server {
    listen 80;
    listen [::]:80;
    server_name example.com www.example.com;
    root /var/www/example.com/public;
    index index.php index.html index.htm;
    charset utf-8;

    # Log files
    access_log  /var/log/nginx/example.com//access.log;
    error_log   /var/log/nginx/example.com//error.log;

    # Some protection headers
    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Content-Type-Options "nosniff";

    location / {
        # First attempt to serve request as file, then
        # as directory, then fall back to displaying a 404.
        try_files $uri $uri/ /index.php?$query_string;
    }

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    location ~ \.php$ {
        # Map to appropriate php-fpm sock version
        fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }

    # Handle robots.txt
    #
    location = /robots.txt {
        access_log      off;
        log_not_found   off;
    }

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    location ~ /\.ht {
        deny all;
    }

    # Allow access to some URIs relation mappings
    #
    location ~ /.well-known {
        allow all;
    }

    # Config for static files
    #
    location ~* \.(?:ico|css|js|jpe?g|JPG|png|svg|woff)$ {
        # Do you need to log access for static files?
        access_log      off;
        # Do you need to log if static file not found?
        log_not_found   off;
        # Cache the static files
        expires         30d;
    }

    # Deny access to some file types
    location ~ /\.(log|bak|sql)$ {
        deny    all;
    }
}