Files
nginx-configs/nginx/nginx/sites-available/catch-all.conf
T
hikari fc252e28e2
Test nginx configuration / Static Analysis (push) Failing after 4s
Test nginx configuration / nginx Syntax Check (push) Successful in 20s
Security Scan and Upload / Security & DefectDojo Upload (push) Successful in 1m8s
feat: block dotfile requests across all sites
Adds a deny-dotfiles snippet that returns 403 for any URI matching /\.
(e.g. .gitconfig, .env, .git/) and includes it in every server block.
2026-03-18 11:31:02 -07:00

24 lines
489 B
Plaintext

# Catch-all for unmatched subdomains - serves a 404 page.
server {
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
ssl_certificate /etc/letsencrypt/live/nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/nhcarrigan.com/privkey.pem;
server_name _;
root /home/naomi/404;
error_page 404 /index.html;
location / {
return 404;
}
location = /index.html {
internal;
}
include /etc/nginx/snippets/deny-dotfiles.conf;
}