Hi I created below Nginx Directive Snippets, and assigned to my site option setting. but somehow I got error, and it can not run. This is the codes from Joomla admin tools. https://www.akeeba.com/documentation/admin-tools/nginx-maker.html ### =========================================================================== ### Security Enhanced & Highly Optimized NginX Configuration File for Joomla! ### automatically generated by Admin Tools 5.1.3 on 2020-11-21 16:22:17 CST ### =========================================================================== ### ### Admin Tools is Free Software, distributed under the terms of the GNU ### General Public License version 3 or, at your option, any later version ### published by the Free Software Foundation. ### ### !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! IMPORTANT !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! ### !! !! ### !! If you get an Internal Server Error 500 or a blank page when trying !! ### !! to access your site, remove this file and try tweaking its settings !! ### !! in the back-end of the Admin Tools component. !! ### !! !! ### !! Remember to include this file in your site's configuration file. !! ### !! Also remember to reload or restart NginX after making any change to !! ### !! this file. !! ### !! !! ### !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! ### ### Prevent access to this file location = /nginx.conf { log_not_found off; access_log off; return 404; break; } location = /nginx.conf.admintools { log_not_found off; access_log off; return 404; break; } ###################################################################### ## Protect against common file injection attacks ###################################################################### set $file_injection 0; if ($query_string ~ "[a-zA-Z0-9_]=http://") { set $file_injection 1; } if ($query_string ~ "[a-zA-Z0-9_]=(\.\.//?)+") { set $file_injection 1; } if ($query_string ~ "[a-zA-Z0-9_]=/([a-z0-9_.]//?)+") { set $file_injection 1; } if ($file_injection = 1) { return 403; break; } ###################################################################### ## Disable PHP Easter Eggs ###################################################################### if ($query_string ~ "\=PHP[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}") { return 403; break; } ###################################################################### ## Block access to configuration.php-dist and htaccess.txt ###################################################################### location = /configuration.php-dist { log_not_found off; access_log off; return 404; break; } location = /htaccess.txt { log_not_found off; access_log off; return 404; break; } location = /web.config { log_not_found off; access_log off; return 404; break; } location = /configuration.php { log_not_found off; access_log off; return 404; break; } location = /CONTRIBUTING.md { log_not_found off; access_log off; return 404; break; } location = /joomla.xml { log_not_found off; access_log off; return 404; break; } location = /LICENSE.txt { log_not_found off; access_log off; return 404; break; } location = /phpunit.xml { log_not_found off; access_log off; return 404; break; } location = /README.txt { log_not_found off; access_log off; return 404; break; } location = /web.config.txt { log_not_found off; access_log off; return 404; break; } ## Protect against clickjacking add_header X-Frame-Options SAMEORIGIN; ###################################################################### ## Directory indices and no automatic directory listings ## Forces index.php to be read before the index.htm(l) files ## Also disables showing files in a directory automatically ###################################################################### index index.php index.html index.htm; ###################################################################### ## Automatic compression of static resources ## Compress text, html, javascript, css, xml and other static resources ## May kill access to your site for old versions of Internet Explorer ###################################################################### # The following is the actual automatic compression setup gzip on; gzip_vary on; gzip_comp_level 6; gzip_proxied expired no-cache no-store private auth; gzip_min_length 1000; gzip_http_version 1.1; gzip_types text/plain text/css application/xhtml+xml application/xml+rss application/rss+xml application/x-javascript application/javascript text/javascript application/json text/xml application/xml image/svg+xml; gzip_buffers 16 8k; gzip_disable "MSIE [1-6]\.(?!.*SV1)"; ## Referrer-policy add_header Referrer-Policy "unsafe-url"; ## Reduce MIME type security risks add_header X-Content-Type-Options "nosniff"; ## Reflected XSS prevention add_header X-XSS-Protection "1; mode=block"; ## Prevent content transformation add_header Cache-Control "no-transform"; # -- Character encoding, see http://wiki.nginx.org/HttpCharsetModule charset utf-8; source_charset utf-8; # -- Security options, see http://wiki.nginx.org/HttpCoreModule server_name_in_redirect off; server_tokens off; ignore_invalid_headers on; # -- Maximum client body size set to 1 Gigabyte client_max_body_size 1G; set $common_exploit 0; if ($query_string ~ "proc/self/environ") { set $common_exploit 1; } if ($query_string ~ "mosConfig_[a-zA-Z_]{1,21}(=|\%3D)") { set $common_exploit 1; } if ($query_string ~ "base64_(en|de)code\(.*\)") { set $common_exploit 1; } if ($query_string ~ "(<|%3C).*script.*(>|%3E)") { set $common_exploit 1; } if ($query_string ~ "GLOBALS(=|\[|\%[0-9A-Z]{0,2})") { set $common_exploit 1; } if ($query_string ~ "_REQUEST(=|\[|\%[0-9A-Z]{0,2})") { set $common_exploit 1; } if ($common_exploit = 1) { return 403; } ## Enable SEF URLs location / { try_files $uri $uri/ /index.php?$args; } location ~* /index.php$ { fastcgi_pass 127.0.0.1:9000; break; } ###################################################################### ## Advanced server protection rules exceptions ###################################################################### location = /administrator/components/com_akeeba/restore.php { fastcgi_pass 127.0.0.1:9000; break; } location = /administrator/components/com_admintools/restore.php { fastcgi_pass 127.0.0.1:9000; break; } location = /administrator/components/com_joomlaupdate/restore.php { fastcgi_pass 127.0.0.1:9000; break; } location ~* ^/\.well\-known/.*\.php$ { break; } location ~* ^/\.well\-known/.*$ { break; } location ~* ^/templates\/your_template_name_here/.*$ { break; } ###################################################################### ## Advanced server protection ###################################################################### # Allow media files in select back-end directories location ~* ^/administrator/(components|modules|templates|images|plugins)/.*.(jpe|jpg|jpeg|jp2|jpe2|png|gif|bmp|css|js|swf|html|mpg|mp3|mpeg|mp4|avi|wav|ogg|ogv|xls|xlsx|doc|docx|ppt|pptx|zip|rar|pdf|xps|txt|7z|svg|odt|ods|odp|flv|mov|htm|ttf|woff|woff2|eot|JPG|JPEG|PNG|GIF|CSS|JS|TTF|WOFF|WOFF2|EOT)$ { break; } # Allow access to the back-end index.php file location = /administrator/index.php { fastcgi_pass 127.0.0.1:9000; break; } location ~* ^/administrator$ { return 301 /administrator/index.php; } location ~* ^/administrator/$ { return 301 /administrator/index.php; } # Disable access to everything else. location ~* /administrator.*$ { # If it is a file, directory or symlink and I haven't deliberately # enabled access to it, forbid any access to it! if (-e $request_filename) { return 403; } # In any other case, just treat as a SEF URL try_files $uri $uri/ /administrator/index.php?$args; } # Allow media files in select front-end directories location ~* ^/(components|modules|templates|images|plugins|media|libraries|media/jui/fonts)/.*.(jpe|jpg|jpeg|jp2|jpe2|png|gif|bmp|css|js|swf|html|mpg|mp3|mpeg|mp4|avi|wav|ogg|ogv|xls|xlsx|doc|docx|ppt|pptx|zip|rar|pdf|xps|txt|7z|svg|odt|ods|odp|flv|mov|ico|htm|ttf|woff|woff2|eot|JPG|JPEG|PNG|GIF|CSS|JS|TTF|WOFF|WOFF2|EOT)$ { break; } ## Disallow front-end access for certain Joomla! system directories (unless access to their files is allowed above) location ~* ^/includes/js/ { return 403; } location ~* ^/(cache|includes|language|logs|log|tmp)/ { return 403; } # Allow access to / location ~* ^/$ { return 301 /index.php; } # Disable access to everything else. location ~* ^/.*$ { # If it is a file, directory or symlink and I haven't deliberately # enabled access to it, forbid any access to it! if (-e $request_filename) { return 403; } # In any other case, just treat as a SEF URL try_files $uri $uri/ /index.php?$args; } ##### Advanced server protection -- END