#it's already in the http directive

server {
    listen 12345;
    listen [::]:12345;

    root /root/www;

    add_header Access-Control-Allow-Origin * always;

    charset utf-8;

    location = / {
        allow all;
        index index.html;
    }

    location = /index.html {
        allow all;
    }

    location = /api.php {
        allow all;
        include fastcgi_params;
        fastcgi_pass unix:/root/php-fpm.sock;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    }

    location /assets/ {
        allow all;
    }

    location / {
        deny all;
    }

    error_page 405 =200 $uri;

}