Created
November 13, 2016 22:25
-
-
Save TheNavigat/d51f323b6ff43c55e9a25a19f2767443 to your computer and use it in GitHub Desktop.
nginx config
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| server { | |
| listen 80; | |
| server_name build.patientportal.us; | |
| root /usr/share/nginx/html/ALEX/; | |
| location ~* ^/(assets|uploads|robots\.txt|humans\.txt) { | |
| try_files $uri =404; | |
| } | |
| location /app/thinkfree { | |
| try_files @php @php; | |
| } | |
| location /app/wordpress/ { | |
| try_files @php @php; | |
| } | |
| location /app/sherpacrm { | |
| try_files @php @php; | |
| } | |
| location /app/eldermark { | |
| try_files @php @php; | |
| } | |
| location /app/carevium { | |
| try_files @php @php; | |
| } | |
| location /app/caremerge { | |
| try_files @php @php; | |
| } | |
| location /app/grovo { | |
| try_files @php @php; | |
| } | |
| location @php { | |
| try_files /index.php =404; | |
| fastcgi_split_path_info ^(.+\.php)(/.+)$; | |
| fastcgi_pass unix:/var/run/php5-fpm.sock; | |
| fastcgi_index index.php; | |
| fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | |
| include fastcgi_params; | |
| } | |
| location / { | |
| rewrite ^ https://$http_host$request_uri? permanent; | |
| } | |
| } | |
| server { | |
| listen 443 default_server; | |
| ssl on; | |
| ssl_certificate /etc/letsencrypt/live/build.patientportal.us/fullchain.pem; | |
| ssl_certificate_key /etc/letsencrypt/live/build.patientportal.us/privkey.pem; | |
| ssl_trusted_certificate /etc/letsencrypt/live/build.patientportal.us/chain.pem; | |
| #enables all versions of TLS, but not SSLv2 or 3 which are weak and now deprecated. | |
| ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |
| #Disables all weak ciphers | |
| ssl_ciphers DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:kEDH+AESGCM:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA; | |
| ssl_prefer_server_ciphers on; | |
| root /usr/share/nginx/html/ALEX/; | |
| index index.php index.html; | |
| location /app/thinkfree { | |
| rewrite ^ http://$http_host$request_uri? permanent; | |
| } | |
| location /app/wordpress/ { | |
| rewrite ^ http://$http_host$request_uri? permanent; | |
| } | |
| location /app/sherpacrm { | |
| rewrite ^ http://$http_host$request_uri? permanent; | |
| } | |
| location /app/eldermark { | |
| rewrite ^ http://$http_host$request_uri? permanent; | |
| } | |
| location /app/carevium { | |
| rewrite ^ http://$http_host$request_uri? permanent; | |
| } | |
| location /app/caremerge { | |
| rewrite ^ http://$http_host$request_uri? permanent; | |
| } | |
| location /app/grovo { | |
| rewrite ^ http://$http_host$request_uri? permanent; | |
| } | |
| location ~ \.ht { | |
| deny all; | |
| } | |
| location / { | |
| try_files /index.php =404; | |
| fastcgi_split_path_info ^(.+\.php)(/.+)$; | |
| fastcgi_pass unix:/var/run/php5-fpm.sock; | |
| fastcgi_index index.php; | |
| fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | |
| include fastcgi_params; | |
| } | |
| location ~* ^/(assets|uploads|robots\.txt) { | |
| try_files $uri /index.php; | |
| } | |
| } | |
| server { | |
| listen 8000 default_server; | |
| listen [::]:8080 default_server ipv6only=on; | |
| root /usr/share/nginx/html/phpmyadmin/; | |
| index index.php index.html; | |
| server_name 54.153.63.180; | |
| client_max_body_size 20M; | |
| ssl on; | |
| ssl_certificate /etc/letsencrypt/live/build.patientportal.us/fullchain.pem; | |
| ssl_certificate_key /etc/letsencrypt/live/build.patientportal.us/privkey.pem; | |
| ssl_trusted_certificate /etc/letsencrypt/live/build.patientportal.us/chain.pem; | |
| #enables all versions of TLS, but not SSLv2 or 3 which are weak and now deprecated. | |
| ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |
| #Disables all weak ciphers | |
| ssl_ciphers DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:kEDH+AESGCM:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA; | |
| ssl_prefer_server_ciphers on; | |
| # set expiration of assets to MAX for caching | |
| location ~* \.(ico|css|js|gif|jpe?g|png)(\?[0-9]+)?$ { | |
| expires max; | |
| log_not_found off; | |
| } | |
| location / { | |
| # Check if a file or directory index file exists, else route it to index.php. | |
| try_files $uri $uri/ /index.php; | |
| } | |
| location ~ \.php$ { | |
| try_files $uri ''; | |
| fastcgi_split_path_info ^(.+\.php)(/.+)$; | |
| fastcgi_pass unix:/var/run/php5-fpm.sock; | |
| fastcgi_index index.php; | |
| fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | |
| include fastcgi_params; | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment