Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
simplesaml nginx config
server {
listen 80;
server_name www.{{WEBSITE}}.com {{WEBSITE}}.com;
return 301 https://{{WEBSITE}}.com$request_uri;
}
server {
error_log /var/log/nginx/{{WEBSITE}}.log warn;
access_log /var/log/nginx/{{WEBSITE}}.access;
listen 443 ssl http2;
listen [::]:443 ssl;
server_name {{WEBSITE}}.com www.{{WEBSITE}}.com;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_ecdh_curve secp384r1;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
ssl_certificate /etc/letsencrypt/live/{{WEBSITE}}.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{WEBSITE}}.com/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
root /path/to/web;
index index.php;
location / {
try_files $uri /index.php$is_args$args;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.3-fpm.sock;
fastcgi_param SIMPLESAMLPHP_CONFIG_DIR /path/to/simplesamlphp/config;
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.