Sign upLogin

AlexR1712/virtualhost

View on GitHub
Star
nginx_host

Summary

Maintainability
Test Coverage



#SSL HTTP2.0 Letsencrypt

server {
    
    listen 80;
    listen [::]:80;
    listen  443 ssl http2;
    listen [::]:443;

    rewrite ^ https://$server_name$request_uri? permanent;
    server_name  $domain;
    root $rootDir;

# Add index.php to the list if you are using PHP

    index index.php index.html index.htm index.nginx-debian.html;    

    error_page  404              /404.html;
    error_page  500 502 503 504  /50x.html;

    access_log  /var/log/nginx/access.log;

    ssl_certificate      /etc/letsencrypt/live/$domain/fullchain.pem;
    ssl_certificate_key  /etc/letsencrypt/live/$domain/privkey.pem;
    ssl_session_timeout  1d;
    ssl_session_cache    shared:SSL:10m;
    ssl_session_tickets  off;
    ssl_stapling         on;
    ssl_stapling_verify  on;

# Generate with:
    # sudo openssl dhparam -out /etc/nginx/dhparam.pem 2048
    ssl_dhparam  /etc/nginx/dhparam.pem;

    ssl_protocols              TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers  on;
    ssl_ciphers                'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';

    add_header  Strict-Transport-Security 'max-age=31536000; includeSubDomains';

    location / {
        try_files $uri $uri/ /index.php;
    }


#PHP7.0 Configuration [ENABLED]

    location ~ \.php$ {

    #   include snippets/fastcgi-php.conf;
    #   fastcgi_pass unix:/var/run/php7.0-fpm.sock;

    try_files $uri =404;
    fastcgi_pass 127.0.0.1:9000;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_index index.php;
    include fastcgi_params;
    }

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    
    location ~ /\.ht {
        deny all;
    }

    location ~ /.well-known {
        allow all;
    }

}