1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50
| server { listen 80; server_name domain.com;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
if ($ssl_protocol = "") { rewrite ^ https://domain.com$request_uri; } }
server { listen 443 ssl http2; charset utf-8; server_name domain.com; root /path/to/domain.com/root; index index.html index.htm index.php;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem; ssl_session_cache shared:SSL:50m; ssl_session_timeout 5m;
ssl_prefer_server_ciphers on; ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";
resolver 8.8.8.8; ssl_stapling on;
location ~ \.php$ { fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_connect_timeout 300s; fastcgi_read_timeout 300s; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; }
location ~ /\.ht { deny all; }
location ~ /.*\.db { deny all; } }
|