xXxSPYxXx/site.ru.conf

## site.ru.conf
server{
listen      80;
listen      443 ssl;
server_name site.ru www.site.ru;
ssl         on;

if ( $scheme = "http" ) {
rewrite ^/(.*)$ https://$host/$1 permanent;
}
index index.php index.html;

access_log /var/log/nginx/site.ru.access.log;
error_log /var/log/nginx/site.ru.error.log;

root /var/www/site.ru;

    keepalive_timeout   60;
    ssl_certificate      /etc/nginx/ssl/ssl-unified.crt;
    ssl_certificate_key  /etc/nginx/ssl/site.ru.key;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";
    add_header Strict-Transport-Security 'max-age=604800';

location ~ \.php$ {
try_files $uri = 404;
include fastcgi_params;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param HTTPS on;
}

location /image/data {
        autoindex on;
    }

location /upload {
        autoindex on;
        allow all;
        log_not_found off;
    }

location /admin {
        index index.php;
    }

location / {
        try_files $uri @opencart;
    }

location @opencart {
        rewrite ^/(.+)$ /index.php?_route_=$1 last;
    }

location = /favicon.ico {
        log_not_found off;
        access_log off;
    }

location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }
location ~* \.(xml|csv|xls)$ {
    allow all;
    log_not_found off;
}


# Make sure files with the following extensions do not get loaded by nginx because nginx would display the source code, and these files can contain PASSWORDS!
location ~* \.(engine|inc|info|install|make|module|profile|test|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)$|^(\..*|Entries.*|Repository|Root|Tag|Template)$|\.php_ {
        deny all;
    }

# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
location ~ /\. {
        deny all;
        access_log off;
        log_not_found off;
    }

location ~*  \.(jpg|jpeg|png|gif|css|js|ico)$ {
        expires max;
        log_not_found off;
    }
}
	server{
	listen 80;
	listen 443 ssl;
	server_name site.ru www.site.ru;
	ssl on;

	if ( $scheme = "http" ) {
	rewrite ^/(.*)$ https://$host/$1 permanent;
	}
	index index.php index.html;

	access_log /var/log/nginx/site.ru.access.log;
	error_log /var/log/nginx/site.ru.error.log;

	root /var/www/site.ru;

	keepalive_timeout 60;
	ssl_certificate /etc/nginx/ssl/ssl-unified.crt;
	ssl_certificate_key /etc/nginx/ssl/site.ru.key;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";
	add_header Strict-Transport-Security 'max-age=604800';

	location ~ \.php$ {
	try_files $uri = 404;
	include fastcgi_params;
	fastcgi_pass unix:/var/run/php5-fpm.sock;
	fastcgi_index index.php;
	fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
	fastcgi_param HTTPS on;
	}

	location /image/data {
	autoindex on;
	}

	location /upload {
	autoindex on;
	allow all;
	log_not_found off;
	}

	location /admin {
	index index.php;
	}

	location / {
	try_files $uri @opencart;
	}

	location @opencart {
	rewrite ^/(.+)$ /index.php?_route_=$1 last;
	}

	location = /favicon.ico {
	log_not_found off;
	access_log off;
	}

	location = /robots.txt {
	allow all;
	log_not_found off;
	access_log off;
	}
	location ~* \.(xml\|csv\|xls)$ {
	allow all;
	log_not_found off;
	}


	# Make sure files with the following extensions do not get loaded by nginx because nginx would display the source code, and these files can contain PASSWORDS!
	location ~* \.(engine\|inc\|info\|install\|make\|module\|profile\|test\|po\|sh\|.sql\|theme\|tpl(\.php)?\|xtmpl)$\|^(\..\|Entries.*\|Repository\|Root\|Tag\|Template)$\|\.php_ {
	deny all;
	}

	# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
	location ~ /\. {
	deny all;
	access_log off;
	log_not_found off;
	}

	location ~* \.(jpg\|jpeg\|png\|gif\|css\|js\|ico)$ {
	expires max;
	log_not_found off;
	}
	}