webserver-config/site-config.conf

# HTTP redirect
server {
    listen 80;
    listen [::]:80;
    server_name .$DOMAIN;
    return 301 https://$host$request_uri;
}

# HTTPS server
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name .$DOMAIN;

    # SSL configuration
    ssl_certificate /etc/letsencrypt/live/$DOMAIN/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/$DOMAIN/privkey.pem;
    include snippets/ssl.conf;

    # Check for banned IPs
    if ($is_banned) {
        rewrite ^ @banned last;
    }

    # Banned location handler
    location @banned {
        internal;
        add_header Content-Type text/plain;
        return 403 "403 Forbidden (IP temporarily banned)\n";
    }

    # Site-specific error pages
    error_page 403 /site-error-page/403.html;
    error_page 404 /site-error-page/404.html;
    error_page 503 /site-error-page/503.html;
    error_page 500 502 504 /site-error-page/50x.html;
    location ^~ /site-error-page/ {
        alias "$site_root/error-pages/";
        internal;
    }

    # Domain-specific error pages
    error_page 403 /domain-error-page/403.html;
    error_page 404 /domain-error-page/404.html;
    error_page 503 /domain-error-page/503.html;
    error_page 500 502 504 /domain-error-page/50x.html;
    location ^~ /domain-error-page/ {
        alias "/var/www/$DOMAIN/error-pages/";
        internal;
    }

    # Default error page config
    include snippets/error-pages.conf;

    # Apply general rate limit
    limit_req zone=general burst=100 nodelay;

    # Content Security Policy (needs to be per-domain)
    add_header Content-Security-Policy "default-src 'self' *.$DOMAIN; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.$DOMAIN; style-src 'self' 'unsafe-inline' *.$DOMAIN; img-src 'self' data: *.$DOMAIN; font-src 'self' data: *.$DOMAIN; connect-src 'self' *.$DOMAIN; frame-src 'self' *.$DOMAIN; media-src 'self' *.$DOMAIN; object-src 'none'; base-uri 'self'; form-action 'self' *.$DOMAIN" always;

    # Subdomain handling
    set $subdomain '';
    set $site_root "/var/www/$DOMAIN/_main";
    if ($host ~* ^([^.]+)\.$DOMAIN$) {
        set $subdomain $1;
        set $site_root "/var/www/$DOMAIN/subdomains/$subdomain";
    }
    root "$site_root/www";

    # Basic settings
    index index.html index.htm index.php;
    client_max_body_size 20M;

    # Block .ht* files
    location ~ /\.ht {
        deny all;
    }

    # Main location block
    location / {
        try_files $uri $uri/ @router;
    }

    # Router handling
    location @router {
        if (!-f $document_root/router.php) {
            return 404;
        }
        limit_req zone=php burst=20 nodelay;
        fastcgi_pass unix:/var/run/php/php-fpm.sock;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root/router.php;
    }

    # Basic PHP configuration
    location ~ \.php$ {
        limit_req zone=php burst=20 nodelay;
        try_files $uri =404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/var/run/php/php-fpm.sock;
        fastcgi_index index.php;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    }

    # Static file handling
    location ~* ^.+\.((?!php).)*$ {
        expires 30d;
        add_header Cache-Control "public, no-transform";
        try_files $uri $uri/ =404;
    }

    # Logging
    access_log /var/log/nginx/access.log domain_combined;
    error_log /var/log/nginx/error.log;
    access_log "/var/www/$DOMAIN/logs/access.log" domain_combined;
    error_log "/var/www/$DOMAIN/logs/error.log";
}
vastly expanded nginx config 2024-10-23 02:17:00 +00:00			`# HTTP redirect`
broke install into many separate scripts 2024-10-20 23:57:00 +00:00			`server {`
			`listen 80;`
			`listen [::]:80;`
			`server_name .$DOMAIN;`
bug fixes 2024-10-22 02:29:12 +00:00			`return 301 https://$host$request_uri;`
broke install into many separate scripts 2024-10-20 23:57:00 +00:00			`}`

vastly expanded nginx config 2024-10-23 02:17:00 +00:00			`# HTTPS server`
broke install into many separate scripts 2024-10-20 23:57:00 +00:00			`server {`
			`listen 443 ssl http2;`
			`listen [::]:443 ssl http2;`
			`server_name .$DOMAIN;`

bug fixes 2024-10-23 02:32:46 +00:00			`# SSL configuration`
broke install into many separate scripts 2024-10-20 23:57:00 +00:00			`ssl_certificate /etc/letsencrypt/live/$DOMAIN/fullchain.pem;`
			`ssl_certificate_key /etc/letsencrypt/live/$DOMAIN/privkey.pem;`
bug fixes 2024-10-23 02:32:46 +00:00			`include snippets/ssl.conf;`
broke install into many separate scripts 2024-10-20 23:57:00 +00:00
bug fix 2024-10-24 02:48:15 +00:00			`# Check for banned IPs`
			`if ($is_banned) {`
			`rewrite ^ @banned last;`
			`}`

			`# Banned location handler`
			`location @banned {`
			`internal;`
			`add_header Content-Type text/plain;`
			`return 403 "403 Forbidden (IP temporarily banned)\n";`
			`}`

config fix 2024-10-24 03:19:55 +00:00			`# Site-specific error pages`
			`error_page 403 /site-error-page/403.html;`
			`error_page 404 /site-error-page/404.html;`
			`error_page 503 /site-error-page/503.html;`
			`error_page 500 502 504 /site-error-page/50x.html;`
			`location ^~ /site-error-page/ {`
			`alias "$site_root/error-pages/";`
			`internal;`
			`}`
config update 2024-10-24 03:14:06 +00:00
			`# Domain-specific error pages`
			`error_page 403 /domain-error-page/403.html;`
			`error_page 404 /domain-error-page/404.html;`
			`error_page 503 /domain-error-page/503.html;`
			`error_page 500 502 504 /domain-error-page/50x.html;`
			`location ^~ /domain-error-page/ {`
			`alias "/var/www/$DOMAIN/error-pages/";`
			`internal;`
			`}`

config fix 2024-10-24 03:19:55 +00:00			`# Default error page config`
			`include snippets/error-pages.conf;`
Refactor error page handling and configuration 2024-10-24 01:41:38 +00:00
updated some more error config stuff 2024-10-24 02:04:14 +00:00			`# Apply general rate limit`
			`limit_req zone=general burst=100 nodelay;`

vastly expanded nginx config 2024-10-23 02:17:00 +00:00			`# Content Security Policy (needs to be per-domain)`
config fix 2024-10-23 02:38:35 +00:00			`add_header Content-Security-Policy "default-src 'self' .$DOMAIN; script-src 'self' 'unsafe-inline' 'unsafe-eval' .$DOMAIN; style-src 'self' 'unsafe-inline' .$DOMAIN; img-src 'self' data: .$DOMAIN; font-src 'self' data: .$DOMAIN; connect-src 'self' .$DOMAIN; frame-src 'self' .$DOMAIN; media-src 'self' .$DOMAIN; object-src 'none'; base-uri 'self'; form-action 'self' *.$DOMAIN" always;`

vastly expanded nginx config 2024-10-23 02:17:00 +00:00			`# Subdomain handling`
bug fixes 2024-10-22 02:29:12 +00:00			`set $subdomain '';`
updated some more error config stuff 2024-10-24 02:04:14 +00:00			`set $site_root "/var/www/$DOMAIN/_main";`
bug fixes 2024-10-22 02:29:12 +00:00			`if ($host ~* ^([^.]+)\.$DOMAIN$) {`
			`set $subdomain $1;`
updated some more error config stuff 2024-10-24 02:04:14 +00:00			`set $site_root "/var/www/$DOMAIN/subdomains/$subdomain";`
			`}`
			`root "$site_root/www";`

vastly expanded nginx config 2024-10-23 02:17:00 +00:00			`# Basic settings`
broke install into many separate scripts 2024-10-20 23:57:00 +00:00			`index index.html index.htm index.php;`
vastly expanded nginx config 2024-10-23 02:17:00 +00:00			`client_max_body_size 20M;`

			`# Block .ht* files`
			`location ~ /\.ht {`
			`deny all;`
			`}`
broke install into many separate scripts 2024-10-20 23:57:00 +00:00
vastly expanded nginx config 2024-10-23 02:17:00 +00:00			`# Main location block`
broke install into many separate scripts 2024-10-20 23:57:00 +00:00			`location / {`
bug fixes 2024-10-22 02:29:12 +00:00			`try_files $uri $uri/ @router;`
broke install into many separate scripts 2024-10-20 23:57:00 +00:00			`}`

vastly expanded nginx config 2024-10-23 02:17:00 +00:00			`# Router handling`
broke install into many separate scripts 2024-10-20 23:57:00 +00:00			`location @router {`
bug fixes 2024-10-22 02:29:12 +00:00			`if (!-f $document_root/router.php) {`
broke install into many separate scripts 2024-10-20 23:57:00 +00:00			`return 404;`
			`}`
vastly expanded nginx config 2024-10-23 02:17:00 +00:00			`limit_req zone=php burst=20 nodelay;`
broke install into many separate scripts 2024-10-20 23:57:00 +00:00			`fastcgi_pass unix:/var/run/php/php-fpm.sock;`
			`include fastcgi_params;`
bug fixes 2024-10-22 02:29:12 +00:00			`fastcgi_param SCRIPT_FILENAME $document_root/router.php;`
broke install into many separate scripts 2024-10-20 23:57:00 +00:00			`}`

bug fixes 2024-10-23 02:32:46 +00:00			`# Basic PHP configuration`
			`location ~ \.php$ {`
			`limit_req zone=php burst=20 nodelay;`
			`try_files $uri =404;`
			`fastcgi_split_path_info ^(.+\.php)(/.+)$;`
			`fastcgi_pass unix:/var/run/php/php-fpm.sock;`
			`fastcgi_index index.php;`
			`include fastcgi_params;`
			`fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;`
			`}`

vastly expanded nginx config 2024-10-23 02:17:00 +00:00			`# Static file handling`
			`location ~* ^.+\.((?!php).)*$ {`
			`expires 30d;`
			`add_header Cache-Control "public, no-transform";`
			`try_files $uri $uri/ =404;`
broke install into many separate scripts 2024-10-20 23:57:00 +00:00			`}`

vastly expanded nginx config 2024-10-23 02:17:00 +00:00			`# Logging`
logging fixes 2024-10-23 03:01:04 +00:00			`access_log /var/log/nginx/access.log domain_combined;`
broke install into many separate scripts 2024-10-20 23:57:00 +00:00			`error_log /var/log/nginx/error.log;`
logging fixes 2024-10-23 03:01:04 +00:00			`access_log "/var/www/$DOMAIN/logs/access.log" domain_combined;`
			`error_log "/var/www/$DOMAIN/logs/error.log";`
vastly expanded nginx config 2024-10-23 02:17:00 +00:00			`}`