95 lines
2.9 KiB
Plaintext
95 lines
2.9 KiB
Plaintext
|
##
|
||
|
|
# You should look at the following URL's in order to grasp a solid understanding
|
||
|
|
# of Nginx configuration files in order to fully unleash the power of Nginx.
|
||
|
|
# http://wiki.nginx.org/Pitfalls
|
||
|
|
# http://wiki.nginx.org/QuickStart
|
||
|
|
# http://wiki.nginx.org/Configuration
|
||
|
|
#
|
||
|
|
# Generally, you will want to move this file somewhere, and start with a clean
|
||
|
|
# file but keep this around for reference. Or just disable in sites-enabled.
|
||
|
|
#
|
||
|
|
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
|
||
|
|
##
|
||
|
|
|
||
|
|
# Default server configuration
|
||
|
|
#
|
||
|
|
server {
|
||
|
|
listen 80 default_server;
|
||
|
|
listen [::]:80 default_server;
|
||
|
|
server_name _;
|
||
|
|
return 301 https://$host$request_uri;
|
||
|
|
}
|
||
|
|
|
||
|
|
server {
|
||
|
|
# SSL configuration
|
||
|
|
#
|
||
|
|
listen 443 ssl default_server;
|
||
|
|
listen [::]:443 ssl default_server;
|
||
|
|
|
||
|
|
# https://weakdh.org/sysadmin.html
|
||
|
|
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
|
||
|
|
|
||
|
|
ssl_prefer_server_ciphers on;
|
||
|
|
|
||
|
|
ssl_certificate /etc/letsencrypt/live/monarch-pass.net/fullchain.pem;
|
||
|
|
ssl_certificate_key /etc/letsencrypt/live/monarch-pass.net/privkey.pem;
|
||
|
|
|
||
|
|
#
|
||
|
|
# Self signed certs generated by the ssl-cert package
|
||
|
|
# Don't use them in a production server!
|
||
|
|
#
|
||
|
|
# include snippets/snakeoil.conf;
|
||
|
|
|
||
|
|
root /var/www/html;
|
||
|
|
|
||
|
|
# Add index.php to the list if you are using PHP
|
||
|
|
index index.html index.htm index.nginx-debian.html;
|
||
|
|
|
||
|
|
server_name _;
|
||
|
|
|
||
|
|
location / {
|
||
|
|
# First attempt to serve request as file, then
|
||
|
|
# as directory, then fall back to displaying a 404.
|
||
|
|
try_files $uri $uri/ =404;
|
||
|
|
autoindex on;
|
||
|
|
}
|
||
|
|
|
||
|
|
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
|
||
|
|
#
|
||
|
|
#location ~ \.php$ {
|
||
|
|
# include snippets/fastcgi-php.conf;
|
||
|
|
#
|
||
|
|
# # With php5-cgi alone:
|
||
|
|
# fastcgi_pass 127.0.0.1:9000;
|
||
|
|
# # With php5-fpm:
|
||
|
|
# fastcgi_pass unix:/var/run/php5-fpm.sock;
|
||
|
|
#}
|
||
|
|
|
||
|
|
# deny access to .htaccess files, if Apache's document root
|
||
|
|
# concurs with nginx's one
|
||
|
|
#
|
||
|
|
#location ~ /\.ht {
|
||
|
|
# deny all;
|
||
|
|
#}
|
||
|
|
}
|
||
|
|
|
||
|
|
|
||
|
|
# Virtual Host configuration for example.com
|
||
|
|
#
|
||
|
|
# You can move that to a different file under sites-available/ and symlink that
|
||
|
|
# to sites-enabled/ to enable it.
|
||
|
|
#
|
||
|
|
#server {
|
||
|
|
# listen 80;
|
||
|
|
# listen [::]:80;
|
||
|
|
#
|
||
|
|
# server_name example.com;
|
||
|
|
#
|
||
|
|
# root /var/www/example.com;
|
||
|
|
# index index.html;
|
||
|
|
#
|
||
|
|
# location / {
|
||
|
|
# try_files $uri $uri/ =404;
|
||
|
|
# }
|
||
|
|
#}
|