simple-phpfpm-ssl.nginxconf 1.7 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465
  1. # https://www.howtoforge.com/tutorial/install-letsencrypt-and-secure-nginx-in-debian-9/
  2. server {
  3. listen [::]:80;
  4. server_name DOMAIN.LTD;
  5. return 301 https://$server_name$request_uri;
  6. }
  7. server {
  8. listen [::]:443 ssl;
  9. server_name DOMAIN.LTD;
  10. root /var/www/DOMAIN.LTD/app/web;
  11. index index.html index.php;
  12. charset utf-8;
  13. location / {
  14. try_files $uri $uri/ /index.php?$query_string;
  15. }
  16. location = /favicon.ico { access_log off; log_not_found off; }
  17. location = /robots.txt { access_log off; log_not_found off; }
  18. access_log on;
  19. error_log /var/www/DOMAIN.LTD/log/error.log;
  20. sendfile off;
  21. client_max_body_size 100m;
  22. #SSL Certificates
  23. ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  24. ssl_certificate "/etc/letsencrypt/live/DOMAIN.LTD/fullchain.pem";
  25. ssl_certificate_key "/etc/letsencrypt/live/DOMAIN.LTD/privkey.pem";
  26. ssl_dhparam /etc/nginx/ssl/certs/DOMAIN.LTD/dhparam.pem;
  27. # ssl_session_cache shared:SSL:1m;
  28. ssl_session_timeout 10m;
  29. ssl_ciphers HIGH:!aNULL:!MD5;
  30. #ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
  31. ssl_prefer_server_ciphers on;
  32. add_header Strict-Transport-Security "max-age=31536000;
  33. #includeSubDomains" always;
  34. location ~ \.php$ {
  35. fastcgi_split_path_info ^(.+\.php)(/.+)$;
  36. fastcgi_pass 127.0.0.1;
  37. fastcgi_index index.php;
  38. include fastcgi.conf;
  39. fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
  40. fastcgi_intercept_errors off;
  41. fastcgi_buffer_size 16k;
  42. fastcgi_buffers 4 16k;
  43. }
  44. location ~ /\.ht {
  45. deny all;
  46. }
  47. # website should not be displayed inside a <frame>, an <iframe> or an <object>
  48. add_header X-Frame-Options SAMEORIGIN;
  49. }