server { listen 80; index index.php; server_name kilobytes.fr www.kilobyte

1. server {
2. listen 80;
3. index index.php;
4. server_name kilobytes.fr www.kilobytes.fr;
5. return 301 https://$server_name$request_uri; #Redirection
6. access_log /var/log/nginx/kilobytes.fr.access_log;
7. error_log /var/log/nginx/kilobytes.fr.error_log;
8. }
9.  
10. server {
11. listen 443 ssl http2;
12. server_name kilobytes.fr wwww.kilobytes.fr;
13. root /usr/share/nginx/html;
14. ssl_protocols TLSv1.2;
15. ssl_certificate /etc/letsencrypt/live/kilobytes.fr/fullchain.pem;
16. ssl_certificate_key /etc/letsencrypt/live/kilobytes.fr/privkey.pem;
17.  
18. location / {
19. try_files $uri $uri/ /index.php?q=$uri&$args;
20. }
21.  
22. location ~ \.php$ {
23. try_files $uri $uri/ /index.php?q=$uri&$args;
24. fastcgi_pass unix:/run/php/php7.0-fpm.sock;
25. fastcgi_index index.php;
26. fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
27. include fastcgi_params;
28. satisfy any;
29. allow all;
30. }
31.  
32.  
33. ## Diffie-Hellman
34. ssl_ecdh_curve secp384r1;
35.  
36. ## Ciphers
37. ssl_ciphers EECDH+AESGCM:EECDH+AES;
38. ssl_prefer_server_ciphers on;
39.  
40. # OCSP Stapling
41. ssl_trusted_certificate /etc/letsencrypt/live/kilobytes.fr/chain.pem;
42. resolver 80.67.169.12 80.67.169.40 valid=300s;
43. resolver_timeout 5s;
44. ssl_stapling on;
45. ssl_stapling_verify on;
46.  
47. ## TLS parameters
48. ssl_session_cache shared:SSL:10m;
49. ssl_session_timeout 5m;
50. ssl_session_tickets off;
51.  
52. ## HSTS
53. add_header Strict-Transport-Security "max-age=15552000; includeSubdomains; preload";
54. }