fix: root path in nginx and forbid locations

configure_nginx.php

@@ -20,10 +20,8 @@ foreach ($config['modules'] as $moduleName => $moduleConfig) {
   $domains = array_map(fn ($d) => $d . '.' . $config['domain'], $domains);
   $serverName = implode(' ', $domains);
 
-  $rootPath = $appBasePath . '/' . $domains[0];
-
   $nginxConfig = $template;
-  $nginxConfig = str_replace('{{ROOT_PATH}}', $rootPath, $nginxConfig);
+  $nginxConfig = str_replace('{{ROOT_PATH}}', $appBasePath, $nginxConfig);
   $nginxConfig = str_replace('{{SERVER_NAME}}', $serverName, $nginxConfig);
   $nginxConfig = str_replace('{{PHP_SOCKET}}', $phpSocket, $nginxConfig);
 

nginx.conf.template

@@ -5,6 +5,9 @@ server {
   location / {
     try_files $uri $uri/ /index.php?$args;
   }
+  location /config.php {
+    return 404;
+  }
   location ~ \.php$ {
     fastcgi_pass unix:{{PHP_SOCKET}};
     fastcgi_split_path_info ^(.+\.php)(/.+)$;
@@ -12,4 +15,31 @@ server {
     include fastcgi_params;
     fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
   }
+  location ^~ /wp-admin {
+    return 403;
+  }
+  location ^~ /super-cool-page {
+    return 403;
+  }
+  location ^~ /load_config.php {
+    return 403;
+  }
+  location ^~ /config.php {
+    return 403;
+  }
+  location ^~ /config.example.php {
+    return 403;
+  }
+  location ^~ /utils.php {
+    return 403;
+  }
+  location ^~ /tmp {
+    return 403;
+  }
+  location ^~ /modules {
+    return 403;
+  }
+  location ^~ /configure_nginx.php {
+    return 403;
+  }
 }