user www-data; worker_processes auto; error_log /dev/stderr warn; pid /run/nginx.pid; events { worker_connections 1024; } http { include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent"'; access_log /dev/stdout main; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; gzip on; gzip_types text/html text/css application/javascript image/svg+xml; gzip_min_length 1024; map $request_method $contact_rl_key { POST $binary_remote_addr; default ""; } limit_req_zone $contact_rl_key zone=contact_limit:10m rate=5r/m; server { listen 80 default_server; server_name _; root /var/www/html; index index.php; server_tokens off; client_max_body_size 16k; location = /robots.txt { access_log off; try_files $uri =404; } location = /sitemap.xml { access_log off; try_files $uri =404; } location = /404.html { internal; } location = /500.html { internal; } location ~ /\. { deny all; return 404; } location ~* \.(env|conf|yml|yaml|py|pyc|sh|sql|log|bak|swp|sqlite)$ { deny all; return 404; } location ~* \.(css|js|webp|jpg|jpeg|png|svg|ico|woff2?|mp4|webm)$ { expires 30d; add_header Cache-Control "public, immutable"; access_log off; try_files $uri =404; } location = /promo/ { include fastcgi_params; fastcgi_param SCRIPT_FILENAME /var/www/html/src/api/promo.php; fastcgi_param QUERY_STRING ""; fastcgi_pass 127.0.0.1:9000; } location = /altcha-challenge/ { include fastcgi_params; fastcgi_param SCRIPT_FILENAME /var/www/html/src/api/altcha-challenge.php; fastcgi_param QUERY_STRING ""; fastcgi_pass 127.0.0.1:9000; } location = /contact/ { limit_req zone=contact_limit burst=3 nodelay; limit_req_status 429; include fastcgi_params; fastcgi_param SCRIPT_FILENAME /var/www/html/src/api/router.php; fastcgi_param QUERY_STRING type=page&slug=contact; fastcgi_pass 127.0.0.1:9000; } set $router /var/www/html/src/api/router.php; location = / { include fastcgi_params; fastcgi_param SCRIPT_FILENAME $router; fastcgi_param QUERY_STRING type=page&slug=home; fastcgi_pass 127.0.0.1:9000; } location ~ ^/(about|reviews|blog|services|locations)/$ { include fastcgi_params; fastcgi_param SCRIPT_FILENAME $router; fastcgi_param QUERY_STRING type=page&slug=$1; fastcgi_pass 127.0.0.1:9000; } location ~ ^/services/([a-z0-9-]+)/$ { include fastcgi_params; fastcgi_param SCRIPT_FILENAME $router; fastcgi_param QUERY_STRING type=service&slug=$1; fastcgi_pass 127.0.0.1:9000; } location ~ ^/locations/([a-z0-9-]+)/$ { include fastcgi_params; fastcgi_param SCRIPT_FILENAME $router; fastcgi_param QUERY_STRING type=location&slug=$1; fastcgi_pass 127.0.0.1:9000; } location ~ ^/blog/([a-z0-9-]+)/$ { include fastcgi_params; fastcgi_param SCRIPT_FILENAME $router; fastcgi_param QUERY_STRING type=blog&slug=$1; fastcgi_pass 127.0.0.1:9000; } add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Content-Type-Options "nosniff" always; add_header Referrer-Policy "strict-origin-when-cross-origin" always; add_header X-XSS-Protection "1; mode=block" always; add_header Permissions-Policy "geolocation=(), microphone=(), camera=()" always; error_page 404 /404.html; error_page 500 502 503 504 /500.html; } }