ziadoz/example.com.conf

## example.com.conf
# HTTP to HTTPS
server {
    listen 80;
    listen [::]:80 ipv6only=on;

    server_name example.com;

    return 301 https://example.com$request_uri;
}

# Non-WWW to WWW
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2 ipv6only=on;

    server_name example.com;

    ssl on;
    ssl_certificate /var/www/vhosts/example.com/vhosts/example.com.crt;
    ssl_certificate_key /var/www/vhosts/example.com/vhosts/example.com.key;
    ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;

    return 301 https://www.example.com$request_uri;
}

# Configuration
server {
    charset utf-8;

    listen 443 ssl http2;
    listen [::]:443 ssl http2 ipv6only=on;
    server_name example.com;

    ssl on;
    ssl_certificate /var/www/vhosts/example.com/vhosts/example.com.crt;
    ssl_certificate_key /var/www/vhosts/example.com/vhosts/example.com.key;
    ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;

    root /var/www/vhosts/example.com/public;
    index index.html index.php;
    sendfile off;

    access_log /var/log/nginx/example.com-access.log;
    error_log  /var/log/nginx/example.com-error.log error;

    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Content-Type-Options "nosniff";

    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    location = /favicon.ico { access_log off; log_not_found off; }
    location = /robots.txt  { access_log off; log_not_found off; }

    error_page 404 /index.php;

    location ~ \.php$ {
        fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
        include fastcgi_params;
    }

    # Block Well Known ACME
    location ~ /\.(?!well-known).* {
        deny all;
    }

    # Block Git
    location ~ /\.git {
        deny all;
    }
}
	# HTTP to HTTPS
	server {
	listen 80;
	listen [::]:80 ipv6only=on;

	server_name example.com;

	return 301 https://example.com$request_uri;
	}

	# Non-WWW to WWW
	server {
	listen 443 ssl http2;
	listen [::]:443 ssl http2 ipv6only=on;

	server_name example.com;

	ssl on;
	ssl_certificate /var/www/vhosts/example.com/vhosts/example.com.crt;
	ssl_certificate_key /var/www/vhosts/example.com/vhosts/example.com.key;
	ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;

	return 301 https://www.example.com$request_uri;
	}

	# Configuration
	server {
	charset utf-8;

	listen 443 ssl http2;
	listen [::]:443 ssl http2 ipv6only=on;
	server_name example.com;

	ssl on;
	ssl_certificate /var/www/vhosts/example.com/vhosts/example.com.crt;
	ssl_certificate_key /var/www/vhosts/example.com/vhosts/example.com.key;
	ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;

	root /var/www/vhosts/example.com/public;
	index index.html index.php;
	sendfile off;

	access_log /var/log/nginx/example.com-access.log;
	error_log /var/log/nginx/example.com-error.log error;

	add_header X-Frame-Options "SAMEORIGIN";
	add_header X-XSS-Protection "1; mode=block";
	add_header X-Content-Type-Options "nosniff";

	location / {
	try_files $uri $uri/ /index.php?$query_string;
	}

	location = /favicon.ico { access_log off; log_not_found off; }
	location = /robots.txt { access_log off; log_not_found off; }

	error_page 404 /index.php;

	location ~ \.php$ {
	fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
	fastcgi_index index.php;
	fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
	include fastcgi_params;
	}

	# Block Well Known ACME
	location ~ /\.(?!well-known).* {
	deny all;
	}

	# Block Git
	location ~ /\.git {
	deny all;
	}
	}