SHARE
TWEET

Untitled

a guest Jan 21st, 2020 63 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. upstream backend-DOMAINTLD {server unix:/var/run/php7-DOMAINTLD.sock;}
  2.  
  3. server {
  4.     listen 80;
  5.     listen [::]:80;
  6.     server_name domain.tld www.domain.tld;
  7.     rewrite ^(.*)$ https://domain.tld$1 permanent;
  8. }
  9.  
  10. server {
  11.     listen 443 ssl http2;
  12.     listen [::]:443 ssl http2;
  13.     server_name domain.tld;
  14.     add_header Strict-Transport-Security "max-age=63072000";
  15.     add_header X-Frame-Options DENY;
  16.     ssl on;
  17.     ssl_certificate /etc/letsencrypt/live/domain.tld/fullchain.pem;
  18.     ssl_certificate_key /etc/letsencrypt/live/domain.tld/privkey.pem;
  19.     ssl_stapling on;
  20.     ssl_stapling_verify on;
  21.     ssl_trusted_certificate /etc/letsencrypt/live/domain.tld/fullchain.pem;
  22.     resolver 8.8.8.8 8.8.4.4 valid=300s;
  23.     resolver_timeout 3s;
  24.     ssl_session_cache shared:SSL:100m;
  25.     ssl_session_timeout 24h;
  26.     ssl_dhparam /etc/ssl/private/dhparams_2048.pem;
  27.     ssl_ecdh_curve secp384r1;
  28.     ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  29.     ssl_prefer_server_ciphers on;
  30.     ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES1$
  31.  
  32.    root                /var/www/domain.tld/public;
  33.    access_log          /var/log/nginx/domaintld-access.log;
  34.    error_log           /var/log/nginx/domaintld-error.log;
  35.    index               index.php index.html;
  36.    rewrite_log         on;
  37.  
  38.    location / {
  39.        try_files       $uri $uri/ @rewrite;
  40.    }
  41.  
  42.    location @rewrite {
  43.        rewrite         ^/(.*)$ /index.php?q=$1;
  44.    }
  45.  
  46.    location ~ \.php$ {
  47.        include         fastcgi_params;
  48.        fastcgi_param   SCRIPT_FILENAME $document_root$fastcgi_script_name;
  49.        fastcgi_pass    backend-DOMAINTLD;
  50.    }
  51.  
  52.    location ~* ^.+\.(jpg|jpeg|gif|css|png|js|ico|bmp)$ {
  53.       access_log       off;
  54.       expires          10d;
  55.       break;
  56.    }
  57.  
  58.    location ~ /\.ht {
  59.        deny            all;
  60.    }
  61.  
  62. }
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Top