From a15b8e736bae6c0b5c378cd87b0e85ec6cafeb5b Mon Sep 17 00:00:00 2001
From: Clark Winkelmann <clark.winkelmann@gmail.com>
Date: Mon, 20 Apr 2020 21:37:53 +0200
Subject: [PATCH] nginx rule to prevent access to sensitive files

Add a suggested rule that does the same as the suggested rule in .htaccess
---
 .nginx.conf | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/.nginx.conf b/.nginx.conf
index fdb3270..1eaa6fb 100644
--- a/.nginx.conf
+++ b/.nginx.conf
@@ -3,6 +3,13 @@ location / {
   try_files $uri $uri/ /index.php?$query_string;
 }
 
+# Uncomment the following lines if you are not using a `public` directory
+# to prevent sensitive resources from being exposed.
+# location ~* ^/(composer\.(json|lock)|config\.php|flarum|storage|vendor) {
+#   deny all;
+#   return 404;
+# }
+
 # The following directives are based on best practices from H5BP Nginx Server Configs
 # https://github.com/h5bp/server-configs-nginx