| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566 | # https://www.howtoforge.com/tutorial/install-letsencrypt-and-secure-nginx-in-debian-9/server {  listen 80;  server_name DOMAIN.LTD;  return 301 https://$server_name$request_uri;}server {  listen 443 ssl;  listen [::]:443 ssl;  server_name DOMAIN.LTD;  root /var/www/DOMAIN.LTD/app/web;  index index.html index.php;  charset utf-8;  location / {    try_files $uri $uri/ /index.php?$query_string;  }  location = /favicon.ico { access_log off; log_not_found off; }  location = /robots.txt  { access_log off; log_not_found off; }  access_log on;  error_log /var/www/DOMAIN.LTD/log/error.log;  sendfile off;  client_max_body_size 100m;  #SSL Certificates  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;  ssl_certificate "/etc/letsencrypt/live/DOMAIN.LTD/fullchain.pem";  ssl_certificate_key "/etc/letsencrypt/live/DOMAIN.LTD/privkey.pem";  ssl_dhparam /etc/nginx/ssl/certs/DOMAIN.LTD/dhparam.pem;  # ssl_session_cache shared:SSL:1m;  ssl_session_timeout 10m;  ssl_ciphers HIGH:!aNULL:!MD5;  #ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;  ssl_prefer_server_ciphers  on;  add_header Strict-Transport-Security "max-age=31536000;  #includeSubDomains" always;  location ~ \.php$ {    fastcgi_split_path_info ^(.+\.php)(/.+)$;    fastcgi_pass 127.0.0.1;    fastcgi_index index.php;    include fastcgi.conf;    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;    fastcgi_intercept_errors off;    fastcgi_buffer_size 16k;    fastcgi_buffers 4 16k;  }  location ~ /\.ht {    deny all;  }  # website should not be displayed inside a <frame>, an <iframe> or an <object>  add_header X-Frame-Options SAMEORIGIN;}
 |