nginx.conf

worker_processes  auto;

user www-data www-data;

events { worker_connections 1024; }

http {
  include       /etc/nginx/mime.types;
  default_type  application/octet-stream;
  add_header    X-XSS-Protection "1; mode=block";
  add_header    X-Frame-Options SAMEORIGIN always;
  add_header    X-Content-Type-Options "nosniff" always;
  add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
  sendfile on;
  tcp_nopush         on;
  tcp_nodelay        off;
  gzip               on;
  gzip_http_version  1.0;
  gzip_comp_level    2;
  gzip_proxied       any;
  gzip_types         
    application/atom+xml
    application/javascript
    application/x-javascript
    application/manifest+json
    application/rdf+xml
    application/rss+xml
    application/xhtml+xml
    application/xml
    text/css
    text/javascript
    text/plain
    text/xml;
  keepalive_timeout  65;
  client_max_body_size 80M;
  server_tokens off;

  absolute_redirect  off;
  port_in_redirect   off;

  upstream php {
    server 127.0.0.1:9000;
  }

  server {
    listen 80;

    root /var/www/html;
    index index.php index.html index.htm;

    location / {
      include  /etc/nginx/mime.types;
      try_files $uri $uri/ /index.php?$args;
    }

    location ~ \.php$ {
      include /etc/nginx/fastcgi_params;
      fastcgi_pass php;
      fastcgi_index index.php;
      fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    }

    # Deny all attempts to access hidden files such as .htaccess or .htpasswd
    location ~ /\. {
      deny all;
    }
    # Block xmlrpc.php
    location = /xmlrpc.php {
      deny all;
    }
    # Block nginx.conf
    location = /nginx.conf {
      deny all;
    }

    
  }
}