# https://www.howtoforge.com/tutorial/install-letsencrypt-and-secure-nginx-in-debian-9/ server { listen [::]:80; server_name DOMAIN.LTD; return 301 https://$server_name$request_uri; } server { listen [::]:443 ssl; server_name DOMAIN.LTD; root /var/www/DOMAIN.LTD/app/web; index index.html index.php; charset utf-8; location / { try_files $uri $uri/ /index.php?$query_string; } location = /favicon.ico { access_log off; log_not_found off; } location = /robots.txt { access_log off; log_not_found off; } access_log on; error_log /var/www/DOMAIN.LTD/log/error.log; sendfile off; client_max_body_size 100m; #SSL Certificates ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_certificate "/etc/letsencrypt/live/DOMAIN.LTD/fullchain.pem"; ssl_certificate_key "/etc/letsencrypt/live/DOMAIN.LTD/privkey.pem"; ssl_dhparam /etc/nginx/ssl/certs/DOMAIN.LTD/dhparam.pem; # ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl_ciphers HIGH:!aNULL:!MD5; #ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5; ssl_prefer_server_ciphers on; add_header Strict-Transport-Security "max-age=31536000; #includeSubDomains" always; location ~ \.php$ { fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass 127.0.0.1; fastcgi_index index.php; include fastcgi.conf; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_intercept_errors off; fastcgi_buffer_size 16k; fastcgi_buffers 4 16k; } location ~ /\.ht { deny all; } # website should not be displayed inside a , an