-
-
Save Flobin/238d7ab6db33cf59adad081392ae47ae to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## | |
# You should look at the following URL's in order to grasp a solid understanding | |
# of Nginx configuration files in order to fully unleash the power of Nginx. | |
# http://wiki.nginx.org/Pitfalls | |
# http://wiki.nginx.org/QuickStart | |
# http://wiki.nginx.org/Configuration | |
# | |
# Generally, you will want to move this file somewhere, and start with a clean | |
# file but keep this around for reference. Or just disable in sites-enabled. | |
# | |
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. | |
## | |
# Default server configuration | |
# | |
server { | |
listen 80; | |
listen [::]:80; | |
server_name davlstudio.com; | |
return 301 https://$server_name$request_uri; | |
} | |
server { | |
listen 443 ssl http2 default_server; | |
listen [::]:443 ssl http2 default_server; | |
# SSL configuration | |
# | |
# listen 443 ssl default_server; | |
# listen [::]:443 ssl default_server; | |
# | |
# Note: You should disable gzip for SSL traffic. | |
# See: https://bugs.debian.org/773332 | |
# | |
# Read up on ssl_ciphers to ensure a secure configuration. | |
# See: https://bugs.debian.org/765782 | |
# | |
# Self signed certs generated by the ssl-cert package | |
# Don't use them in a production server! | |
# | |
# include snippets/snakeoil.conf; | |
root /var/www/html; | |
# Add index.php to the list if you are using PHP | |
index index.php index.html index.htm index.nginx-debian.html; | |
server_name davlstudio.com www.davlstudio.com; | |
location / { | |
# First attempt to serve request as file, then | |
# as directory, then fall back to displaying a 404. | |
autoindex off; | |
try_files $uri $uri/ /index.php?$uri&$args; | |
} | |
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 | |
# | |
location ~ \.php$ { | |
include snippets/fastcgi-php.conf; | |
# | |
# # With php7.0-cgi alone: | |
# fastcgi_pass 127.0.0.1:9000; | |
# # With php7.0-fpm: | |
fastcgi_pass unix:/run/php/php7.0-fpm.sock; | |
} | |
# deny access to .htaccess files, if Apache's document root | |
# concurs with nginx's one | |
# | |
location ~ /\.ht { | |
deny all; | |
} | |
# Don't hint these as folders | |
rewrite ^/(content|site|kirby)$ /error last; | |
# block content | |
rewrite ^/content/(.*).(txt|md|mdown)$ /error last; | |
# block all files in the site and kirby folder from being accessed directly | |
rewrite ^/(site|kirby)/(.*)$ /error last; | |
# removes trailing slashes (prevents SEO duplicate content issues) | |
if (!-d $request_filename) { | |
rewrite ^/(.+)/$ /$1 permanent; | |
} | |
# panel links | |
location ~ /panel { | |
try_files $uri $uri/ /panel/index.php?$uri&$args; | |
} | |
# site links | |
location ~ / { | |
try_files $uri $uri/ /index.php?$uri&$args; | |
} | |
# Prevent clients from accessing hidden files (starting with a dot) | |
# This is particularly important if you store .htpasswd files in the site hierarchy | |
location ~ (?:^|/)\. { | |
deny all; | |
} | |
# Prevent clients from accessing to backup/config/source files | |
location ~ (?:\.(?:bak|config|sql|fla|psd|ini|log|sh|inc|swp|dist)|~)$ { | |
deny all; | |
} | |
# listen 443 ssl; # managed by Certbot | |
ssl_certificate /etc/letsencrypt/live/davlstudio.com/fullchain.pem; # managed by Certbot | |
ssl_certificate_key /etc/letsencrypt/live/davlstudio.com/privkey.pem; # managed by Certbot | |
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot | |
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot | |
# Redirect non-https traffic to https | |
# if ($scheme != "https") { | |
# return 301 https://$host$request_uri; | |
# } # managed by Certbot | |
} | |
# Virtual Host configuration for example.com | |
# | |
# You can move that to a different file under sites-available/ and symlink that | |
# to sites-enabled/ to enable it. | |
# | |
#server { | |
# listen 80; | |
# listen [::]:80; | |
# | |
# server_name example.com; | |
# | |
# root /var/www/example.com; | |
# index index.html; | |
# | |
# location / { | |
# try_files $uri $uri/ =404; | |
# } | |
#} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2018/02/06 08:56:14 [error] 13873#13873: *360 FastCGI sent in stderr: "PHP message: PHP Fatal error: Uncaught Exception: The mbstring extension must be installed in /home/robin/Dropbox/kirby/panel/app/src/panel.php:201 | |
Stack trace: | |
#0 /home/robin/Dropbox/kirby/panel/app/src/panel.php(91): Kirby\Panel->requirements() | |
#1 /home/robin/Dropbox/kirby/panel/index.php(41): Kirby\Panel->__construct(Object(Kirby), '/home/robin/Dro...') | |
#2 {main} | |
thrown in /home/robin/Dropbox/kirby/panel/app/src/panel.php on line 201" while reading response header from upstream, client: 83.85.63.225, server: davlstudio.com, request: "GET /panel/ HTTP/1.1", upstream: "fastcgi://unix:/run/php/php7.0-fpm.sock:", host: "www.davlstudio.com" | |
2018/02/06 10:46:36 [notice] 29120#29120: signal process started | |
2018/02/06 10:46:48 [notice] 29122#29122: signal process started | |
2018/02/06 10:50:18 [notice] 29151#29151: signal process started | |
2018/02/06 10:50:23 [notice] 29153#29153: signal process started | |
2018/02/06 10:52:26 [emerg] 29164#29164: a duplicate listen 0.0.0.0:443 in /etc/nginx/sites-enabled/default:109 | |
2018/02/06 10:53:11 [emerg] 29170#29170: a duplicate listen 0.0.0.0:443 in /etc/nginx/sites-enabled/default:109 | |
2018/02/06 11:12:16 [crit] 29775#29775: *201 SSL_do_handshake() failed (SSL: error:14094085:SSL routines:ssl3_read_bytes:ccs received early) while SSL handshaking, client: 64.41.200.104, server: 0.0.0.0:443 | |
2018/02/06 11:12:17 [crit] 29775#29775: *202 SSL_do_handshake() failed (SSL: error:14094085:SSL routines:ssl3_read_bytes:ccs received early) while SSL handshaking, client: 64.41.200.104, server: 0.0.0.0:443 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2018-02-06 12:20:05,052:DEBUG:certbot.main:certbot version: 0.19.0 | |
2018-02-06 12:20:05,053:DEBUG:certbot.main:Arguments: ['-q'] | |
2018-02-06 12:20:05,053:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot) | |
2018-02-06 12:20:05,076:DEBUG:certbot.log:Root logging level set at 30 | |
2018-02-06 12:20:05,077:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log | |
2018-02-06 12:20:05,091:DEBUG:certbot.plugins.selection:Requested authenticator <certbot.cli._Default object at 0x7fdff7b83790> and installer <certbot.cli._Default object at 0x7fdff7b83790> | |
2018-02-06 12:20:05,091:DEBUG:certbot.cli:Default Detector is Namespace(account=<certbot.cli._Default object at 0x7fdff7b64750>, agree_dev_preview=None, allow_subset_of_names=<certbot.cli._Default object at 0x7fdff7b640d0>, apache=<certbot.cli._Default object at 0x7fdff7b83a90>, authenticator=<certbot.cli._Default object at 0x7fdff7b83790>, break_my_certs=<certbot.cli._Default object at 0x7fdff7b5c090>, cert_path=<certbot.cli._Default object at 0x7fdff7b80f50>, certname=<certbot.cli._Default object at 0x7fdff7b4f250>, chain_path=<certbot.cli._Default object at 0x7fdff7b83290>, checkpoints=<certbot.cli._Default object at 0x7fdff7b80a50>, config_dir=<certbot.cli._Default object at 0x7fdff7b83390>, config_file=None, configurator=<certbot.cli._Default object at 0x7fdff7b83790>, csr=<certbot.cli._Default object at 0x7fdff7b80850>, debug=<certbot.cli._Default object at 0x7fdff7bc1e90>, debug_challenges=<certbot.cli._Default object at 0x7fdff7b4f1d0>, deploy_hook=<certbot.cli._Default object at 0x7fdff7b80110>, dialog=None, directory_hooks=<certbot.cli._Default object at 0x7fdff7b80310>, dns_cloudflare=<certbot.cli._Default object at 0x7fdff7b83f90>, dns_cloudxns=<certbot.cli._Default object at 0x7fdff7b080d0>, dns_digitalocean=<certbot.cli._Default object at 0x7fdff7b081d0>, dns_dnsimple=<certbot.cli._Default object at 0x7fdff7b082d0>, dns_dnsmadeeasy=<certbot.cli._Default object at 0x7fdff7b083d0>, dns_google=<certbot.cli._Default object at 0x7fdff7b084d0>, dns_luadns=<certbot.cli._Default object at 0x7fdff7b085d0>, dns_nsone=<certbot.cli._Default object at 0x7fdff7b086d0>, dns_rfc2136=<certbot.cli._Default object at 0x7fdff7b087d0>, dns_route53=<certbot.cli._Default object at 0x7fdff7b088d0>, domains=<certbot.cli._Default object at 0x7fdff7b4f410>, dry_run=<certbot.cli._Default object at 0x7fdff7b4f0d0>, duplicate=<certbot.cli._Default object at 0x7fdff7b64850>, eff_email=<certbot.cli._Default object at 0x7fdff7bc1a90>, email=<certbot.cli._Default object at 0x7fdff7bc1c10>, expand=<certbot.cli._Default object at 0x7fdff7bc1650>, force_interactive=<certbot.cli._Default object at 0x7fdff7b4f590>, fullchain_path=<certbot.cli._Default object at 0x7fdff7b83190>, func=<function renew at 0x7fdffdeba1b8>, hsts=<certbot.cli._Default object at 0x7fdff7b5cc10>, http01_address=<certbot.cli._Default object at 0x7fdff7b55e10>, http01_port=<certbot.cli._Default object at 0x7fdff7b4fe10>, ifaces=<certbot.cli._Default object at 0x7fdff7b80d50>, init=<certbot.cli._Default object at 0x7fdff7b80b50>, installer=<certbot.cli._Default object at 0x7fdff7b83790>, key_path=<certbot.cli._Default object at 0x7fdff7b83090>, logs_dir=<certbot.cli._Default object at 0x7fdff7b83590>, manual=<certbot.cli._Default object at 0x7fdff7b83d90>, manual_auth_hook=<certbot.cli._Default object at 0x7fdff7b08a10>, manual_cleanup_hook=<certbot.cli._Default object at 0x7fdff7b08b50>, manual_public_ip_logging_ok=<certbot.cli._Default object at 0x7fdff7b08c50>, max_log_backups=<certbot.cli._Default object at 0x7fdff7b4f890>, must_staple=<certbot.cli._Default object at 0x7fdff7b5c490>, nginx=<certbot.cli._Default object at 0x7fdff7b83b90>, nginx_ctl=<certbot.cli._Default object at 0x7fdff7b08e90>, nginx_server_root=<certbot.cli._Default object at 0x7fdff7b089d0>, no_bootstrap=<certbot.cli._Default object at 0x7fdff7bc14d0>, no_self_upgrade=<certbot.cli._Default object at 0x7fdff7b64a50>, no_verify_ssl=<certbot.cli._Default object at 0x7fdff7b4f510>, noninteractive_mode=<certbot.cli._Default object at 0x7fdff7b4f710>, num=<certbot.cli._Default object at 0x7fdff7b80590>, os_packages_only=<certbot.cli._Default object at 0x7fdff7b64950>, post_hook=<certbot.cli._Default object at 0x7fdff7b64ed0>, pre_hook=<certbot.cli._Default object at 0x7fdff7b64dd0>, pref_challs=<certbot.cli._Default object at 0x7fdff7b64cd0>, prepare=<certbot.cli._Default object at 0x7fdff7b80c50>, quiet=True, reason=<certbot.cli._Default object at 0x7fdff7b80950>, redirect=<certbot.cli._Default object at 0x7fdff7b5c790>, register_unsafely_without_email=<certbot.cli._Default object at 0x7fdff7bc1f10>, reinstall=<certbot.cli._Default object at 0x7fdff7bc1450>, renew_by_default=<certbot.cli._Default object at 0x7fdff7b643d0>, renew_hook=<certbot.cli._Default object at 0x7fdff7b64fd0>, renew_with_new_domains=<certbot.cli._Default object at 0x7fdff7b64250>, rsa_key_size=<certbot.cli._Default object at 0x7fdff7b5c290>, server=<certbot.cli._Default object at 0x7fdff7b83690>, staging=<certbot.cli._Default object at 0x7fdff7bc1b90>, standalone=<certbot.cli._Default object at 0x7fdff7b83c90>, standalone_supported_challenges=<certbot.cli._Default object at 0x7fdff7b08f90>, staple=<certbot.cli._Default object at 0x7fdff7b64190>, strict_permissions=<certbot.cli._Default object at 0x7fdff7b64bd0>, text_mode=<certbot.cli._Default object at 0x7fdff7b4fa10>, tls_sni_01_address=<certbot.cli._Default object at 0x7fdff7b4fb10>, tls_sni_01_port=<certbot.cli._Default object at 0x7fdff7b4f810>, tos=<certbot.cli._Default object at 0x7fdff7b64650>, uir=<certbot.cli._Default object at 0x7fdff7b648d0>, update_registration=<certbot.cli._Default object at 0x7fdff7bc1d90>, user_agent=<certbot.cli._Default object at 0x7fdff7b4ff50>, user_agent_comment=<certbot.cli._Default object at 0x7fdff7b80750>, validate_hooks=<certbot.cli._Default object at 0x7fdff7b80210>, verb='renew', verbose_count=<certbot.cli._Default object at 0x7fdff7b4fb90>, webroot=<certbot.cli._Default object at 0x7fdff7b83e90>, webroot_map=<certbot.cli._Default object at 0x7fdff7b0c1d0>, webroot_path=<certbot.cli._Default object at 0x7fdff7b08d90>, work_dir=<certbot.cli._Default object at 0x7fdff7b83490>) | |
2018-02-06 12:20:05,106:INFO:certbot.renewal:Cert not yet due for renewal | |
2018-02-06 12:20:05,107:DEBUG:certbot.renewal:no renewal failures |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment