# Generic startup file. user www-data; #usually equal to number of CPUs you have. run command "grep processor /proc/cpuinfo | wc -l" to find it worker_processes auto; worker_cpu_affinity auto; error_log /var/log/nginx/error.log; pid /var/run/nginx.pid; # Keeps the logs free of messages about not being able to bind(). #daemon off; events { worker_connections 1024; } http { # rewrite_log on; include mime.types; default_type application/octet-stream; access_log /var/log/nginx/access.log; sendfile on; # tcp_nopush on; keepalive_timeout 64; # tcp_nodelay on; # gzip on; #php max upload limit cannot be larger than this client_max_body_size 13m; index index.php index.html index.htm; # Upstream to abstract backend connection(s) for PHP. upstream php { #this should match value of "listen" directive in php-fpm pool server unix:/tmp/php-fpm.sock; server localhost:9000; } server { listen 80 default_server; server_name _; root /var/www/html; add_header X-Frame-Options "SAMEORIGIN"; add_header X-XSS-Protection "1; mode=block"; add_header X-Content-Type-Options "nosniff"; index index.html index.htm index.php; charset utf-8; location / { try_files $uri $uri/ /index.php?$query_string; } # Prevent Direct Access To Protected Files location ~ \.(env|log) { deny all; } # Prevent Direct Access To Protected Folders location ~ ^/(^app$|bootstrap|config|database|overrides|resources|routes|storage|tests|artisan) { deny all; } # Prevent Direct Access To modules/vendor Folders Except Assets location ~ ^/(modules|vendor)\/(.*)\.((?!ico|gif|jpg|jpeg|png|js\b|css|less|sass|font|woff|woff2|eot|ttf|svg).)*$ { deny all; } error_page 404 /index.php; # Pass PHP Scripts To FastCGI Server location ~ \.php$ { fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass php; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } location ~ /\.(?!well-known).* { deny all; } } }