Home Explore Help
Sign In
bachir
/
alpine-web-werver
1
1
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: bdb69186f3
Branches Tags
alpine-web-w...
/
assets
/
vhosts
/
simple-phpfpm-ssl.nginxconf

simple-phpfpm-ssl.nginxconf 1.7 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465 
  1. # https://www.howtoforge.com/tutorial/install-letsencrypt-and-secure-nginx-in-debian-9/
    2. 

  2. 

  3. server {
    4. 

  4.   listen [::]:80;
    5. 

  5.   server_name DOMAIN.LTD;
    6. 

  6.   return 301 https://$server_name$request_uri;
    7. 

  7. }
    8. 

  8. 

  9. server {
    10. 

  10.   listen [::]:443 ssl;
    11. 

  11. 

  12.   server_name DOMAIN.LTD;
    13. 

  13. 

  14.   root /var/www/DOMAIN.LTD/app/web;
    15. 

  15.   index index.html index.php;
    16. 

  16. 

  17.   charset utf-8;
    18. 

  18. 

  19.   location / {
    20. 

  20.     try_files $uri $uri/ /index.php?$query_string;
    21. 

  21.   }
    22. 

  22. 

  23.   location = /favicon.ico { access_log off; log_not_found off; }
    24. 

  24.   location = /robots.txt  { access_log off; log_not_found off; }
    25. 

  25. 

  26.   access_log on;
    27. 

  27.   error_log /var/www/DOMAIN.LTD/log/error.log;
    28. 

  28. 

  29.   sendfile off;
    30. 

  30. 

  31.   client_max_body_size 100m;
    32. 

  32. 

  33.   #SSL Certificates
    34. 

  34.   ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    35. 

  35.   ssl_certificate "/etc/letsencrypt/live/DOMAIN.LTD/fullchain.pem";
    36. 

  36.   ssl_certificate_key "/etc/letsencrypt/live/DOMAIN.LTD/privkey.pem";
    37. 

  37.   ssl_dhparam /etc/nginx/ssl/certs/DOMAIN.LTD/dhparam.pem;
    38. 

  38.   # ssl_session_cache shared:SSL:1m;
    39. 

  39.   ssl_session_timeout 10m;
    40. 

  40.   ssl_ciphers HIGH:!aNULL:!MD5;
    41. 

  41.   #ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
    42. 

  42.   ssl_prefer_server_ciphers  on;
    43. 

  43. 

  44.   add_header Strict-Transport-Security "max-age=31536000;
    45. 

  45.   #includeSubDomains" always;
    46. 

  46. 

  47.   location ~ \.php$ {
    48. 

  48.     fastcgi_split_path_info ^(.+\.php)(/.+)$;
    49. 

  49.     fastcgi_pass 127.0.0.1;
    50. 

  50.     fastcgi_index index.php;
    51. 

  51.     include fastcgi.conf;
    52. 

  52.     fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    53. 

  53.     fastcgi_intercept_errors off;
    54. 

  54.     fastcgi_buffer_size 16k;
    55. 

  55.     fastcgi_buffers 4 16k;
    56. 

  56.   }
    57. 

  57. 

  58.   location ~ /\.ht {
    59. 

  59.     deny all;
    60. 

  60.   }
    61. 

  61. 

  62.   # website should not be displayed inside a <frame>, an <iframe> or an <object>
    63. 

  63.   add_header X-Frame-Options SAMEORIGIN;
    64. 

  64. 

  65. }
    66.