Created
May 11, 2018 20:42
-
-
Save nekocentral/856c67c6242748ad731f388f26199b90 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
server { | |
listen *:80; | |
listen [::]:80; | |
server_name sitischu.com; | |
#Redirect to HTTPS | |
if ($scheme = http) {return 301 https://$server_name$request_uri;} | |
} | |
server{ | |
listen *:80; | |
listen *:443 ssl http2; | |
listen [::]:80; | |
listen [::]:443 ssl http2; | |
ssl_certificate /certs/sitischu.com/fullchain.cer; | |
ssl_certificate_key /certs/sitischu.com/sitischu.com.key; | |
server_name www.sitischu.com; | |
#Redirect to non-www | |
rewrite ^(.*) https://sitischu.com$1 permanent; | |
# SSL Protocol and Ciphers and other settings | |
include /etc/nginx/snippets/ssl_settings.conf; | |
#OCSP Stapling | |
ssl_trusted_certificate /certs/sitischu.com/ca.cer; # OCSP Pinning | |
include /etc/nginx/snippets/ocsp.conf; | |
} | |
server{ | |
#Headers | |
include /etc/nginx/snippets/headers.conf; | |
#Listener | |
listen *:443 ssl http2 default_server; | |
listen [::]:443 ssl http2 default_server; | |
server_name sitischu.com; | |
# Certificate and Private Key | |
ssl_certificate /certs/sitischu.com/fullchain.cer; | |
ssl_certificate_key /certs/sitischu.com/sitischu.com.key; | |
# Log Locations | |
access_log /var/log/nginx/sitischu.com/access.log; | |
error_log /var/log/nginx/sitischu.com/error.log; | |
# Root and Index | |
root /var/www/sitischu.com; | |
index index.html index.htm index.php; | |
location / { | |
try_files $uri.htm $uri $uri/ =404; | |
index index.htm index.php; | |
#Exipre header for static files | |
if ($request_uri ~* ".(jpg|jpeg|gif|css|png|htc|ico|js)(\?v=[0-9.]+)?$") {expires 30d;} | |
} | |
#gzip | |
include /etc/nginx/snippets/gzip.conf; | |
# SSL Protocol and Ciphers and other settings | |
include /etc/nginx/snippets/ssl_settings.conf; | |
#OCSP Stapling | |
ssl_trusted_certificate /certs/sitischu.com/ca.cer; # OCSP Cert specific to domain | |
include /etc/nginx/snippets/ocsp.conf; | |
#PHP Defining | |
location ~ [^/]\.php(/|$) { | |
fastcgi_split_path_info ^(.+\.php)(/.+)$; | |
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock; | |
fastcgi_index index.php; | |
include fastcgi.conf; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment