← Documentation
Server Configuration
Nginx, PHP-FPM, SSL, and web server setup
Nginx
| Config File | /etc/nginx/sites-enabled/test.kim8.s4s.host.conf |
| Access Log | /var/log/nginx/test.access.log |
| Error Log | /var/log/nginx/test.error.log |
| DocumentRoot | /home/test |
Features enabled:
- HTTP to HTTPS redirect (301)
- SSL/TLS (TLSv1.2 + TLSv1.3)
- HTTP/2
- PHP-FPM via Unix socket
- API rate limiting (60 req/min)
- Static asset caching (1 year)
- Hidden file protection (deny
.env, .git, etc.)
- Let's Encrypt ACME challenge support
server_tokens off (version hidden)
Security Headers
Set via includes/security.php on every PHP response:
| Content-Security-Policy | Strict CSP with self-only sources |
| Strict-Transport-Security | max-age=31536000; includeSubDomains; preload |
| X-Frame-Options | SAMEORIGIN |
| X-Content-Type-Options | nosniff |
| Referrer-Policy | strict-origin-when-cross-origin |
| Permissions-Policy | camera=(), microphone=(), geolocation=() |
| X-Permitted-Cross-Domain-Policies | none |
PHP-FPM
| Version | 8.3.6 |
| Socket | unix:/run/php/php8.3-fpm.sock |
| Process Manager | dynamic |
SSL (Let's Encrypt)
| Issuer | Let's Encrypt |
| Cert Path | /etc/letsencrypt/live/test.kim8.s4s.host/fullchain.pem |
| Key Path | /etc/letsencrypt/live/test.kim8.s4s.host/privkey.pem |
| Auto-renewal | Yes (certbot cron) |
| Protocols | TLSv1.2, TLSv1.3 |
Related Sites
| https://test.kim8.s4s.host | Main hub, API reference |
| https://vision.kim8.s4s.host | Vision AI, OCR, screenshot QA |
| https://featherless.kim8.s4s.host | Model catalog, text playground |
| https://generate.kim8.s4s.host | Image generation, upscaling |
Useful Commands
nginx -t # Test config
systemctl reload nginx # Apply changes
systemctl restart php8.3-fpm # Restart PHP
certbot certificates # Check SSL
tail -f /var/log/nginx/test.error.log # Watch errors