Advertisement
Guest User

myconfnginx

a guest
May 10th, 2017
82
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. ############### mydomain.tld.conf ###################
  2. server {
  3. listen 80;
  4. listen [::]:80;
  5. server_name mydomain.tld;
  6.  
  7. access_by_lua_file /usr/share/ssowat/access.lua;
  8.  
  9. include conf.d/mydomain.tld.d/*.conf;
  10.  
  11. location /yunohost/admin {
  12. return 301 https://$http_host$request_uri;
  13. }
  14.  
  15. access_log /var/log/nginx/mydomain.tld-access.log;
  16. error_log /var/log/nginx/mydomain.tld-error.log;
  17. }
  18. server {
  19. listen 443 ssl;
  20. listen [::]:443 ssl;
  21. server_name mydomain.tld;
  22.  
  23. ssl_certificate /etc/yunohost/certs/mydomain.tld/crt.pem;
  24. ssl_certificate_key /etc/yunohost/certs/mydomain.tld/key.pem;
  25. ssl_session_timeout 5m;
  26. ssl_session_cache shared:SSL:50m;
  27. ssl_prefer_server_ciphers on;
  28. ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  29. ssl_ciphers ALL:!aNULL:!eNULL:!LOW:!EXP:!RC4:!3DES:+HIGH:+MEDIUM;
  30.  
  31. add_header Strict-Transport-Security "max-age=31536000;";
  32.  
  33. # Uncomment the following directive after DH generation
  34. # > openssl dhparam -out /etc/ssl/private/dh2048.pem -outform PEM -2 2048
  35. #ssl_dhparam /etc/ssl/private/dh2048.pem;
  36.  
  37. access_by_lua_file /usr/share/ssowat/access.lua;
  38.  
  39. include conf.d/mydomain.tld.d/*.conf;
  40.  
  41. include conf.d/yunohost_admin.conf.inc;
  42. include conf.d/yunohost_api.conf.inc;
  43.  
  44. access_log /var/log/nginx/mydomain.tld-access.log;
  45. error_log /var/log/nginx/mydomain.tld-error.log;
  46. }
  47. ############### mydomain.tld.d/webapp.conf ###################
  48. location / {
  49. alias /var/www/my_webapp__2/www/;
  50.  
  51. # Default indexes and catch-all
  52. index index.html index.php;
  53. try_files $uri $uri/ /index.php?$args;
  54.  
  55. # Prevent useless logs
  56. location = /favicon.ico {
  57. log_not_found off;
  58. access_log off;
  59. }
  60. location = /robots.txt {
  61. allow all;
  62. log_not_found off;
  63. access_log off;
  64. }
  65.  
  66. # Deny access to hidden files and directories
  67. location ~ ^/(.+/|)\.(?!well-known\/) {
  68. deny all;
  69. }
  70.  
  71. # Execute and serve PHP files
  72. location ~ [^/]\.php(/|$) {
  73. fastcgi_split_path_info ^(.+?\.php)(/.*)$;
  74. fastcgi_pass unix:/var/run/php5-fpm-my_webapp__2.sock;
  75. fastcgi_index index.php;
  76. include fastcgi_params;
  77. fastcgi_param REMOTE_USER $remote_user;
  78. fastcgi_param PATH_INFO $fastcgi_path_info;
  79. fastcgi_param SCRIPT_FILENAME $request_filename;
  80. }
  81.  
  82. # Include SSOWAT user panel.
  83. include conf.d/yunohost_panel.conf.inc;
  84. }
Advertisement
RAW Paste Data Copied
Advertisement