server { listen 80; listen [::]:80; server_name script.atphosting24.com; root /var/www/script.atphosting24.com; index index.html; # Redirect HTTP to HTTPS return 301 https://$host$request_uri; } server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name script.atphosting24.com; root /var/www/script.atphosting24.com; index index.html; # SSL Configuration ssl_certificate /etc/letsencrypt/live/script.atphosting24.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/script.atphosting24.com/privkey.pem; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; # Security headers add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Content-Type-Options "nosniff" always; add_header X-XSS-Protection "1; mode=block" always; add_header Referrer-Policy "no-referrer-when-downgrade" always; # Serve shell scripts with proper content type location ~* \.sh$ { default_type application/x-sh; add_header Content-Type "text/plain; charset=utf-8"; add_header Cache-Control "no-cache, no-store, must-revalidate"; add_header Pragma "no-cache"; add_header Expires "0"; allow all; } # Serve the update_cpanelv2 script location = /update_cpanelv2 { default_type application/x-sh; add_header Content-Type "text/plain; charset=utf-8"; add_header Cache-Control "no-cache, no-store, must-revalidate"; allow all; } # Scripts directory location /scripts/ { default_type application/x-sh; add_header Content-Type "text/plain; charset=utf-8"; add_header Cache-Control "no-cache, no-store, must-revalidate"; allow all; autoindex off; } # Deny access to hidden files location ~ /\. { deny all; access_log off; log_not_found off; } # Access and error logs access_log /var/log/nginx/script.atphosting24.com_access.log; error_log /var/log/nginx/script.atphosting24.com_error.log; }