## ## Accounting ERP - Nginx Configuration ## Place in /etc/nginx/sites-available/accounting-erp ## Then: ln -s /etc/nginx/sites-available/accounting-erp /etc/nginx/sites-enabled/ ## server { listen 80; server_name erp.local; # ← Change to your domain root /var/www/accounting-erp/public; # ← Path to the public/ folder index index.php; charset utf-8; client_max_body_size 20M; # ── Clean URLs ────────────────────────────────────────── location / { try_files $uri $uri/ /index.php?$query_string; } # ── PHP-FPM ───────────────────────────────────────────── location ~ \.php$ { try_files $uri =404; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass unix:/var/run/php/php8.1-fpm.sock; # ← Adjust PHP version fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; include fastcgi_params; fastcgi_read_timeout 120; fastcgi_buffer_size 128k; fastcgi_buffers 256 16k; } # ── Static Assets ──────────────────────────────────────── location ~* \.(css|js|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ { expires 30d; add_header Cache-Control "public, immutable"; access_log off; } # ── Security ───────────────────────────────────────────── # Block access to sensitive files location ~ \.(sql|log|sh|env|bak|md)$ { deny all; return 404; } # Block access to app/ config/ database/ directories location ~ ^/(app|config|database)/ { deny all; return 404; } # Security headers add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Content-Type-Options "nosniff" always; add_header X-XSS-Protection "1; mode=block" always; add_header Referrer-Policy "strict-origin-when-cross-origin" always; # ── Logs ───────────────────────────────────────────────── access_log /var/log/nginx/erp_access.log; error_log /var/log/nginx/erp_error.log; }