Files
nginx-configs/nginx/nginx/sites-available/vitalia.conf
T
hikari fc252e28e2
Test nginx configuration / Static Analysis (push) Failing after 4s
Test nginx configuration / nginx Syntax Check (push) Successful in 20s
Security Scan and Upload / Security & DefectDojo Upload (push) Successful in 1m8s
feat: block dotfile requests across all sites
Adds a deny-dotfiles snippet that returns 403 for any URI matching /\.
(e.g. .gitconfig, .env, .git/) and includes it in every server block.
2026-03-18 11:31:02 -07:00

34 lines
929 B
Plaintext

# Vitalia app: Angular front-end SPA and API backend.
server {
listen 443 ssl;
server_name vitalia-api.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/vitalia.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/vitalia.nhcarrigan.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:12345;
proxy_redirect off;
}
include /etc/nginx/snippets/deny-dotfiles.conf;
}
server {
listen 443 ssl;
server_name vitalia.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/vitalia.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/vitalia.nhcarrigan.com/privkey.pem;
root /home/naomi/vitalia/client/dist/client/browser;
location / {
index index.html;
try_files $uri $uri/ /index.html;
}
location ~* \.(js|css)$ {
try_files $uri $uri/ @rewrite;
}
include /etc/nginx/snippets/deny-dotfiles.conf;
}