File: //etc/nginx/sites-enabled_24/truelysell-wp.conf
server {
# Listen for HTTPS requests
listen 443 ssl;
server_name truelysell-wp.dreamstechnologies.com;
# Document root
root /mnt/data/truelysell-wp;
index index.php index.html index.htm;
# SSL configuration (SSL handled by Cloudflare)
ssl_certificate /etc/nginx/ssl/stardreams.pem;
ssl_certificate_key /etc/nginx/ssl/stardreams.key;
# Security headers
#add_header X-Content-Type-Options "nosniff";
#add_header X-Frame-Options "SAMEORIGIN";
#add_header X-XSS-Protection "1; mode=block";
#add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
# Security headers
add_header X-Content-Type-Options "nosniff";
add_header X-XSS-Protection "1; mode=block";
add_header Strict-Transport-Security "max-age=86400; includeSubDomains";
# Cloudflare IP Ranges
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 103.21.244.0/22;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 103.31.4.0/22;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 108.162.192.0/18;
set_real_ip_from 190.93.240.0/20;
set_real_ip_from 188.114.96.0/20;
set_real_ip_from 197.234.240.0/22;
set_real_ip_from 198.41.128.0/17;
set_real_ip_from 162.158.0.0/15;
set_real_ip_from 104.16.0.0/13;
set_real_ip_from 104.24.0.0/14;
set_real_ip_from 172.64.0.0/13;
set_real_ip_from 131.0.72.0/22;
# Set the header that contains the real client IP
real_ip_header CF-Connecting-IP;
# PHP-FPM configuration
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php8.4-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
# Restrict access to sensitive files
location ~ /\.(env|ini|log|sh|sql)$ {
deny all;
}
# Block access to .git directories
location ~ /\.git {
deny all;
}
# General settings for the document root
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location /catering {
try_files $uri $uri/ /catering/index.php?$args;
}
location /carwash {
try_files $uri $uri/ /carwash/index.php?$args;
}
location /cleaning {
try_files $uri $uri/ /cleaning/index.php?$args;
}
location /house-problem {
try_files $uri $uri/ /house-problem/index.php?$args;
}
location /mechanic {
try_files $uri $uri/ /mechanic/index.php?$args;
}
location /multipurpose {
try_files $uri $uri/ /multipurpose/index.php?$args;
}
location /pet-grooming {
try_files $uri $uri/ /pet-grooming/index.php?$args;
}
location /saloon {
try_files $uri $uri/ /saloon/index.php?$args;
}
location /electrical {
try_files $uri $uri/ /electrical/index.php?$args;
}
# Logging
error_log /var/log/nginx/truelysell-wp_error.log;
access_log /var/log/nginx/truelysell-wp_access.log combined;
}