Created
October 6, 2016 18:10
-
-
Save brewn/1ef4a8e17e207dcf533130e699c2db8a to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
server { | |
listen 8080; | |
listen [::]:8080; | |
server_name example.com; | |
return 301 http://www.example.com$request_uri; | |
} | |
server { | |
listen 8080; | |
listen [::]:8080; | |
server_name www.example.com; | |
root /usr/share/nginx/html; | |
port_in_redirect off; | |
index index.php; | |
location / { | |
try_files $uri $uri/ /index.php?$args; | |
} | |
location ~ \.php$ { | |
try_files $uri =404; | |
fastcgi_split_path_info ^(.+\.php)(/.+)$; | |
fastcgi_pass unix:/var/run/php5-fpm.sock; | |
fastcgi_index index.php; | |
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | |
include fastcgi_params; | |
} | |
} | |
server { | |
listen 443 ssl; | |
listen [::]:443 ssl; | |
server_name www.example.com example.com; | |
port_in_redirect off; | |
ssl on; | |
ssl_certificate /etc/ssl/root_bundle.crt; | |
ssl_certificate_key /etc/ssl/example.key; | |
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS; | |
ssl_prefer_server_ciphers on; | |
ssl_session_cache shared:SSL:20m; | |
ssl_session_timeout 60m; | |
add_header Strict-Transport-Security "max-age=31536000"; | |
add_header X-Content-Type-Options nosniff; | |
location / { | |
proxy_pass http://127.0.0.1:80; | |
proxy_set_header Host $http_host; | |
proxy_set_header X-Forwarded-Host $http_host; | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header X-Forwarded-Proto https; | |
proxy_set_header HTTPS "on"; | |
access_log /var/log/nginx/example/logs/access.log; | |
error_log /var/log/nginx/example.com.error.log notice; | |
} | |
} | |
server { | |
listen 8080; | |
listen [::]:8080; | |
server_name www.example.com example.com; | |
root /usr/share/nginx/html | |
index index.php index.html index.htm; | |
port_in_redirect off; | |
ssl on; | |
ssl_certificate /etc/ssl/root_bundle.crt; | |
ssl_certificate_key /etc/ssl/example.key; | |
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS; | |
ssl_prefer_server_ciphers on; | |
ssl_session_cache shared:SSL:20m; | |
ssl_session_timeout 60m; | |
location / { | |
try_files $uri $uri/ /index.php?$args; | |
} | |
location ~ \.php$ { | |
try_files $uri =404; | |
fastcgi_split_path_info ^(.+\.php)(/.+)$; | |
include fastcgi_params; | |
fastcgi_index index.php; | |
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | |
fastcgi_param HTTPS on; | |
fastcgi_pass unix:/var/run/php5-fpm.sock; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment