API tools faq
paste
Advertisement
Guest User

myconfnginx

a guest
May 10th, 2017
116
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.47 KB | None | 0 0
raw download clone embed print report
  1. ############### mydomain.tld.conf ###################
  2. server {
  3. listen 80;
  4. listen [::]:80;
  5. server_name mydomain.tld;
  6.  
  7. access_by_lua_file /usr/share/ssowat/access.lua;
  8.  
  9. include conf.d/mydomain.tld.d/*.conf;
  10.  
  11. location /yunohost/admin {
  12. return 301 https://$http_host$request_uri;
  13. }
  14.  
  15. access_log /var/log/nginx/mydomain.tld-access.log;
  16. error_log /var/log/nginx/mydomain.tld-error.log;
  17. }
  18. server {
  19. listen 443 ssl;
  20. listen [::]:443 ssl;
  21. server_name mydomain.tld;
  22.  
  23. ssl_certificate /etc/yunohost/certs/mydomain.tld/crt.pem;
  24. ssl_certificate_key /etc/yunohost/certs/mydomain.tld/key.pem;
  25. ssl_session_timeout 5m;
  26. ssl_session_cache shared:SSL:50m;
  27. ssl_prefer_server_ciphers on;
  28. ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  29. ssl_ciphers ALL:!aNULL:!eNULL:!LOW:!EXP:!RC4:!3DES:+HIGH:+MEDIUM;
  30.  
  31. add_header Strict-Transport-Security "max-age=31536000;";
  32.  
  33. # Uncomment the following directive after DH generation
  34. # > openssl dhparam -out /etc/ssl/private/dh2048.pem -outform PEM -2 2048
  35. #ssl_dhparam /etc/ssl/private/dh2048.pem;
  36.  
  37. access_by_lua_file /usr/share/ssowat/access.lua;
  38.  
  39. include conf.d/mydomain.tld.d/*.conf;
  40.  
  41. include conf.d/yunohost_admin.conf.inc;
  42. include conf.d/yunohost_api.conf.inc;
  43.  
  44. access_log /var/log/nginx/mydomain.tld-access.log;
  45. error_log /var/log/nginx/mydomain.tld-error.log;
  46. }
  47. ############### mydomain.tld.d/webapp.conf ###################
  48. location / {
  49. alias /var/www/my_webapp__2/www/;
  50.  
  51. # Default indexes and catch-all
  52. index index.html index.php;
  53. try_files $uri $uri/ /index.php?$args;
  54.  
  55. # Prevent useless logs
  56. location = /favicon.ico {
  57. log_not_found off;
  58. access_log off;
  59. }
  60. location = /robots.txt {
  61. allow all;
  62. log_not_found off;
  63. access_log off;
  64. }
  65.  
  66. # Deny access to hidden files and directories
  67. location ~ ^/(.+/|)\.(?!well-known\/) {
  68. deny all;
  69. }
  70.  
  71. # Execute and serve PHP files
  72. location ~ [^/]\.php(/|$) {
  73. fastcgi_split_path_info ^(.+?\.php)(/.*)$;
  74. fastcgi_pass unix:/var/run/php5-fpm-my_webapp__2.sock;
  75. fastcgi_index index.php;
  76. include fastcgi_params;
  77. fastcgi_param REMOTE_USER $remote_user;
  78. fastcgi_param PATH_INFO $fastcgi_path_info;
  79. fastcgi_param SCRIPT_FILENAME $request_filename;
  80. }
  81.  
  82. # Include SSOWAT user panel.
  83. include conf.d/yunohost_panel.conf.inc;
  84. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!