########################################################################## # Nginx Configuration for Omnia (Production) # Location: /etc/nginx/sites-available/omnia # Enable: sudo ln -s /etc/nginx/sites-available/omnia /etc/nginx/sites-enabled/ # Test: sudo nginx -t # Reload: sudo systemctl reload nginx ########################################################################## server { listen 80; listen [::]:80; server_name yourdomain.com www.yourdomain.com; # Redirect HTTP to HTTPS return 301 https://$server_name$request_uri; } server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name yourdomain.com www.yourdomain.com; # Document root points to Laravel's public directory root /var/www/omnia/public; index index.php index.html; # SSL Certificate (update with your cert paths) ssl_certificate /etc/ssl/certs/your-cert.crt; ssl_certificate_key /etc/ssl/private/your-key.key; # SSL Configuration (Mozilla Intermediate) ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384; ssl_prefer_server_ciphers off; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; # Security Headers add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Content-Type-Options "nosniff" always; add_header X-XSS-Protection "1; mode=block" always; add_header Referrer-Policy "strict-origin-when-cross-origin" always; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; # Charset charset utf-8; # Logging access_log /var/log/nginx/omnia-access.log; error_log /var/log/nginx/omnia-error.log; # Max upload size (adjust based on your needs) client_max_body_size 50M; # Index files location / { try_files $uri $uri/ /index.php?$query_string; } # PHP-FPM configuration location ~ \.php$ { try_files $uri =404; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass unix:/var/run/php/php8.3-fpm.sock; # Adjust PHP version as needed fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; # Increase timeout for long-running requests fastcgi_read_timeout 300; fastcgi_send_timeout 300; fastcgi_connect_timeout 300; } # Cache static assets (images, CSS, JS, fonts) location ~* \.(jpg|jpeg|png|gif|svg|ico|css|js|woff|woff2|ttf|eot|webp)$ { expires 1y; add_header Cache-Control "public, immutable"; access_log off; } # Public images directory (your uploaded files) location /images { alias /var/www/omnia/public/images; expires 1y; add_header Cache-Control "public, max-age=31536000"; access_log off; } # Storage directory (if using storage link) location /storage { alias /var/www/omnia/storage/app/public; expires 1y; add_header Cache-Control "public, max-age=31536000"; access_log off; } # Deny access to hidden files location ~ /\. { deny all; access_log off; log_not_found off; } # Deny access to sensitive files location ~ /\.(?:env|git|gitignore|htaccess) { deny all; } # Deny access to vendor and other sensitive directories location ~ ^/(vendor|storage|bootstrap|database|tests|node_modules) { deny all; } # Service Worker (no cache) location = /service-worker.js { add_header Cache-Control "no-cache, no-store, must-revalidate"; add_header Pragma "no-cache"; add_header Expires "0"; } # Web App Manifest location = /manifest.json { add_header Cache-Control "no-cache, no-store, must-revalidate"; } # Robots.txt location = /robots.txt { access_log off; log_not_found off; } # Favicon location = /favicon.ico { access_log off; log_not_found off; } # Gzip Compression gzip on; gzip_vary on; gzip_min_length 1024; gzip_proxied any; gzip_comp_level 6; gzip_types text/plain text/css text/xml text/javascript application/json application/javascript application/xml+rss application/rss+xml font/truetype font/opentype application/vnd.ms-fontobject image/svg+xml; }