server { listen 80; server_name _; root /var/www/html/public; index index.php; add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Content-Type-Options "nosniff" always; add_header Referrer-Policy "strict-origin-when-cross-origin" always; add_header Permissions-Policy "geolocation=(), microphone=(), camera=()" always; location = /sw.js { add_header Cache-Control "no-cache, no-store, must-revalidate"; try_files $uri =404; } location = /manifest.webmanifest { add_header Cache-Control "public, max-age=3600"; default_type application/manifest+json; try_files $uri =404; } location / { try_files $uri $uri/ /index.php?$query_string; } location ~ \.php$ { include fastcgi_params; fastcgi_pass 127.0.0.1:9000; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_hide_header X-Powered-By; fastcgi_read_timeout 300s; fastcgi_send_timeout 300s; } location ~ /\.(?!well-known).* { deny all; } }