config/qbpos-help-ssl.conf

# Nginx Configuration for quickbooksposhelp.access.ly
# With SSL/HTTPS support

# Redirect HTTP to HTTPS
server {
    listen 80;
    listen [::]:80;
    
    server_name quickbookposhelp.access.ly;
    
    # Redirect all HTTP requests to HTTPS
    return 301 https://$server_name$request_uri;
}

# HTTPS Server
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    
    server_name quickbookposhelp.access.ly;
    
    # SSL Certificate paths (will be updated by certbot)
    ssl_certificate /etc/letsencrypt/live/quickbookposhelp.access.ly/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/quickbookposhelp.access.ly/privkey.pem;
    
    # SSL Configuration - Modern and Secure
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384';
    ssl_prefer_server_ciphers off;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
    ssl_stapling on;
    ssl_stapling_verify on;
    
    # Document root
    root /home/pts/Documents/QBPOS_Help_Web/QB_Help_Web;
    index POS_Help.html;
    
    # Access and error logs
    access_log /var/log/nginx/qbpos-access.log combined buffer=32k;
    error_log /var/log/nginx/qbpos-error.log warn;
    
    # Gzip compression
    gzip on;
    gzip_vary on;
    gzip_min_length 1024;
    gzip_types text/plain text/css text/xml text/javascript 
               application/x-javascript application/xml+rss 
               application/javascript application/json text/html;
    
    # Static asset caching (1 year for images, icons)
    location ~* \.(gif|jpg|jpeg|png|ico|css|js)$ {
        expires 1y;
        add_header Cache-Control "public, immutable";
        access_log off;
    }
    
    # HTML files cache for 1 hour
    location ~* \.(html|htm)$ {
        expires 1h;
        add_header Cache-Control "public, must-revalidate";
    }
    
    # Main location
    location / {
        try_files $uri $uri/ =404;
    }
    
    # Security headers
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header X-XSS-Protection "1; mode=block" always;
    add_header Referrer-Policy "no-referrer-when-downgrade" always;
    
    # Deny access to hidden files
    location ~ /\. {
        deny all;
        access_log off;
        log_not_found off;
    }
}
Initial commit - QBPOS Help 2026-01-27 18:07:54 -06:00			`# Nginx Configuration for quickbooksposhelp.access.ly`
			`# With SSL/HTTPS support`

			`# Redirect HTTP to HTTPS`
			`server {`
			`listen 80;`
			`listen [::]:80;`

			`server_name quickbookposhelp.access.ly;`

			`# Redirect all HTTP requests to HTTPS`
			`return 301 https://$server_name$request_uri;`
			`}`

			`# HTTPS Server`
			`server {`
			`listen 443 ssl http2;`
			`listen [::]:443 ssl http2;`

			`server_name quickbookposhelp.access.ly;`

			`# SSL Certificate paths (will be updated by certbot)`
			`ssl_certificate /etc/letsencrypt/live/quickbookposhelp.access.ly/fullchain.pem;`
			`ssl_certificate_key /etc/letsencrypt/live/quickbookposhelp.access.ly/privkey.pem;`

			`# SSL Configuration - Modern and Secure`
			`ssl_protocols TLSv1.2 TLSv1.3;`
			`ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384';`
			`ssl_prefer_server_ciphers off;`
			`ssl_session_cache shared:SSL:10m;`
			`ssl_session_timeout 10m;`
			`ssl_stapling on;`
			`ssl_stapling_verify on;`

			`# Document root`
			`root /home/pts/Documents/QBPOS_Help_Web/QB_Help_Web;`
			`index POS_Help.html;`

			`# Access and error logs`
			`access_log /var/log/nginx/qbpos-access.log combined buffer=32k;`
			`error_log /var/log/nginx/qbpos-error.log warn;`

			`# Gzip compression`
			`gzip on;`
			`gzip_vary on;`
			`gzip_min_length 1024;`
			`gzip_types text/plain text/css text/xml text/javascript`
			`application/x-javascript application/xml+rss`
			`application/javascript application/json text/html;`

			`# Static asset caching (1 year for images, icons)`
			`location ~* \.(gif\|jpg\|jpeg\|png\|ico\|css\|js)$ {`
			`expires 1y;`
			`add_header Cache-Control "public, immutable";`
			`access_log off;`
			`}`

			`# HTML files cache for 1 hour`
			`location ~* \.(html\|htm)$ {`
			`expires 1h;`
			`add_header Cache-Control "public, must-revalidate";`
			`}`

			`# Main location`
			`location / {`
			`try_files $uri $uri/ =404;`
			`}`

			`# Security headers`
			`add_header X-Frame-Options "SAMEORIGIN" always;`
			`add_header X-Content-Type-Options "nosniff" always;`
			`add_header X-XSS-Protection "1; mode=block" always;`
			`add_header Referrer-Policy "no-referrer-when-downgrade" always;`

			`# Deny access to hidden files`
			`location ~ /\. {`
			`deny all;`
			`access_log off;`
			`log_not_found off;`
			`}`
			`}`