1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 |
server { listen Your_IP_ADDRESS_HERE:443 http2; # If you don't have http2 support, delete http2 here server_name domain.com http://www.domain.com; root /var/www/domain.com/; index index.php index.html index.htm; access_log /var/log/nginx/domains/domain.com.log combined; error_log /var/log/nginx/domains/domain.com.error.log error; add_header Strict-Transport-Security "max-age=31536000; includeSubdomains" always; add_header X-Frame-Options SAMEORIGIN; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; # If you dont want SSL, please remove ssl section below and add :80 instead of :443 on top server definition ssl on; ssl_certificate /path/to/ssl.pem; ssl_certificate_key /path/to/ssl.key; ssl_session_timeout 5m; # To generate the following DHPARAM.PEM file, run first the following command on the server: # openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048 # Il will take at least 20 minutes! # If you don't want it, comment the following line ssl_dhparam /etc/ssl/certs/dhparam.pem; ssl_prefer_server_ciphers on; resolver 8.8.8.8; ssl_stapling on; ssl_trusted_certificate /path/to/ssl.pem; # same certificate as up location / { try_files $uri $uri/ /index.php?/$request_uri; add_header Strict-Transport-Security "max-age=31536000; includeSubdomains" always; add_header X-Frame-Options SAMEORIGIN; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { expires max; } location ~ [^/]\.php(/|$) { add_header Strict-Transport-Security "max-age=31536000; includeSubdomains" always; add_header X-Frame-Options SAMEORIGIN; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; if (!-f $document_root$fastcgi_script_name) { return 404; } fastcgi_read_timeout 300; fastcgi_pass 127.0.0.1:9002; fastcgi_index index.php; include /etc/nginx/fastcgi_params; # modify this path if OS flavor different than Ubuntu/Debian } # Optional, disallow access to this directories and folders location ~* "/\.(htaccess|htpasswd|git|svn)$" { deny all; return 404; } } |