defaultssl.nginxconf 1.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354
  1. # https://www.howtoforge.com/tutorial/install-letsencrypt-and-secure-nginx-in-debian-9/
  2. # NOT USED
  3. server {
  4. listen 443 ssl default_server;
  5. listen [::]:443 ssl default_server;
  6. server_name www.yourdomain.com yourdomain.com;
  7. #server_name _;
  8. root /var/www/html;
  9. access_log /var/log/nginx/access.log;
  10. error_log /var/log/nginx/error.log;
  11. #SSL Certificates
  12. ssl_certificate "/etc/letsencrypt/live/www.yourdomain.com/cert.pem";
  13. ssl_certificate_key "/etc/letsencrypt/live/www. yourdomain.com/privkey.pem";
  14. ssl_dhparam /etc/nginx/dhparam.pem;
  15. ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  16. #ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
  17. ssl_session_cache shared:SSL:1m;
  18. ssl_session_timeout 10m;
  19. ssl_ciphers HIGH:!aNULL:!MD5;
  20. ssl_prefer_server_ciphers on;
  21. add_header Strict-Transport-Security "max-age=31536000;
  22. #includeSubDomains" always;
  23. location / {
  24. index index.php index.html index.htm;
  25. try_files $uri $uri/ /index.php?$args $uri/ =404;
  26. }
  27. set $cache_uri $request_uri;
  28. location ~ /.well-known {
  29. allow all;
  30. }
  31. # pass PHP scripts to FastCGI server
  32. location ~ \.php$ {
  33. fastcgi_pass unix:/run/php/php7.0-fpm.sock;
  34. fastcgi_index index.php;
  35. include fastcgi_params;
  36. fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
  37. }
  38. # deny access to .htaccess files, if Apache's document root
  39. # concurs with nginx's one
  40. location ~ /\.ht {
  41. deny all;
  42. }
  43. }