Let's EncryptでSSL対応+HTTP2対応したときの設定

nginx__site-availables__example.com.conf

server {
	listen					443 ssl http2;
    
	server_name				example.com;
	error_log				/var/log/nginx/error.log;
	access_log				/var/log/nginx/access.log main;

	root					/var/www/example.com/public;
	index					index.html;

	ssl						on;
	ssl_certificate			/etc/letsencrypt/live/example.com/fullchain.pem;
	#ssl_certificate_key	/etc/letsencrypt/live/example.com/privkey.pem;
	# See also about following includes https://gist.github.com/anon5r/d3e2de229049a281ebaf
	include ssl_common.conf;
	add_header				Content-Security-Policy		upgrade-insecure-requests;
	
	# gzip settings
	gzip				on;
	gzip_min_length		1100;
	gzip_buffers		4 8k;
	gzip_types			text/plain text/xml text/css text/javascript application/x-javascript image/png image/jpeg image/gif;
	gzip_disable		"msie6";
	gzip_vary			on;

	output_buffers		1 32k;
	if_modified_since	before;
	client_header_buffer_size	2k;
	large_client_header_buffers	4 8k;
    
	location / {
		allow		all;
		try_files $uri $uri/ /index.php?$args;
	}
	
	location /favion.ico {
		log_not_found off;
	}
}

server {
	listen			80;
	server_name		www.example.com;
	return 301 https://example.com$request_uri;
}

server {
	listen			80;
	server_name		example.com;
	return 301 https://example.com$request_uri;
}

See also https://gist.github.com/anon5r/d3e2de229049a281ebaf