Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
###############################
# /etc/nginx/nginx.conf
###############################
user www-data;
worker_processes auto;
pid /run/nginx.pid;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_buffer_size 4k;
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_certificate /etc/letsencrypt/live/www.domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.domain.com/privkey.pem;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 5m;
ssl_session_tickets on;
ssl_session_ticket_key /etc/ssl/session_ticket.key;
ssl_dhparam /etc/ssl/dhparam.pem;
ssl_stapling on;
# ssl_trusted_certificate /etc/ssl/certs/ca-certificates.crt;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
##
# Headers
##
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains" always;
add_header X-Frame-Options "DENY" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Content-Security-Policy "default-src 'none'; script-src 'self' https://code.jquery.com; img-src 'self' https://ghost.org; style-src 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self'; form-action 'self'";
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}
########################################
# /etc/nginx/sites-available/default
########################################
server {
listen 80;
server_name domain.com;
return 301 https://www.$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name domain.com;
return 301 $scheme://www.$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name www.domain.com;
root /var/www/domain.com/public;
index index.php;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
location ~ \.php$ {
include snippets/fastcgi-php.conf;
}
location ~ /\.ht {
deny all;
}
}
server {
listen 80;
server_name status.domain.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name status.domain.com;
root /var/www/cachet/public;
index index.php;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
location ~ \.php$ {
include snippets/fastcgi-php.conf;
}
location ~ /\.ht {
deny all;
}
}
server {
listen 80;
server_name pma.domain.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name pma.domain.com;
root /var/www/phpmyadmin;
index index.php;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
location ~ \.php$ {
include snippets/fastcgi-php.conf;
}
location ~ /\.ht {
deny all;
}
}
server {
listen 80;
server_name bootstrap.domain.com;
root /var/www/bootstrap/docs/_site;
index index.html;
rewrite ^(.+)/+$ $1;
rewrite ^(.+)/index.html$ $1;
location / {
try_files $uri/index.html $uri $uri.html =404;
}
}
##############################
# /etc/nginx/snippets/fastcgi-php.conf
##############################
# regex to split $uri to $fastcgi_script_name and $fastcgi_path
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# Check that the PHP script exists before passing it
try_files $uri /index.php =404;
# Bypass the fact that try_files resets $fastcgi_path_info
# see: http://trac.nginx.org/nginx/ticket/321
set $path_info $fastcgi_path_info;
fastcgi_param PATH_INFO $path_info;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment