Last active
June 13, 2020 10:06
-
-
Save martignoni/1192999b117ee497b14af395ff246ae7 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Default nginx vhost configuration | |
# | |
server { | |
listen 80; | |
listen [::]:80; | |
# Change server_name to real (sub-)domain name of web site. | |
server_name vhost.domain.org; | |
# Rule for legitimate ACME Challenge requests | |
location ^~ /.well-known/acme-challenge/ { | |
default_type "text/plain"; | |
# this can be any directory, but this name keeps it clear | |
root /var/www/letsencrypt; | |
} | |
# Hide /acme-challenge subdirectory and return 404 on all requests. | |
# It is somewhat more secure than letting Nginx return 403. | |
# Ending slash is important! | |
location = /.well-known/acme-challenge/ { | |
return 404; | |
} | |
# Redirect all other requests to https. | |
location / { | |
return 301 https://$server_name$request_uri; | |
} | |
} | |
server { | |
# SSL configuration | |
listen 443 ssl; | |
listen [::]:443 ssl; | |
# Change server_name to real (sub-)domain name of web site. | |
server_name vhost.domain.org; | |
# Change server_name to real (sub-)domain name of web site. | |
ssl_certificate /etc/letsencrypt/live/vhost.domain.org/fullchain.pem; | |
ssl_certificate_key /etc/letsencrypt/live/vhost.domain.org/privkey.pem; | |
root /var/www/vhost.domain.org/html; | |
# Add index.php to the list if you are using PHP | |
index index.html index.htm index.nginx-debian.html; | |
location / { | |
# First attempt to serve request as file, then | |
# as directory, then fall back to displaying a 404. | |
try_files $uri $uri/ =404; | |
} | |
# pass PHP scripts to FastCGI server | |
location ~ \.php$ { | |
include snippets/fastcgi-php.conf; | |
# With php-fpm (or other unix sockets): | |
fastcgi_pass unix:/var/run/php/php7.3-fpm.sock; | |
} | |
location ~* \.(?:ico|css|js|gif|jpe?g|png|ttf|ttc|otf|eot|woff|woff2)$ { | |
expires modified 30d; | |
add_header Pragma public; | |
add_header Cache-Control "public"; | |
} | |
# deny access to .htaccess files, if Apache's document root | |
# concurs with nginx's one | |
location ~ /\.ht { | |
deny all; | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment