96 lines
2.5 KiB
Plaintext
96 lines
2.5 KiB
Plaintext
server {
|
|
listen 80;
|
|
server_name votre-domaine.com;
|
|
return 301 https://$server_name$request_uri;
|
|
}
|
|
|
|
server {
|
|
listen 443 ssl http2;
|
|
server_name votre-domaine.com;
|
|
root /path/to/your/site;
|
|
index index.php index.html;
|
|
|
|
# SSL Configuration (adaptez selon votre certificat)
|
|
ssl_certificate /path/to/your/certificate.crt;
|
|
ssl_certificate_key /path/to/your/private.key;
|
|
|
|
# ======================
|
|
# SÉCURITÉ
|
|
# ======================
|
|
|
|
# Bloquer l'accès aux fichiers de configuration
|
|
location ~* \.(php|inc|conf|config|local)$ {
|
|
deny all;
|
|
return 404;
|
|
}
|
|
|
|
# Protéger les répertoires sensibles
|
|
location ~ ^/(includes|cache|docs|conf)/ {
|
|
deny all;
|
|
return 404;
|
|
}
|
|
|
|
# Bloquer les fichiers samples et backups
|
|
location ~* \.(sample|bak|backup|log|tmp)$ {
|
|
deny all;
|
|
return 404;
|
|
}
|
|
|
|
# Bloquer l'accès aux fichiers cachés
|
|
location ~ /\. {
|
|
deny all;
|
|
return 404;
|
|
}
|
|
|
|
# Empêcher l'exploration des répertoires
|
|
autoindex off;
|
|
|
|
# ======================
|
|
# RÉÉCRITURE D'URL
|
|
# ======================
|
|
|
|
# Masquer l'extension .php et redirection
|
|
location / {
|
|
try_files $uri $uri/ @rewrite;
|
|
}
|
|
|
|
location @rewrite {
|
|
rewrite ^/([^.]+)$ /$1.php last;
|
|
}
|
|
|
|
# Rediriger les URLs avec .php vers les URLs sans extension
|
|
location ~ ^/(.+)\.php$ {
|
|
return 301 /$1;
|
|
}
|
|
|
|
# Traitement des fichiers PHP
|
|
location ~ \.php$ {
|
|
include fastcgi_params;
|
|
fastcgi_pass unix:/var/run/php/php8.1-fpm.sock; # Adaptez selon votre version PHP
|
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
|
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
|
|
}
|
|
|
|
# ======================
|
|
# OPTIMISATIONS
|
|
# ======================
|
|
|
|
# Cache des fichiers statiques
|
|
location ~* \.(css|js|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
|
|
expires 1y;
|
|
add_header Cache-Control "public, immutable";
|
|
access_log off;
|
|
}
|
|
|
|
# Compression gzip
|
|
gzip on;
|
|
gzip_vary on;
|
|
gzip_min_length 1024;
|
|
gzip_types text/plain text/css text/xml text/javascript application/javascript application/xml+rss application/json;
|
|
|
|
# Headers de sécurité
|
|
add_header X-Frame-Options "SAMEORIGIN" always;
|
|
add_header X-Content-Type-Options "nosniff" always;
|
|
add_header X-XSS-Protection "1; mode=block" always;
|
|
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
|
|
} |