truncgit/finance
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update Nginx configuration for enhanced security and performance

Browse Source 
- Changed file permissions for default.conf to improve security.
- Added security headers (X-Frame-Options, X-XSS-Protection, X-Content-Type-Options) to enhance protection against common vulnerabilities.
- Included additional parameters for PHP processing to support HTTPS and improve handling of requests.
- Implemented restrictions to deny access to hidden files and log files, further securing the application.

These changes collectively strengthen the security posture and performance of the Nginx configuration for the Truncgil Finance application.
This commit is contained in:
Ümit Tunç
2025-09-15 11:06:34 -03:00
parent beaac25180
commit 15abebe9ed
1 changed files with 24 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files
nginx/default.conf
Regular → Executable
+24 -9
View File
@@ -1,32 +1,47 @@
server {
listen 80;
add_header Content-Security-Policy "upgrade-insecure-requests";
index index.php index.html;
listen 80; # 88 yerine 80 kullanın
server_name localhost;
root /var/www/public;
index index.php index.html;
# HTTPS için proxy headers
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
# Güvenlik başlıkları
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
# Ana location
location / {
try_files $uri $uri/ /index.php?$query_string;
}
# PHP dosyaları için
location ~ \.php$ {
proxy_set_header X-Forwarded-Proto $scheme;
include fastcgi_params;
fastcgi_pass app:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
# HTTPS için ek parametreler
fastcgi_param HTTPS on;
fastcgi_param HTTP_X_FORWARDED_PROTO https;
# Timeout ayarları
fastcgi_read_timeout 300;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_send_timeout 300;
}
# Gizli dosyaları engelle
location ~ /\.ht {
deny all;
}
# Log dosyalarını engelle
location ~ /\.log {
deny all;
}
}