nginx_conf.d

1. ****************************************************************
2.  
3. server {
4. listen 80;
5. server_name tps.sytes.net;
6. root /web/sites/tps.sytes.net/www/;
7. index index.php index.html index.htm;
8. access_log /web/sites/tps.sytes.net/log/access.log main;
9. error_log /web/sites/tps.sytes.net/log/error.log;
10.  
11. location / {
12. return 301 https://tps.sytes.net$request_uri;
13. }
14.  
15. location ~* ^.+.(js|css|png|jpg|jpeg|gif|ico|woff)$ {
16. return 301 https://tps.sytes.net$request_uri;
17. }
18.  
19. location ~ \.php$ {
20. return 301 https://tps.sytes.net$request_uri;
21. }
22.  
23. location = /favicon.ico {
24. log_not_found off;
25. access_log off;
26. }
27.  
28. location = /robots.txt {
29. rewrite ^ /robots.txt break;
30. allow all;
31. log_not_found off;
32. access_log off;
33. }
34.  
35. location ~ /\.ht {
36. deny all;
37. }
38. }
39.  
40. server {
41. listen 80;
42. server_name www.tps.sytes.net;
43. rewrite ^ https://tps.sytes.net$request_uri? permanent;
44. }
45.  
46. server {
47. listen 443 ssl http2;
48. server_name tps.sytes.net;
49. root /web/sites/tps.sytes.net/www/;
50. index index.php index.html index.htm;
51. access_log /web/sites/tps.sytes.net/log/ssl-access.log main;
52. error_log /web/sites/tps.sytes.net/log/ssl-error.log;
53.  
54. keepalive_timeout 60;
55. ssl_certificate /etc/letsencrypt/live/tps.sytes.net/fullchain.pem;
56. ssl_certificate_key /etc/letsencrypt/live/tps.sytes.net/privkey.pem;
57. ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
58. ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
59. ssl_dhparam /etc/ssl/certs/dhparam.pem;
60. add_header Strict-Transport-Security 'max-age=604800';
61.  
62. location / {
63. try_files $uri $uri/ /index.php?$args;
64. }
65.  
66. location ~* ^.+.(js|css|png|jpg|jpeg|gif|ico|woff)$ {
67. access_log off;
68. expires max;
69. }
70.  
71. location ~ \.php$ {
72. try_files $uri =404;
73. fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
74. #fastcgi_pass 127.0.0.1:9000;
75. fastcgi_index index.php;
76. fastcgi_param DOCUMENT_ROOT /web/sites/tps.sytes.net/www/;
77. fastcgi_param SCRIPT_FILENAME /web/sites/tps.sytes.net/www$fastcgi_script_name;
78. fastcgi_param PATH_TRANSLATED /web/sites/tps.sytes.net/www$fastcgi_script_name;
79. include fastcgi_params;
80. fastcgi_param QUERY_STRING $query_string;
81. fastcgi_param REQUEST_METHOD $request_method;
82. fastcgi_param CONTENT_TYPE $content_type;
83. fastcgi_param CONTENT_LENGTH $content_length;
84. fastcgi_param HTTPS on;
85. fastcgi_intercept_errors on;
86. fastcgi_ignore_client_abort off;
87. fastcgi_connect_timeout 60;
88. fastcgi_send_timeout 180;
89. fastcgi_read_timeout 180;
90. fastcgi_buffer_size 128k;
91. fastcgi_buffers 4 256k;
92. fastcgi_busy_buffers_size 256k;
93. fastcgi_temp_file_write_size 256k;
94. }
95.  
96. location = /favicon.ico {
97. log_not_found off;
98. access_log off;
99. }
100.  
101. location = /robots.txt {
102. allow all;
103. log_not_found off;
104. access_log off;
105. }
106.  
107. location ~ /\.ht {
108. deny all;
109. }
110. }
111.  
112. server {
113. listen 443 ssl http2;
114. server_name www.tps.sytes.net;
115. rewrite ^ https://tps.sytes.net$request_uri? permanent;
116. }
117.  
118.  
119. *************************************************************************************************
120.  
121. server {
122. listen 80;
123. server_name gfx.sytes.net;
124. root /web/sites/gfx.sytes.net/www/;
125. index index.php index.html index.htm;
126. access_log /web/sites/gfx.sytes.net/log/access.log main;
127. error_log /web/sites/gfx.sytes.net/log/error.log;
128.  
129. location / {
130. return 301 https://gfx.sytes.net$request_uri;
131. }
132.  
133. location ~* ^.+.(js|css|png|jpg|jpeg|gif|ico|woff)$ {
134. return 301 https://gfx.sytes.net$request_uri;
135. }
136.  
137. location ~ \.php$ {
138. return 301 https://gfx.sytes.net$request_uri;
139. }
140.  
141. location = /favicon.ico {
142. log_not_found off;
143. access_log off;
144. }
145.  
146. location = /robots.txt {
147. rewrite ^ /robots.txt break;
148. allow all;
149. log_not_found off;
150. access_log off;
151. }
152.  
153. location ~ /\.ht {
154. deny all;
155. }
156. }
157.  
158. server {
159. listen 80;
160. server_name www.gfx.sytes.net;
161. rewrite ^ https://gfx.sytes.net$request_uri? permanent;
162. }
163.  
164. server {
165. listen 443 ssl http2;
166. server_name gfx.sytes.net;
167. root /web/sites/gfx.sytes.net/www/;
168. index index.php index.html index.htm;
169. access_log /web/sites/gfx.sytes.net/log/ssl-access.log main;
170. error_log /web/sites/gfx.sytes.net/log/ssl-error.log;
171.  
172. keepalive_timeout 60;
173. ssl_certificate /etc/letsencrypt/live/gfx.sytes.net/fullchain.pem;
174. ssl_certificate_key /etc/letsencrypt/live/gfx.sytes.net/privkey.pem;
175. ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
176. ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
177. ssl_dhparam /etc/ssl/certs/dhparam.pem;
178. add_header Strict-Transport-Security 'max-age=604800';
179.  
180. location / {
181. try_files $uri $uri/ /index.php?$args;
182. }
183.  
184. location ~* ^.+.(js|css|png|jpg|jpeg|gif|ico|woff)$ {
185. access_log off;
186. expires max;
187. }
188.  
189. location ~ \.php$ {
190. try_files $uri =404;
191. fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
192. #fastcgi_pass 127.0.0.1:9000;
193. fastcgi_index index.php;
194. fastcgi_param DOCUMENT_ROOT /web/sites/gfx.sytes.net/www/;
195. fastcgi_param SCRIPT_FILENAME /web/sites/gfx.sytes.net/www$fastcgi_script_name;
196. fastcgi_param PATH_TRANSLATED /web/sites/gfx.sytes.net/www$fastcgi_script_name;
197. include fastcgi_params;
198. fastcgi_param QUERY_STRING $query_string;
199. fastcgi_param REQUEST_METHOD $request_method;
200. fastcgi_param CONTENT_TYPE $content_type;
201. fastcgi_param CONTENT_LENGTH $content_length;
202. fastcgi_param HTTPS on;
203. fastcgi_intercept_errors on;
204. fastcgi_ignore_client_abort off;
205. fastcgi_connect_timeout 60;
206. fastcgi_send_timeout 180;
207. fastcgi_read_timeout 180;
208. fastcgi_buffer_size 128k;
209. fastcgi_buffers 4 256k;
210. fastcgi_busy_buffers_size 256k;
211. fastcgi_temp_file_write_size 256k;
212. }
213.  
214. location = /favicon.ico {
215. log_not_found off;
216. access_log off;
217. }
218.  
219. location = /robots.txt {
220. allow all;
221. log_not_found off;
222. access_log off;
223. }
224.  
225. location ~ /\.ht {
226. deny all;
227. }
228. }
229.  
230. server {
231. listen 443 ssl http2;
232. server_name www.gfx.sytes.net;
233. rewrite ^ https://gfx.sytes.net$request_uri? permanent;
234. }
235.  
236. **************************************************************************************