NGINX configuration

server {
    listen Your_IP_ADDRESS_HERE:443 http2;
    # If you don't have http2 support, delete http2 here
        server_name domain.com https://www.domain.com;
        root /var/www/domain.com/;
        index index.php index.html index.htm;
        access_log /var/log/nginx/domains/domain.com.log combined;
        error_log /var/log/nginx/domains/domain.com.error.log error;
        add_header Strict-Transport-Security "max-age=31536000; includeSubdomains" always;
        add_header X-Frame-Options SAMEORIGIN;
        add_header X-Content-Type-Options nosniff;
        add_header X-XSS-Protection "1; mode=block";

    # If you dont want SSL, please remove ssl section below and add :80 instead of :443 on top server definition 
        ssl on;
        ssl_certificate /path/to/ssl.pem;
        ssl_certificate_key /path/to/ssl.key;
        ssl_session_timeout 5m;

    # To generate the following DHPARAM.PEM file, run first the following command on the server:
    # openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048
    # Il will take at least 20 minutes!
    # If you don't want it, comment the following line 

        ssl_dhparam /etc/ssl/certs/dhparam.pem; 

        ssl_prefer_server_ciphers on;
        resolver 8.8.8.8;
        ssl_stapling on;
        ssl_trusted_certificate /path/to/ssl.pem;
        # same certificate as up


    location / {
        try_files $uri $uri/ /index.php?/$request_uri;
        add_header Strict-Transport-Security "max-age=31536000; includeSubdomains" always;
        add_header X-Frame-Options SAMEORIGIN;
        add_header X-Content-Type-Options nosniff;
        add_header X-XSS-Protection "1; mode=block";

        location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
        expires max;
    }

    location ~ [^/]\.php(/|$) {
        add_header Strict-Transport-Security "max-age=31536000; includeSubdomains" always;
        add_header X-Frame-Options SAMEORIGIN;
        add_header X-Content-Type-Options nosniff;
        add_header X-XSS-Protection "1; mode=block";
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        if (!-f $document_root$fastcgi_script_name) {
        return 404;
    }
        fastcgi_read_timeout 300;
        fastcgi_pass 127.0.0.1:9002;
        fastcgi_index index.php;
        include /etc/nginx/fastcgi_params;
        # modify this path if OS flavor different than Ubuntu/Debian
    }

    # Optional, disallow access to this directories and folders
    location ~* "/\.(htaccess|htpasswd|git|svn)$" {
        deny all;
        return 404;
    }
}

server {

listen Your_IP_ADDRESS_HERE:443 http2;

# If you don't have http2 support, delete http2 here

server_name domain.com http://www.domain.com;

root /var/www/domain.com/;

index index.php index.html index.htm;

access_log /var/log/nginx/domains/domain.com.log combined;

error_log /var/log/nginx/domains/domain.com.error.log error;

add_header Strict-Transport-Security "max-age=31536000; includeSubdomains" always;

add_header X-Frame-Options SAMEORIGIN;

add_header X-Content-Type-Options nosniff;

add_header X-XSS-Protection "1; mode=block";

# If you dont want SSL, please remove ssl section below and add :80 instead of :443 on top server definition

ssl on;

ssl_certificate /path/to/ssl.pem;

ssl_certificate_key /path/to/ssl.key;

ssl_session_timeout 5m;

# To generate the following DHPARAM.PEM file, run first the following command on the server:

# openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048

# Il will take at least 20 minutes!

# If you don't want it, comment the following line

ssl_dhparam /etc/ssl/certs/dhparam.pem;

ssl_prefer_server_ciphers on;

resolver 8.8.8.8;

ssl_stapling on;

ssl_trusted_certificate /path/to/ssl.pem;

# same certificate as up

location / {

try_files $uri $uri/ /index.php?/$request_uri;

add_header Strict-Transport-Security "max-age=31536000; includeSubdomains" always;

add_header X-Frame-Options SAMEORIGIN;

add_header X-Content-Type-Options nosniff;

add_header X-XSS-Protection "1; mode=block";

location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {

expires max;

}

location ~ [^/]\.php(/|$) {

add_header Strict-Transport-Security "max-age=31536000; includeSubdomains" always;

add_header X-Frame-Options SAMEORIGIN;

add_header X-Content-Type-Options nosniff;

add_header X-XSS-Protection "1; mode=block";

fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

if (!-f $document_root$fastcgi_script_name) {

return 404;

}

fastcgi_read_timeout 300;

fastcgi_pass 127.0.0.1:9002;

fastcgi_index index.php;

include /etc/nginx/fastcgi_params;

# modify this path if OS flavor different than Ubuntu/Debian

}

# Optional, disallow access to this directories and folders

location ~* "/\.(htaccess|htpasswd|git|svn)$" {

deny all;

return 404;

}

Installation

Related Articles

FAQ

Knowledge Base