Last active
July 7, 2022 11:06
-
-
Save xXxSPYxXx/8908402 to your computer and use it in GitHub Desktop.
OpenCart, OcStore Nginx config whis SSL
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
server{ | |
listen 80; | |
listen 443 ssl; | |
server_name site.ru www.site.ru; | |
ssl on; | |
if ( $scheme = "http" ) { | |
rewrite ^/(.*)$ https://$host/$1 permanent; | |
} | |
index index.php index.html; | |
access_log /var/log/nginx/site.ru.access.log; | |
error_log /var/log/nginx/site.ru.error.log; | |
root /var/www/site.ru; | |
keepalive_timeout 60; | |
ssl_certificate /etc/nginx/ssl/ssl-unified.crt; | |
ssl_certificate_key /etc/nginx/ssl/site.ru.key; | |
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"; | |
add_header Strict-Transport-Security 'max-age=604800'; | |
location ~ \.php$ { | |
try_files $uri = 404; | |
include fastcgi_params; | |
fastcgi_pass unix:/var/run/php5-fpm.sock; | |
fastcgi_index index.php; | |
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | |
fastcgi_param HTTPS on; | |
} | |
location /image/data { | |
autoindex on; | |
} | |
location /upload { | |
autoindex on; | |
allow all; | |
log_not_found off; | |
} | |
location /admin { | |
index index.php; | |
} | |
location / { | |
try_files $uri @opencart; | |
} | |
location @opencart { | |
rewrite ^/(.+)$ /index.php?_route_=$1 last; | |
} | |
location = /favicon.ico { | |
log_not_found off; | |
access_log off; | |
} | |
location = /robots.txt { | |
allow all; | |
log_not_found off; | |
access_log off; | |
} | |
location ~* \.(xml|csv|xls)$ { | |
allow all; | |
log_not_found off; | |
} | |
# Make sure files with the following extensions do not get loaded by nginx because nginx would display the source code, and these files can contain PASSWORDS! | |
location ~* \.(engine|inc|info|install|make|module|profile|test|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)$|^(\..*|Entries.*|Repository|Root|Tag|Template)$|\.php_ { | |
deny all; | |
} | |
# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac). | |
location ~ /\. { | |
deny all; | |
access_log off; | |
log_not_found off; | |
} | |
location ~* \.(jpg|jpeg|png|gif|css|js|ico)$ { | |
expires max; | |
log_not_found off; | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment