server {
    add_header Content-Security-Policy "default-src 'none'; style-src 'self'; img-src 'self'";
    add_header X-Frame-Options "DENY" always;
    add_header X-Content-Type-Options "nosniff";
    add_header Permissions-Policy "accelerometer=(), ambient-light-sensor=(), attribution-reporting=(), autoplay=(), bluetooth=(), browsing-topics=(), camera=(), compute-pressure=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), indentity-credentials-get=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-create=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), speaker-selection=(), storage-access=(), usb=(), web-share=(), window-management=(), xr-spatial-tracking=()";

    listen       8080 default_server;
    server_name  _;

    root     /var/www/binternet;
    index    index.php;

    location ~ \.php$ {
        fastcgi_pass   unix:/run/php/php-fpm84.sock;
        fastcgi_index  index.php;
        fastcgi_param  PATH_INFO $path_info;
        fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;

        fastcgi_split_path_info         ^(.+?\.php)(/.*)$;
        try_files $fastcgi_script_name  =404;
        set $path_info                  $fastcgi_path_info;

        include        fastcgi_params;
    }
}