Last active
March 9, 2017 10:42
-
-
Save SuryaElite/a31f61b60105747e3213382aef00d936 to your computer and use it in GitHub Desktop.
Sample nginx conf with ssl enabled letsencrypt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
server { | |
listen 80; | |
server_name suryaelite.com www.suryaelite.com; | |
return 301 https://suryaelite.com$request_uri; | |
} | |
server { | |
listen 443 ssl spdy; | |
server_name www.suryaelite.com; | |
return 301 https://suryaelite.com$request_uri; | |
ssl_certificate /etc/letsencrypt/live/suryaelite.com-0001/fullchain.pem; | |
ssl_certificate_key /etc/letsencrypt/live/suryaelite.com-0001/privkey.pem; | |
} | |
server { | |
listen 443 ssl spdy; | |
server_name suryaelite.com; | |
access_log /nginx/suryaelite.access.log; | |
error_log /var/log/nginx/suryaelite.error.log; | |
rewrite_log on; | |
root /var/www/suryaelite/; | |
index index.php index.html index.htm; | |
# SSL | |
ssl_certificate /etc/letsencrypt/live/suryaelite.com-0001/fullchain.pem; | |
ssl_certificate_key /etc/letsencrypt/live/suryaelite.com-0001/privkey.pem; | |
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |
ssl_prefer_server_ciphers on; | |
ssl_ciphers 'AAAAAA+AAAAAA:AAA+AAAAAA:AAAAAA+AAAAAA:AAAAAA+AAA'; | |
location / { | |
try_files $uri $uri/ /index.php?$query_string; | |
} | |
location ~ /.well-known { | |
allow all; | |
} | |
# Pass the PHP scripts to FastCGI server | |
location ~ \.php$ { | |
fastcgi_pass unix:/var/run/php5-fpm.sock; | |
fastcgi_index index.php; | |
fastcgi_intercept_errors on; # to support 404s for PHP files not found | |
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | |
include fastcgi_params; | |
} | |
# Static files. | |
# Set expire headers, Turn off access log | |
location ~* \favicon.ico$ { | |
access_log off; | |
expires 1d; | |
add_header Cache-Control public; | |
} | |
location ~ ^/(img|cjs|ccss)/ { | |
access_log off; | |
expires 7d; | |
add_header Cache-Control public; | |
} | |
# Deny access to .htaccess files, | |
# git & svn repositories, etc | |
location ~ /(\.ht|\.git|\.svn) { | |
deny all; | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment