## # You should look at the following URL's in order to grasp a solid understanding # of Nginx configuration files in order to fully unleash the power of Nginx. # https://www.nginx.com/resources/wiki/start/ # https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/ # https://wiki.debian.org/Nginx/DirectoryStructure # # In most cases, administrators will remove this file from sites-enabled/ and # leave it as reference inside of sites-available where it will continue to be # updated by the nginx packaging team. # # This file will automatically load configuration files provided by other # applications, such as Drupal or Wordpress. These applications will be made # available underneath a path with that package name, such as /drupal8. # # Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. ## # Default server configuration # # `fancyindex` is from `nginx-extras`. server { listen 80 default_server; listen [::]:80 default_server; # SSL configuration # # Partially generated by https://ssl-config.mozilla.org/. listen 443 ssl default_server; listen [::]:443 ssl default_server; # # Note: You should disable gzip for SSL traffic. # See: https://bugs.debian.org/773332 # # Read up on ssl_ciphers to ensure a secure configuration. # See: https://bugs.debian.org/765782 # # Self signed certs generated by the ssl-cert package # Don't use them in a production server! # # include snippets/snakeoil.conf; # managed by Certbot. ssl_certificate /etc/letsencrypt/live/shione.net/fullchain.pem; # managed by Certbot. ssl_certificate_key /etc/letsencrypt/live/shione.net/privkey.pem; include /etc/letsencrypt/options-ssl-nginx.conf; # OCSP stapling ssl_stapling on; ssl_stapling_verify on; # HSTS (ngx_http_headers_module is required) (63072000 seconds) # # See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security. add_header Strict-Transport-Security "max-age=63072000" always; # Prevent spam. add_header X-Robots-Tag "noai, noimageai" always; server_name shione.net www.shione.net; location ~* \.(htaccess|htpasswd) { deny all; } location / { root /var/www/html/shione.net; index index.html; auth_basic off; # First attempt to serve request as file, then # as directory, then fall back to displaying a 404. try_files $uri $uri/ =404; } location /share { root /var/www; # Enable fancy indexes. fancyindex on; # Output human-readable file sizes. fancyindex_exact_size off; } location ~ ^/share/(?[^/]+) { root /var/www; # Require authentication if available. set $auth_basic off; set $auth_basic_user_file ""; if (-f /var/www/share/$dir/.htpasswd) { set $auth_basic Required; set $auth_basic_user_file /var/www/share/$dir/.htpasswd; } auth_basic $auth_basic; auth_basic_user_file $auth_basic_user_file; # Enable fancy indexes. fancyindex on; # Output human-readable file sizes. fancyindex_exact_size off; } }