HEX
Server: Apache/2.4.52 (Ubuntu)
System: Linux simsoft.ro 5.15.0-163-generic #173-Ubuntu SMP Tue Oct 14 17:51:00 UTC 2025 x86_64
User: www-data (33)
PHP: 7.4.33
Disabled: pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,
$ pwd: /etc/nginx/sites-available/
Upload Files
File: //etc/nginx/sites-available/iphoneservice.ro.conf
# --- HTTP: redirecționează tot traficul spre HTTPS ---
server {
    listen 80;
    listen [::]:80;
    server_name iphoneservice.ro www.iphoneservice.ro;
    return 301 https://$host$request_uri;
}

# --- HTTPS ---
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name iphoneservice.ro www.iphoneservice.ro;

    # --- Certificatele Let's Encrypt ---
    ssl_certificate /etc/letsencrypt/live/iphoneservice.ro/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/iphoneservice.ro/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

    # --- Root fizic (pentru fișiere statice) ---
    root /home/florin/sites/iphoneservice/current/public;

    # --- Variabilă pentru controlul cache-ului ---
    set $skip_cache 0;
    if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") {
        set $skip_cache 1;
    }

    # --- Admin & login – niciodată cache ---
    location ~* ^/(wp-admin|wp-login\.php) {
        proxy_pass http://127.0.0.1:8080;
        proxy_no_cache 1;
        proxy_cache_bypass 1;
        add_header Cache-Control "no-store, no-cache, must-revalidate, max-age=0";
        include proxy_params;
    }

    # --- Exclude /wp-json (REST API) din caching ---
    location ~ ^/wp-json/ {
        proxy_pass http://127.0.0.1:8080;
        proxy_no_cache 1;
        proxy_cache_bypass 1;
        add_header Cache-Control "no-store, no-cache, must-revalidate, max-age=0";
        include proxy_params;
    }

    # --- Toate celelalte cereri (frontend) ---
    location / {
        proxy_pass http://127.0.0.1:8080;
        proxy_http_version 1.1;

        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Host $host;
        proxy_redirect off;

        proxy_cache_bypass $skip_cache;
        proxy_no_cache $skip_cache;
    }

    # --- Fișiere statice (servite direct de Nginx) ---
    location ~* \.(jpg|jpeg|png|gif|ico|css|js|svg|webp|woff|woff2|ttf|eot)$ {
        root /home/florin/sites/iphoneservice/current/public;
        access_log off;
        expires 30d;
        add_header Cache-Control "public, no-transform";
    }

    # --- Header-e de securitate ---
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header Referrer-Policy "strict-origin-when-cross-origin" always;
    add_header X-XSS-Protection "1; mode=block" always;
}
@ Telegram