pathfinder.conf for Pathfinder (Nginx v1.11.8)

pathfinder.conf

# www to non-www redirect -- duplicate content is BAD:
# https://github.com/h5bp/html5-boilerplate/blob/5370479476dceae7cc3ea105946536d6bc0ee468/.htaccess#L362
# Choose between www and non-www, listen on the *wrong* one and redirect to
# the right one -- http://wiki.nginx.org/Pitfalls#Server_Name

# rewrite to HTTPS
server {
  listen 80;
  listen [::]:80;

  server_name www.pathfinder-w.space;
  return 301 https://$server_name$request_uri;
}

# rewrite HTTPS to  www.HTTPS
server{
  listen 80;
  listen [::]:80;
  listen 443 ssl http2;
  listen [::]:443 ssl http2;

  server_name pathfinder-w.space;

  # SSL =======================================================================================================================
  # Certificate path
  ssl_certificate /var/www/pathfinder-w.space/ssl/www.pathfinder-w.space.chained.crt;
  ssl_certificate_key /var/www/pathfinder-w.space/ssl/pathfinder-w.space.key;

  return 301 https://www.$server_name$request_uri;
}

# listen to HTTP:/www.dev.pathfinder-w.space
server {
  listen [::]:443 ssl http2;
  listen 443 ssl http2 backlog=16384 reuseport;

  # The host name to respond
  server_name www.pathfinder-w.space;

  # Path to static files
  root   /var/www/pathfinder-w.space/public_html;
  # index index.php index.html index.htm;

  # Specify a charset
  charset utf-8;

  # SSL =======================================================================================================================
  # Certificate root
  ssl_certificate /var/www/pathfinder-w.space/ssl/www.pathfinder-w.space.chained.crt;
  ssl_certificate_key /var/www/pathfinder-w.space/ssl/pathfinder-w.space.key;

  # Include the basic SSL h5bp config set
  include h5bp/directive-only/ssl.conf;

  # Logging ===================================================================================================================
  access_log /var/www/pathfinder-w.space/public_html/logs/nginx_access.log main_ext if=$log_production;
  error_log /var/www/pathfinder-w.space/public_html/logs/nginx_error.log warn;

  location / {
    # auth_basic "Admin Login";
    # auth_basic_user_file /etc/nginx/admin_pass;
    index index.php;
    try_files $uri $uri/ /index.php?$query_string;
  }

  # Protct /setup with password
  location /setup {
   auth_basic "Setup Login";
   auth_basic_user_file /etc/nginx/.setup_pass;
   try_files $uri $uri/ /index.php?$query_string;
  }

  # PHP socket configuration
  location ~ \.php$ {
    try_files $uri =404;
    fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

    # CGI caching
    #fastcgi_cache MYAPP;
    #fastcgi_cache_valid 200 60m;

    include fastcgi_params;
  }

  # static sources
  location /public/ {
    sendfile                                    on;
    tcp_nopush                                  on;
    tcp_nodelay                                 on;
    keepalive_timeout                           10s;
    sendfile_max_chunk                          512k;
  }

  # WebSocket ReverseProxy setup [optional]
  location /ws/map/update {
    proxy_pass http://ws_prod_map_update;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $connection_upgrade;
    proxy_set_header Host $host;

    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-Port $server_port;
    proxy_set_header X-Forwarded-Proto $scheme;

    proxy_read_timeout 8h;
    proxy_send_timeout 5s;
    proxy_connect_timeout 3s;
    proxy_buffering off;
  }

  # Include the basic h5bp config set
  include h5bp/basic.conf;
}

This seems like it should be updated... Some weird stuff going on with the www and non-www blocks. Seems like this could be condensed and optimized a bit.

I download h5bp from github. but the directory is missing. Its must set it or not?

Include the basic SSL h5bp config set

include h5bp/directive-only/ssl.conf;