# Nginx Configuration for quickbooksposhelp.access.ly # With SSL/HTTPS support # Redirect HTTP to HTTPS server { listen 80; listen [::]:80; server_name quickbookposhelp.access.ly; # Redirect all HTTP requests to HTTPS return 301 https://$server_name$request_uri; } # HTTPS Server server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name quickbookposhelp.access.ly; # SSL Certificate paths (will be updated by certbot) ssl_certificate /etc/letsencrypt/live/quickbookposhelp.access.ly/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/quickbookposhelp.access.ly/privkey.pem; # SSL Configuration - Modern and Secure ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384'; ssl_prefer_server_ciphers off; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; ssl_stapling on; ssl_stapling_verify on; # Document root root /home/pts/Documents/QBPOS_Help_Web/QB_Help_Web; index POS_Help.html; # Access and error logs access_log /var/log/nginx/qbpos-access.log combined buffer=32k; error_log /var/log/nginx/qbpos-error.log warn; # Gzip compression gzip on; gzip_vary on; gzip_min_length 1024; gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml+rss application/javascript application/json text/html; # Static asset caching (1 year for images, icons) location ~* \.(gif|jpg|jpeg|png|ico|css|js)$ { expires 1y; add_header Cache-Control "public, immutable"; access_log off; } # HTML files cache for 1 hour location ~* \.(html|htm)$ { expires 1h; add_header Cache-Control "public, must-revalidate"; } # Main location location / { try_files $uri $uri/ =404; } # Security headers add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Content-Type-Options "nosniff" always; add_header X-XSS-Protection "1; mode=block" always; add_header Referrer-Policy "no-referrer-when-downgrade" always; # Deny access to hidden files location ~ /\. { deny all; access_log off; log_not_found off; } }