Laravel Nginx config
# Read
# http://wiki.nginx.org/Pitfalls
# http://wiki.nginx.org/QuickStart#
# http://tautt.com/best-nginx-configuration-for-security/
#
# Generate your key with: openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048
# Generate certificate: sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt
server_tokens off;
server {
listen [::]:80 default_server;
listen 80;
root /usr/share/nginx/html/;
index index.php;
# http://www.gnuterrypratchett.com/#nginx
add_header X-Clacks-Overhead "GNU Terry Pratchett";
# mitigate clickjacking
add_header X-Frame-Options SAMEORIGIN;
location / {
# include /etc/nginx/naxsi.rules;
try_files $uri $uri/ /index.php?q=$uri&$args;
}
# Do not log favicon.ico requests
location = /favicon.ico {
log_not_found off;
access_log off;
}
# Do not log robots.txt requests
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|txt|woff)$ {
expires max;
log_not_found off;
}
# Redirect 403 errors to 404 error to fool attackers
error_page 403 = 404;
# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
location ~ /\. {
deny all;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
include fastcgi_params;
fastcgi_keep_conn on;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SERVER_NAME $host;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_read_timeout 600;
fastcgi_param PHP_VALUE "memory_limit = 4096M";
# fastcgi_pass 127.0.0.1:9001; #for hiphop
}
}