simple-phpfpm-ssl.nginxconf 1.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566
  1. # https://www.howtoforge.com/tutorial/install-letsencrypt-and-secure-nginx-in-debian-9/
  2. server {
  3. listen 80;
  4. server_name DOMAIN.LTD;
  5. return 301 https://$server_name$request_uri;
  6. }
  7. server {
  8. listen 443 ssl;
  9. listen [::]:443 ssl;
  10. server_name DOMAIN.LTD;
  11. root /var/www/DOMAIN.LTD/app/web;
  12. index index.html index.php;
  13. charset utf-8;
  14. location / {
  15. try_files $uri $uri/ /index.php?$query_string;
  16. }
  17. location = /favicon.ico { access_log off; log_not_found off; }
  18. location = /robots.txt { access_log off; log_not_found off; }
  19. access_log on;
  20. error_log /var/www/DOMAIN.LTD/log/error.log;
  21. sendfile off;
  22. client_max_body_size 100m;
  23. #SSL Certificates
  24. ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  25. ssl_certificate "/etc/letsencrypt/live/DOMAIN.LTD/fullchain.pem";
  26. ssl_certificate_key "/etc/letsencrypt/live/DOMAIN.LTD/privkey.pem";
  27. ssl_dhparam /etc/nginx/ssl/certs/DOMAIN.LTD/dhparam.pem;
  28. # ssl_session_cache shared:SSL:1m;
  29. ssl_session_timeout 10m;
  30. ssl_ciphers HIGH:!aNULL:!MD5;
  31. #ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
  32. ssl_prefer_server_ciphers on;
  33. add_header Strict-Transport-Security "max-age=31536000;
  34. #includeSubDomains" always;
  35. location ~ \.php$ {
  36. fastcgi_split_path_info ^(.+\.php)(/.+)$;
  37. fastcgi_pass 127.0.0.1;
  38. fastcgi_index index.php;
  39. include fastcgi.conf;
  40. fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
  41. fastcgi_intercept_errors off;
  42. fastcgi_buffer_size 16k;
  43. fastcgi_buffers 4 16k;
  44. }
  45. location ~ /\.ht {
  46. deny all;
  47. }
  48. # website should not be displayed inside a <frame>, an <iframe> or an <object>
  49. add_header X-Frame-Options SAMEORIGIN;
  50. }