server { listen 80; server_name support.FQDN; return 301 https://$server_name$request_uri; } server { listen 443 ssl; listen [::]:443 ssl; server_name support.FQDN; ssl_certificate /etc/nginx/ssl/nginx-selfsigned.crt; ssl_certificate_key /etc/nginx/ssl/nginx-selfsigned.key; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers TLS-CHACHA20-POLY1305-SHA256:TLS-AES-256-GCM-SHA384:TLS-AES-128-GCM-SHA256:HIGH:!aNULL:!MD5; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; add_header X-XSS-Protection "1; mode=block"; # no trailing slash root /var/www/osticket; index index.php index.html index.htm; access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log; client_max_body_size 2000M; client_body_buffer_size 100M; client_header_buffer_size 10M; large_client_header_buffers 2 10M; client_body_timeout 12; client_header_timeout 12; keepalive_timeout 15; send_timeout 10; gzip on; gzip_comp_level 2; gzip_min_length 1000; gzip_proxied expired no-cache no-store private auth; gzip_types text/plain application/x-javascript text/xml text/css application/xml; set $path_info ""; location ~ /include { deny all; return 403; } if ($request_uri ~ "^/api(/[^\?]+)") { set $path_info $1; } location ~ ^/api/(?:tickets|tasks|Auth).*$ { try_files $uri $uri/ /api/http.php?$query_string; } if ($request_uri ~ "^/scp/.*\.php(/[^\?]+)") { set $path_info $1; } location ~ ^/scp/ajax.php/.*$ { try_files $uri $uri/ /scp/ajax.php?$query_string; } location / { try_files $uri $uri/ index.php; } location ~ \.php$ { fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; fastcgi_pass unix:/run/php/php8.1-fpm.sock; fastcgi_param PATH_INFO $path_info; } }