test_nginx

1. server {
2. server_name load.sytes.net www.load.sytes.net;
3. root /var/www/html/load.sytes.net/public;
4.  
5. index index.php index.html;
6.  
7. access_log /var/log/nginx/load.sytes.net.access.log;
8. error_log /var/log/nginx/load.sytes.net.error.log;
9.  
10. # Prevent access to hidden files
11. location ~* /\.(?!well-known\/) {
12. <------>deny all;
13. }
14.  
15. location /wp-admin {
16. try_files $uri $uri/ =404;
17. auth_basic "Administrator’s Area";
18. auth_basic_user_file /etc/nginx/.htpasswd;.
19. }
20.  
21.  
22. # Prevent access to certain file extensions
23. location ~\.(ini|log|conf)$ {
24. <------>deny all;
25. }
26.  
27. # Enable WordPress Permananent Links
28. location / {
29. <------>try_files $uri $uri/ /index.php?$args;
30. }
31.  
32. location ~ \.php$ {
33. include fastcgi_params;
34. fastcgi_intercept_errors on;
35. fastcgi_pass unix:/run/php/php7.4-fpm.sock;
36. fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
37. }
38.  
39.  
40.  
41. listen 443 ssl; # managed by Certbot
42. ssl_certificate /etc/letsencrypt/live/load.sytes.net/fullchain.pem; # managed by Certbot
43. ssl_certificate_key /etc/letsencrypt/live/load.sytes.net/privkey.pem; # managed by Certbot
44. include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
45. ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
46.  
47.  
48.  
49.  
50.  
51. }
52.  
53.  
54. server {
55. if ($host = load.sytes.net) {
56. return 301 https://$host$request_uri;
57. } # managed by Certbot
58.  
59.  
60. server_name load.sytes.net www.load.sytes.net;
61. listen 80;
62. return 404; # managed by Certbot
63.  
64.  
65. }
66.  
67.  
68.  
69.  
70.  
71.  
72.  
73.  
74.  
75.  
76.  
77.  
78.  
79.  
80.  
81.  
82.  
83.  
84.  
85.  
86.  
87. *************************************************************************************************
88. apt install -y nginx mc sudo
89. systemctl restart nginx
90. systemctl status nginx
91. mkdir -p /web/sites/nginx.sytes.net/{www,log}
92. chown -R www-data. /web/sites/
93. openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048
94.  
95. Малый конфиг для установки ssl
96.  
97. mcedit /etc/nginx/conf.d/nginx.sytes.net.conf
98. server {
99. listen 80;
100. server_name nginx.sytes.net;
101. root /web/sites/nginx.sytes.net/www/;
102. index index.php index.html index.htm;
103. access_log /web/sites/nginx.sytes.net/log/access.log;
104. error_log /web/sites/nginx.sytes.net/log/error.log;
105.  
106. location / {
107. return 301 https://nginx.sytes.net$request_uri;
108. }
109. }
110.  
111.  
112.  
113. sudo apt update
114. sudo apt -y install snapd sudo
115.  
116. sudo snap install core; sudo snap refresh core
117. sudo snap install --classic certbot
118.  
119. sudo ln -s /snap/bin/certbot /usr/bin/certbot
120. sudo certbot --nginx
121.  
122.  
123.  
124. ************************************************************
125. После установки certbot заменить на этот
126.  
127. mcedit /etc/nginx/conf.d/nginx.sytes.net.conf
128.  
129.  
130.  
131. server {
132. listen 80;
133. server_name nginx.sytes.net;
134. access_log /var/log/nginx/nginx.sytes.net-access.log;
135. error_log /var/log/nginx/nginx.sytes.net-error.log;
136. return 301 https://$server_name$request_uri; # редирект обычных запросов на https
137. }
138.  
139. server {
140. listen 443 ssl http2;
141. server_name nginx.sytes.net;
142. access_log /var/log/nginx/nginx.sytes.net-ssl-access.log;
143. error_log /var/log/nginx/nginx.sytes.net-ssl-error.log;
144.  
145.  
146. ssl_certificate /etc/letsencrypt/live/nginx.sytes.net/fullchain.pem;
147. ssl_certificate_key /etc/letsencrypt/live/nginx.sytes.net/privkey.pem;
148. ssl_session_timeout 190m;
149. ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
150. ssl_dhparam /etc/ssl/certs/dhparam.pem;
151. ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
152. ssl_prefer_server_ciphers on;
153. ssl_session_cache shared:SSL:10m;
154.  
155.  
156. location / {
157. proxy_pass http://10.20.7.125:80;
158. proxy_set_header Host $host;
159. }
160. }