5 # FIXME: change domain name here (and also make sure you do the same in the next 'server' section)
6 server_name social.example.org;
8 # redirect all traffic to HTTPS
9 rewrite ^ https://$host$request_uri? permanent;
13 # HTTPS is mandatory on GNU social unless you are using Tor network. Seriously. Set it up with a cert (any cert) before you run the install.
14 listen [::]:443 ssl http2;
18 # Change the path below to where you installed
20 root /path/to/gnusocial/root;
23 # Change "social.example.org" to your site's domain name
24 # GNU social MUST be installed in the domain root
25 server_name social.example.org;
28 # Uncomment and change the paths to setup
29 # your SSL key/cert. See https://cipherli.st/
30 # for more information
31 ssl_certificate ssl/certs/social.example.org.crt;
32 ssl_certificate_key ssl/private/social.example.org.key;
35 # Uncomment and change the paths to setup
37 #access_log /path/to/access.log;
38 #error_log /path/to/error.log;
45 include fastcgi_params;
46 include snippets/fastcgi-php.conf;
48 fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
49 fastcgi_param SCRIPT_FILENAME $request_filename;
51 # Further optional configuration
52 #fastcgi_buffer_size 128K;
53 #fastcgi_buffers 4 256K;
54 #fastcgi_busy_buffers_size 256K;
55 #fastcgi_read_timeout 600s;
56 #fastcgi_send_timeout 300s;
57 #fastcgi_connect_timeout 75s;
58 #http2_push_preload on;
63 try_files $uri $uri/ @index_handler;
67 error_page 404 @index_handler;
68 location @index_handler {
69 rewrite ^(.*)$ /index.php?p=$1 last;
72 # Restrict access that is unnecessary anyway
73 location ~ /\.(ht|git) {
78 # Hardening (optional)
80 # add_header Strict-Transport-Security "max-age=15768000; preload;";
81 # add_header X-Content-Type-Options nosniff;
82 # add_header Referrer-Policy strict-origin-when-cross-origin;
83 # add_header Content-Security-Policy "default-src 'self' 'unsafe-inline'; frame-ancestors 'self'; form-action 'self'; style-src 'self' 'unsafe-inline'; img-src * blob: data:;";
84 # add_header X-Permitted-Cross-Domain-Policies none;
85 # add_header X-Robots-Tag all; # Not really hardening, just here for strictness purposes
87 # client_max_body_size 15M;
88 # client_body_buffer_size 128k;
91 # location ~* \.(?:css|js|woff|svg|gif|png|webp|ttf|ico|jpe?g)$ {
94 # add_header Cache-Control "public";