Created
May 26, 2016 07:24
-
-
Save bajpangosh/5f3d623b0171aba8775a9b5a7f0624c4 to your computer and use it in GitHub Desktop.
WordPress+Cloudflare Full SSL - Nginx Configuration
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# HTTP Server | |
server { | |
listen 80; | |
server_name yourwebsitename.com www.yourwebsitename.com; | |
rewrite ^ https://$server_name$request_uri permanent; | |
} | |
# HTTPS Server | |
server { | |
listen 443; | |
server_name yourwebsitename.com www.yourwebsitename.com; | |
root /usr/share/nginx/html; | |
index index.php; | |
error_log /var/log/nginx/yourwebsitename.com.log crit; | |
ssl on; | |
ssl_certificate /etc/nginx/ssl/yourwebsitename.com.crt; | |
ssl_certificate_key /etc/nginx/ssl/yourwebsitename.com.key; | |
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # do not use SSLv3 ref: POODLE | |
client_max_body_size 20M; | |
location / { | |
try_files $uri $uri/ /index.php; | |
} | |
location ~ \.php$ { | |
fastcgi_split_path_info ^(.+\.php)(/.+)$; | |
fastcgi_pass unix:/var/run/php5-fpm.sock; | |
fastcgi_index index.php; | |
include fastcgi_params; | |
} | |
location /doc/ { | |
alias /usr/share/doc/; | |
autoindex on; | |
allow 127.0.0.1; | |
deny all; | |
} | |
location ~/\.ht { | |
deny all; | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Enable full SSL in CloudFlare
https://www.cloudflare.com/a/crypto/
Generate SSL keys for vps
sudo openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout /etc/nginx/ssl/yourwebsitename.com.key -out /etc/nginx/ssl/yourwebsitename.com.crt
Clear default config & add above config
sudo nano /etc/nginx/sites-available/default
save it.
service nginx reload