Skip to content

Instantly share code, notes, and snippets.

@ziadoz ziadoz/example.com.conf

Last active Jul 5, 2020
Embed
What would you like to do?
PHP/Laravel Nginx HTTP2/SSL Configuration
# HTTP to HTTPS
server {
listen 80;
listen [::]:80 ipv6only=on;
server_name example.com;
return 301 https://example.com$request_uri;
}
# Non-WWW to WWW
server {
listen 443 ssl http2;
listen [::]:443 ssl http2 ipv6only=on;
server_name example.com;
ssl on;
ssl_certificate /var/www/vhosts/example.com/vhosts/example.com.crt;
ssl_certificate_key /var/www/vhosts/example.com/vhosts/example.com.key;
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
return 301 https://www.example.com$request_uri;
}
# Configuration
server {
charset utf-8;
listen 443 ssl http2;
listen [::]:443 ssl http2 ipv6only=on;
server_name example.com;
ssl on;
ssl_certificate /var/www/vhosts/example.com/vhosts/example.com.crt;
ssl_certificate_key /var/www/vhosts/example.com/vhosts/example.com.key;
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
root /var/www/vhosts/example.com/public;
index index.html index.php;
sendfile off;
access_log /var/log/nginx/example.com-access.log;
error_log /var/log/nginx/example.com-error.log error;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
include fastcgi_params;
}
# Block Well Known ACME
location ~ /\.(?!well-known).* {
deny all;
}
# Block Git
location ~ /\.git {
deny all;
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.