mrTimofey/fastcgi-php.conf

## fastcgi-php.conf
index index.php index.html index.htm;

# process all non-existent files with /index.php
location / {
	try_files $uri $uri/ /index.php$is_args$args;
}

# php processing config
location ~ \.php$ {
	try_files $uri /index.php =404;
	fastcgi_split_path_info ^(.+\.php)(/.+)\$;
	fastcgi_pass unix:/run/php/php7.2-fpm.sock;
	fastcgi_index index.php;
	fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
	include fastcgi_params;
}

## simple.conf
server {
	listen 80;
	server_name DOMAIN;
	root PUBLIC_ROOT;
	include snippets/fastcgi-php.conf;
	# access_log ACCESS_LOG_FILE;
	error_log ERROR_LOG_FILE;

	# epiration for statics
	location ~* \.(jpe?g|gif|png|ico|css|pdf|ppt|pptx|doc|docx|txt|bmp|svg|rtf|js|woff2?|ttf|otf)$ {
		access_log off;
		expires 7d;
		try_files $uri /index.php$is_args$args;
	}
}

## ssl-Aplus-http2.conf
# redirect from 80 to 443 (http -> https)
server {
	listen 80;
	listen [::]:80;
	server_name www.DOMAIN DOMAIN;
	return 301 https://DOMAIN$request_uri;
}

# redirect www to non-www
server {
	listen 443;
	listen [::]:443;
	server_name www.DOMAIN;
	return 301 https://DOMAIN$request_uri;
}

# site configuration
server {
	listen 443 default_server ssl http2;
	listen [::]:443 default_server ssl http2;
	server_name DOMAIN;

	root PUBLIC_ROOT;

	ssl on;
	ssl_session_timeout 1h;
	ssl_session_cache shared:SSL:16m;

	ssl_stapling on;
	ssl_stapling_verify on;

	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:DES-CBC3-SHA:!RC4:!aNULL:!eNULL:!MD5:!EXPORT:!EXP:!LOW:!SEED:!CAMELLIA:!IDEA:!PSK:!SRP:!SSLv:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
	ssl_prefer_server_ciphers on;

	ssl_certificate /etc/letsencrypt/live/DOMAIN/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/DOMAIN/privkey.pem;
	ssl_trusted_certificate /etc/letsencrypt/live/DOMAIN/chain.pem;
	ssl_dhparam /etc/letsencrypt/live/DOMAIN/dhparam.pem;

	add_header Strict-Transport-Security "max-age=31536000;" always;

	resolver 8.8.4.4 8.8.8.8 valid=300s;
	resolver_timeout 10s;

	charset utf-8;

	# set expires for static files
	location ~* \.(jpg|jpeg|gif|png|ico|css|pdf|ppt|pptx|doc|docx|txt|bmp|svg|rtf|\.min\.js|woff|woff2|ttf|otf)$ {
		access_log off;
		expires 7d;
		try_files $uri /index.php$is_args$args;
	}

	include snippets/fastcgi-php.conf;

	# access_log ACCESS_LOG_FILE;
	error_log ERROR_LOG_FILE;
}
	index index.php index.html index.htm;

	# process all non-existent files with /index.php
	location / {
	try_files $uri $uri/ /index.php$is_args$args;
	}

	# php processing config
	location ~ \.php$ {
	try_files $uri /index.php =404;
	fastcgi_split_path_info ^(.+\.php)(/.+)\$;
	fastcgi_pass unix:/run/php/php7.2-fpm.sock;
	fastcgi_index index.php;
	fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
	include fastcgi_params;
	}
	server {
	listen 80;
	server_name DOMAIN;
	root PUBLIC_ROOT;
	include snippets/fastcgi-php.conf;
	# access_log ACCESS_LOG_FILE;
	error_log ERROR_LOG_FILE;

	# epiration for statics
	location ~* \.(jpe?g\|gif\|png\|ico\|css\|pdf\|ppt\|pptx\|doc\|docx\|txt\|bmp\|svg\|rtf\|js\|woff2?\|ttf\|otf)$ {
	access_log off;
	expires 7d;
	try_files $uri /index.php$is_args$args;
	}
	}
	# redirect from 80 to 443 (http -> https)
	server {
	listen 80;
	listen [::]:80;
	server_name www.DOMAIN DOMAIN;
	return 301 https://DOMAIN$request_uri;
	}

	# redirect www to non-www
	server {
	listen 443;
	listen [::]:443;
	server_name www.DOMAIN;
	return 301 https://DOMAIN$request_uri;
	}

	# site configuration
	server {
	listen 443 default_server ssl http2;
	listen [::]:443 default_server ssl http2;
	server_name DOMAIN;

	root PUBLIC_ROOT;

	ssl on;
	ssl_session_timeout 1h;
	ssl_session_cache shared:SSL:16m;

	ssl_stapling on;
	ssl_stapling_verify on;

	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:DES-CBC3-SHA:!RC4:!aNULL:!eNULL:!MD5:!EXPORT:!EXP:!LOW:!SEED:!CAMELLIA:!IDEA:!PSK:!SRP:!SSLv:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
	ssl_prefer_server_ciphers on;

	ssl_certificate /etc/letsencrypt/live/DOMAIN/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/DOMAIN/privkey.pem;
	ssl_trusted_certificate /etc/letsencrypt/live/DOMAIN/chain.pem;
	ssl_dhparam /etc/letsencrypt/live/DOMAIN/dhparam.pem;

	add_header Strict-Transport-Security "max-age=31536000;" always;

	resolver 8.8.4.4 8.8.8.8 valid=300s;
	resolver_timeout 10s;

	charset utf-8;

	# set expires for static files
	location ~* \.(jpg\|jpeg\|gif\|png\|ico\|css\|pdf\|ppt\|pptx\|doc\|docx\|txt\|bmp\|svg\|rtf\|\.min\.js\|woff\|woff2\|ttf\|otf)$ {
	access_log off;
	expires 7d;
	try_files $uri /index.php$is_args$args;
	}

	include snippets/fastcgi-php.conf;

	# access_log ACCESS_LOG_FILE;
	error_log ERROR_LOG_FILE;
	}