# www to non-www redirect -- duplicate content is BAD:# https://github.com/h5b

1. # www to non-www redirect -- duplicate content is BAD:
2. # https://github.com/h5bp/html5-boilerplate/blob/5370479476dceae7cc3ea105946536d6bc0ee468/.htaccess#L362
3. # Choose between www and non-www, listen on the *wrong* one and redirect to
4. # the right one -- http://wiki.nginx.org/Pitfalls#Server_Name
5.  
6. # rewrite to HTTPS
7. server {
8. listen 80;
9. listen [::]:80;
10.  
11. server_name www.pathfinder-w.space;
12. return 301 https://$server_name$request_uri;
13. }
14.  
15. # rewrite HTTPS to www.HTTPS
16. server{
17. listen 80;
18. listen [::]:80;
19. listen 443 ssl http2;
20. listen [::]:443 ssl http2;
21.  
22. server_name pathfinder-w.space;
23.  
24. # SSL =======================================================================================================================
25. # Certificate path
26. ssl_certificate /var/www/pathfinder-w.space/ssl/www.pathfinder-w.space.chained.crt;
27. ssl_certificate_key /var/www/pathfinder-w.space/ssl/pathfinder-w.space.key;
28.  
29. return 301 https://www.$server_name$request_uri;
30. }
31.  
32. # listen to HTTP:/www.dev.pathfinder-w.space
33. server {
34. listen [::]:443 ssl http2;
35. listen 443 ssl http2 backlog=16384 reuseport;
36.  
37. # The host name to respond
38. server_name www.pathfinder-w.space;
39.  
40. # Path to static files
41. root /var/www/pathfinder-w.space/public_html;
42. # index index.php index.html index.htm;
43.  
44. # Specify a charset
45. charset utf-8;
46.  
47. # SSL =======================================================================================================================
48. # Certificate root
49. ssl_certificate /var/www/pathfinder-w.space/ssl/www.pathfinder-w.space.chained.crt;
50. ssl_certificate_key /var/www/pathfinder-w.space/ssl/pathfinder-w.space.key;
51.  
52. # Include the basic SSL h5bp config set
53. #include h5bp/directive-only/ssl.conf;
54.  
55. # Logging ===================================================================================================================
56. access_log /var/www/pathfinder-w.space/public_html/logs/nginx_access.log main_ext if=$log_production;
57. error_log /var/www/pathfinder-w.space/public_html/logs/nginx_error.log warn;
58.  
59. location / {
60. # auth_basic "Admin Login";
61. # auth_basic_user_file /etc/nginx/admin_pass;
62. index index.php;
63. try_files $uri $uri/ /index.php?$query_string;
64. }
65.  
66. # Protct /setup with password
67. location /setup {
68. auth_basic "Setup Login";
69. auth_basic_user_file /etc/nginx/.setup_pass;
70. try_files $uri $uri/ /index.php?$query_string;
71. }
72.  
73. # PHP socket configuration
74. location ~ \.php$ {
75. try_files $uri =404;
76. fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
77. fastcgi_index index.php;
78. fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
79.  
80. # CGI caching
81. #fastcgi_cache MYAPP;
82. #fastcgi_cache_valid 200 60m;
83.  
84. include fastcgi_params;
85. }
86.  
87. # static sources
88. location /public/ {
89. sendfile on;
90. tcp_nopush on;
91. tcp_nodelay on;
92. keepalive_timeout 10s;
93. sendfile_max_chunk 512k;
94. }
95.  
96. # WebSocket ReverseProxy setup [optional]
97. location /ws/map/update {
98. proxy_pass http://ws_prod_map_update;
99. proxy_http_version 1.1;
100. proxy_set_header Upgrade $http_upgrade;
101. proxy_set_header Connection $connection_upgrade;
102. proxy_set_header Host $host;
103.  
104. proxy_set_header X-Forwarded-For $remote_addr;
105. proxy_set_header X-Forwarded-Host $host;
106. proxy_set_header X-Forwarded-Port $server_port;
107. proxy_set_header X-Forwarded-Proto $scheme;
108.  
109. proxy_read_timeout 8h;
110. proxy_send_timeout 5s;
111. proxy_connect_timeout 3s;
112. proxy_buffering off;
113. }
114.  
115. # Include the basic h5bp config set
116. include h5bp/basic.conf;
117. }