From 15abebe9ed42dfb5c4c583c2f00d0efb500be602 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=9Cmit=20Tun=C3=A7?= <umitreva@gmail.com>
Date: Mon, 15 Sep 2025 11:06:34 -0300
Subject: [PATCH] Update Nginx configuration for enhanced security and
 performance

- Changed file permissions for default.conf to improve security.
- Added security headers (X-Frame-Options, X-XSS-Protection, X-Content-Type-Options) to enhance protection against common vulnerabilities.
- Included additional parameters for PHP processing to support HTTPS and improve handling of requests.
- Implemented restrictions to deny access to hidden files and log files, further securing the application.

These changes collectively strengthen the security posture and performance of the Nginx configuration for the Truncgil Finance application.
---
 nginx/default.conf | 33 ++++++++++++++++++++++++---------
 1 file changed, 24 insertions(+), 9 deletions(-)
 mode change 100644 => 100755 nginx/default.conf

diff --git a/nginx/default.conf b/nginx/default.conf
old mode 100644
new mode 100755
index eeda4e6..4e47f74
--- a/nginx/default.conf
+++ b/nginx/default.conf
@@ -1,32 +1,47 @@
 server {
-    listen 80;
- 
-    add_header Content-Security-Policy "upgrade-insecure-requests"; 
-    index index.php index.html;
+    listen 80;  # 88 yerine 80 kullanın
     server_name localhost;
     root /var/www/public;
+    index index.php index.html;
 
+    # HTTPS için proxy headers
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_set_header X-Forwarded-Port $server_port;
+
+    # Güvenlik başlıkları
+    add_header X-Frame-Options "SAMEORIGIN" always;
+    add_header X-XSS-Protection "1; mode=block" always;
+    add_header X-Content-Type-Options "nosniff" always;
+
+    # Ana location
     location / {
         try_files $uri $uri/ /index.php?$query_string;
     }
 
+    # PHP dosyaları için
     location ~ \.php$ {
-        proxy_set_header X-Forwarded-Proto $scheme;
-        include fastcgi_params;
         fastcgi_pass app:9000;
         fastcgi_index index.php;
         fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        include fastcgi_params;
+        
+        # HTTPS için ek parametreler
+        fastcgi_param HTTPS on;
+        fastcgi_param HTTP_X_FORWARDED_PROTO https;
         
         # Timeout ayarları
         fastcgi_read_timeout 300;
         fastcgi_connect_timeout 300;
         fastcgi_send_timeout 300;
-        proxy_read_timeout 300;
-        proxy_connect_timeout 300;
-        proxy_send_timeout 300;
     }
 
+    # Gizli dosyaları engelle
     location ~ /\.ht {
         deny all;
     }
+
+    # Log dosyalarını engelle
+    location ~ /\.log {
+        deny all;
+    }
 }