Ümit Tunç
15abebe9ed
- Changed file permissions for default.conf to improve security. - Added security headers (X-Frame-Options, X-XSS-Protection, X-Content-Type-Options) to enhance protection against common vulnerabilities. - Included additional parameters for PHP processing to support HTTPS and improve handling of requests. - Implemented restrictions to deny access to hidden files and log files, further securing the application. These changes collectively strengthen the security posture and performance of the Nginx configuration for the Truncgil Finance application.
48 lines
1.2 KiB
Plaintext
Executable File
48 lines
1.2 KiB
Plaintext
Executable File
server {
|
||
listen 80; # 88 yerine 80 kullanın
|
||
server_name localhost;
|
||
root /var/www/public;
|
||
index index.php index.html;
|
||
|
||
# HTTPS için proxy headers
|
||
proxy_set_header X-Forwarded-Proto $scheme;
|
||
proxy_set_header X-Forwarded-Port $server_port;
|
||
|
||
# Güvenlik başlıkları
|
||
add_header X-Frame-Options "SAMEORIGIN" always;
|
||
add_header X-XSS-Protection "1; mode=block" always;
|
||
add_header X-Content-Type-Options "nosniff" always;
|
||
|
||
# Ana location
|
||
location / {
|
||
try_files $uri $uri/ /index.php?$query_string;
|
||
}
|
||
|
||
# PHP dosyaları için
|
||
location ~ \.php$ {
|
||
fastcgi_pass app:9000;
|
||
fastcgi_index index.php;
|
||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||
include fastcgi_params;
|
||
|
||
# HTTPS için ek parametreler
|
||
fastcgi_param HTTPS on;
|
||
fastcgi_param HTTP_X_FORWARDED_PROTO https;
|
||
|
||
# Timeout ayarları
|
||
fastcgi_read_timeout 300;
|
||
fastcgi_connect_timeout 300;
|
||
fastcgi_send_timeout 300;
|
||
}
|
||
|
||
# Gizli dosyaları engelle
|
||
location ~ /\.ht {
|
||
deny all;
|
||
}
|
||
|
||
# Log dosyalarını engelle
|
||
location ~ /\.log {
|
||
deny all;
|
||
}
|
||
}
|