webserver-config/site-config.conf

# HTTP redirect
server {
    listen 80;
    listen [::]:80;
    server_name .$DOMAIN;
    return 301 https://$host$request_uri;
}

# HTTPS server
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name .$DOMAIN;

    # SSL configuration
    ssl_certificate /etc/letsencrypt/live/$DOMAIN/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/$DOMAIN/privkey.pem;
    include snippets/ssl.conf;

    # Apply general rate limit
    limit_req zone=general burst=100 nodelay;

    # Content Security Policy (needs to be per-domain)
    add_header Content-Security-Policy "default-src 'self' *.$DOMAIN; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.$DOMAIN; style-src 'self' 'unsafe-inline' *.$DOMAIN; img-src 'self' data: *.$DOMAIN; font-src 'self' data: *.$DOMAIN; connect-src 'self' *.$DOMAIN; frame-src 'self' *.$DOMAIN; media-src 'self' *.$DOMAIN; object-src 'none'; base-uri 'self'; form-action 'self' *.$DOMAIN" always;


    # Subdomain handling
    set $subdomain '';
    set $full_root "/var/www/$DOMAIN/_main/www";
    set $access_log_path "/var/www/$DOMAIN/logs/main.access.log";
    set $error_log_path "/var/www/$DOMAIN/logs/main.error.log";
    if ($host ~* ^([^.]+)\.$DOMAIN$) {
        set $subdomain $1;
        set $full_root "/var/www/$DOMAIN/subdomains/$subdomain/www";
        set $access_log_path "/var/www/$DOMAIN/logs/$subdomain.access.log";
        set $error_log_path "/var/www/$DOMAIN/logs/$subdomain.error.log";
    }
    root $full_root;

    # Basic settings
    index index.html index.htm index.php;
    client_max_body_size 20M;

    # Block .ht* files
    location ~ /\.ht {
        deny all;
    }

    # Main location block
    location / {
        try_files $uri $uri/ @router;
    }

    # Router handling
    location @router {
        if (!-f $document_root/router.php) {
            return 404;
        }
        limit_req zone=php burst=20 nodelay;
        fastcgi_pass unix:/var/run/php/php-fpm.sock;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root/router.php;
    }

    # Basic PHP configuration
    location ~ \.php$ {
        limit_req zone=php burst=20 nodelay;
        try_files $uri =404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/var/run/php/php-fpm.sock;
        fastcgi_index index.php;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    }

    # Static file handling
    location ~* ^.+\.((?!php).)*$ {
        expires 30d;
        add_header Cache-Control "public, no-transform";
        try_files $uri $uri/ =404;
    }

    # Logging
    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;
    access_log $access_log_path;
    error_log $error_log_path;
}
vastly expanded nginx config 2024-10-23 02:17:00 +00:00			`# HTTP redirect`
broke install into many separate scripts 2024-10-20 23:57:00 +00:00			`server {`
			`listen 80;`
			`listen [::]:80;`
			`server_name .$DOMAIN;`
bug fixes 2024-10-22 02:29:12 +00:00			`return 301 https://$host$request_uri;`
broke install into many separate scripts 2024-10-20 23:57:00 +00:00			`}`

vastly expanded nginx config 2024-10-23 02:17:00 +00:00			`# HTTPS server`
broke install into many separate scripts 2024-10-20 23:57:00 +00:00			`server {`
			`listen 443 ssl http2;`
			`listen [::]:443 ssl http2;`
			`server_name .$DOMAIN;`

bug fixes 2024-10-23 02:32:46 +00:00			`# SSL configuration`
broke install into many separate scripts 2024-10-20 23:57:00 +00:00			`ssl_certificate /etc/letsencrypt/live/$DOMAIN/fullchain.pem;`
			`ssl_certificate_key /etc/letsencrypt/live/$DOMAIN/privkey.pem;`
bug fixes 2024-10-23 02:32:46 +00:00			`include snippets/ssl.conf;`
broke install into many separate scripts 2024-10-20 23:57:00 +00:00
vastly expanded nginx config 2024-10-23 02:17:00 +00:00			`# Apply general rate limit`
			`limit_req zone=general burst=100 nodelay;`

			`# Content Security Policy (needs to be per-domain)`
config fix 2024-10-23 02:38:35 +00:00			`add_header Content-Security-Policy "default-src 'self' .$DOMAIN; script-src 'self' 'unsafe-inline' 'unsafe-eval' .$DOMAIN; style-src 'self' 'unsafe-inline' .$DOMAIN; img-src 'self' data: .$DOMAIN; font-src 'self' data: .$DOMAIN; connect-src 'self' .$DOMAIN; frame-src 'self' .$DOMAIN; media-src 'self' .$DOMAIN; object-src 'none'; base-uri 'self'; form-action 'self' *.$DOMAIN" always;`

vastly expanded nginx config 2024-10-23 02:17:00 +00:00
			`# Subdomain handling`
bug fixes 2024-10-22 02:29:12 +00:00			`set $subdomain '';`
vastly expanded nginx config 2024-10-23 02:17:00 +00:00			`set $full_root "/var/www/$DOMAIN/_main/www";`
			`set $access_log_path "/var/www/$DOMAIN/logs/main.access.log";`
			`set $error_log_path "/var/www/$DOMAIN/logs/main.error.log";`
bug fixes 2024-10-22 02:29:12 +00:00			`if ($host ~* ^([^.]+)\.$DOMAIN$) {`
			`set $subdomain $1;`
vastly expanded nginx config 2024-10-23 02:17:00 +00:00			`set $full_root "/var/www/$DOMAIN/subdomains/$subdomain/www";`
			`set $access_log_path "/var/www/$DOMAIN/logs/$subdomain.access.log";`
			`set $error_log_path "/var/www/$DOMAIN/logs/$subdomain.error.log";`
broke install into many separate scripts 2024-10-20 23:57:00 +00:00			`}`
bug fixes 2024-10-22 02:29:12 +00:00			`root $full_root;`
broke install into many separate scripts 2024-10-20 23:57:00 +00:00
vastly expanded nginx config 2024-10-23 02:17:00 +00:00			`# Basic settings`
broke install into many separate scripts 2024-10-20 23:57:00 +00:00			`index index.html index.htm index.php;`
vastly expanded nginx config 2024-10-23 02:17:00 +00:00			`client_max_body_size 20M;`

			`# Block .ht* files`
			`location ~ /\.ht {`
			`deny all;`
			`}`
broke install into many separate scripts 2024-10-20 23:57:00 +00:00
vastly expanded nginx config 2024-10-23 02:17:00 +00:00			`# Main location block`
broke install into many separate scripts 2024-10-20 23:57:00 +00:00			`location / {`
bug fixes 2024-10-22 02:29:12 +00:00			`try_files $uri $uri/ @router;`
broke install into many separate scripts 2024-10-20 23:57:00 +00:00			`}`

vastly expanded nginx config 2024-10-23 02:17:00 +00:00			`# Router handling`
broke install into many separate scripts 2024-10-20 23:57:00 +00:00			`location @router {`
bug fixes 2024-10-22 02:29:12 +00:00			`if (!-f $document_root/router.php) {`
broke install into many separate scripts 2024-10-20 23:57:00 +00:00			`return 404;`
			`}`
vastly expanded nginx config 2024-10-23 02:17:00 +00:00			`limit_req zone=php burst=20 nodelay;`
broke install into many separate scripts 2024-10-20 23:57:00 +00:00			`fastcgi_pass unix:/var/run/php/php-fpm.sock;`
			`include fastcgi_params;`
bug fixes 2024-10-22 02:29:12 +00:00			`fastcgi_param SCRIPT_FILENAME $document_root/router.php;`
broke install into many separate scripts 2024-10-20 23:57:00 +00:00			`}`

bug fixes 2024-10-23 02:32:46 +00:00			`# Basic PHP configuration`
			`location ~ \.php$ {`
			`limit_req zone=php burst=20 nodelay;`
			`try_files $uri =404;`
			`fastcgi_split_path_info ^(.+\.php)(/.+)$;`
			`fastcgi_pass unix:/var/run/php/php-fpm.sock;`
			`fastcgi_index index.php;`
			`include fastcgi_params;`
			`fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;`
			`}`

vastly expanded nginx config 2024-10-23 02:17:00 +00:00			`# Static file handling`
			`location ~* ^.+\.((?!php).)*$ {`
			`expires 30d;`
			`add_header Cache-Control "public, no-transform";`
			`try_files $uri $uri/ =404;`
broke install into many separate scripts 2024-10-20 23:57:00 +00:00			`}`

vastly expanded nginx config 2024-10-23 02:17:00 +00:00			`# Logging`
broke install into many separate scripts 2024-10-20 23:57:00 +00:00			`access_log /var/log/nginx/access.log;`
			`error_log /var/log/nginx/error.log;`
nginx config fix 2024-10-22 02:42:41 +00:00			`access_log $access_log_path;`
			`error_log $error_log_path;`
vastly expanded nginx config 2024-10-23 02:17:00 +00:00			`}`