||
# Bloquer les fichiers samples et backups
|
||||
location ~* \.(sample|bak|backup|log|tmp)$ {
|
||||
deny all;
|
||||
return 404;
|
||||
}
|
||||
|
||||
# Bloquer l'accès aux fichiers cachés
|
||||
location ~ /\. {
|
||||
deny all;
|
||||
return 404;
|
||||
}
|
||||
|
||||
# Empêcher l'exploration des répertoires
|
||||
autoindex off;
|
||||
|
||||
# ======================
|
||||
# RÉÉCRITURE D'URL
|
||||
# ======================
|
||||
|
||||
# Masquer l'extension .php et redirection
|
||||
location / {
|
||||
try_files $uri $uri/ @rewrite;
|
||||
}
|
||||
|
||||
location @rewrite {
|
||||
rewrite ^/([^.]+)$ /$1.php last;
|
||||
}
|
||||
|
||||
# Rediriger les URLs avec .php vers les URLs sans extension
|
||||
location ~ ^/(.+)\.php$ {
|
||||
return 301 /$1;
|
||||
}
|
||||
|
||||
# Traitement des fichiers PHP
|
||||
location ~ \.php$ {
|
||||
include fastcgi_params;
|
||||
fastcgi_pass unix:/var/run/php/php8.1-fpm.sock; # Adaptez selon votre version PHP
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
|
||||
}
|
||||
|
||||
# ======================
|
||||
# OPTIMISATIONS
|
||||
# ======================
|
||||
|
||||
# Cache des fichiers statiques
|
||||
location ~* \.(css|js|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
|
||||
expires 1y;
|
||||
add_header Cache-Control "public, immutable";
|
||||
access_log off;
|
||||
}
|
||||
|
||||
# Compression gzip
|
||||
gzip on;
|
||||
gzip_vary on;
|
||||
gzip_min_length 1024;
|
||||
gzip_types text/plain text/css text/xml text/javascript application/javascript application/xml+rss application/json;
|
||||
|
||||
# Headers de sécurité
|
||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
add_header X-XSS-Protection "1; mode=block" always;
|
||||
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
|
||||
}
|
||||
Reference in New Issue
Block a user