Skip to content

Instantly share code, notes, and snippets.

@chriha

chriha/default.conf

Last active October 19, 2017 09:24
Show Gist options
  • Save chriha/18f450194e70084cd511541ee856f8c9 to your computer and use it in GitHub Desktop.
Save chriha/18f450194e70084cd511541ee856f8c9 to your computer and use it in GitHub Desktop.
Download ZIP
nginx config, force SSL
Raw
default.conf
# force https
server {
listen 80;
server_tokens off;
server_name domain.com www.domain.com;
location / {
return 301 https://www.domain.com$request_uri;
}
}
# force www
server {
listen 443 ssl http2;
server_name domain.com;
return 301 https://www.domain.com$request_uri;
}
server {
listen 443 ssl http2;
server_tokens off;
server_name www.domain.com;
root /var/www/current/public;
charset utf-8;
client_max_body_size 75M;
error_page 404 /404.html;
error_log /var/log/nginx/domain.com.ssl.error.log;
access_log /var/log/nginx/domain.com.ssl.access.log;
ssl on;
ssl_certificate /etc/nginx/ssl/domain.com/fullchain.pem;
ssl_certificate_key /etc/nginx/ssl/domain.com/privkey.pem;
ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
add_header Strict-Transport-Security max-age=63072000;
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
location / {
try_files $uri $uri/ =404;
auth_basic "Restricted Content";
auth_basic_user_file /etc/nginx/.htpasswd;
rewrite "^/([a-z]{2})/nox/(.+?)/(.+?)" /$1/nox/ break;
rewrite "^/([a-z]{2})/nox/(.+?)/" /$1/ redirect;
rewrite "^/([a-z]{2})/nox$" /$1/ redirect;
rewrite ^/$ /de/ redirect;
rewrite ^/$ /en/ redirect;
}
location ~ \.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_param HTTPS on;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param modHeadersAvailable true;
fastcgi_param MOD_X_ACCEL_REDIRECT_ENABLED on;
fastcgi_pass sla-handler;
}
gzip on;
gzip_types *;
}
Raw
nginx.conf
server {
listen 80;
server_name _;
# force SSL
return 301 https://$server_name$request_uri;
}
server {
listen 443 default_server ssl;
server_name .domain.com;
root /var/www/public;
index index.php index.html index.htm;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;
#fast_cgi_pass 127.0.0.1:9000
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_intercept_errors off;
fastcgi_buffer_size 16k;
fastcgi_buffers 4 16k;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
}
location ~ /\.ht {
deny all;
}
ssl on;
ssl_certificate /etc/nginx/ssl/localhost.crt;
ssl_certificate_key /etc/nginx/ssl/localhost.key;
client_max_body_size 16M;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment