gracefullight · July 28, 2017 07:39
diff --git a/nginx_php_ssl_virtualhost.conf b/nginx_php_ssl_virtualhost.conf
 # HTTP
 server {
    listen 80;
    server_name example.com www.example.com;

    # certbot --webroot 인증을 받기위한 설정
    #location ^~ /.well-known/acme-challenge/ {
    #	default_type "text/plain";
    #	root /var/www/letsencrypt;
    #}

    # 80 접속시 443으로 redirect
    location / {
       return 301 https://$server_name$request_uri;
    }
 }

 # HTTPS
 server {
  listen 443 ssl http2;
  listen [::]:443 ssl http2;
  server_name example.com www.example.com;
  root /var/nginx/www/public;
  index index.php index.html;

  # 지저분한 보안 옵션은 추천옵션이니 넣어주자.
  ssl on;
  ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
  ssl_trusted_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
  ssl_session_timeout 1d;
  ssl_session_cache shared:SSL:50m;
  ssl_session_tickets off;

  #ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_protocols TLSv1.2;
  ssl_ciphers EECDH+AESGCM:EECDH+AES;
  ssl_ecdh_curve secp384r1;
  ssl_prefer_server_ciphers on;

  ssl_stapling on;
  ssl_stapling_verify on;

  location / {
    try_files $uri $uri/ /index.php?$query_string;
  }

  location ~ \.php {
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    include fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_param SCRIPT_NAME $fastcgi_script_name;
    fastcgi_index index.php;
    fastcgi_pass 127.0.0.1:9000;
  }

  location ~ /\.ht {
    deny all;
  }

  # 캐싱할 데이터가 있다면 추가
  location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc|woff)$ {
    expires 1M;
    add_header Cache-Control "public";
  }

  location ~* \.(?:css|js)$ {
    expires 7d;
    add_header Cache-Control "public";
  }
 }
	# HTTP
	server {
	listen 80;
	server_name example.com www.example.com;

	# certbot --webroot 인증을 받기위한 설정
	#location ^~ /.well-known/acme-challenge/ {
	# default_type "text/plain";
	# root /var/www/letsencrypt;
	#}

	# 80 접속시 443으로 redirect
	location / {
	return 301 https://$server_name$request_uri;
	}
	}

	# HTTPS
	server {
	listen 443 ssl http2;
	listen [::]:443 ssl http2;
	server_name example.com www.example.com;
	root /var/nginx/www/public;
	index index.php index.html;

	# 지저분한 보안 옵션은 추천옵션이니 넣어주자.
	ssl on;
	ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
	ssl_trusted_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
	ssl_session_timeout 1d;
	ssl_session_cache shared:SSL:50m;
	ssl_session_tickets off;

	#ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_protocols TLSv1.2;
	ssl_ciphers EECDH+AESGCM:EECDH+AES;
	ssl_ecdh_curve secp384r1;
	ssl_prefer_server_ciphers on;

	ssl_stapling on;
	ssl_stapling_verify on;

	location / {
	try_files $uri $uri/ /index.php?$query_string;
	}

	location ~ \.php {
	fastcgi_split_path_info ^(.+\.php)(/.+)$;
	include fastcgi_params;
	fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
	fastcgi_param SCRIPT_NAME $fastcgi_script_name;
	fastcgi_index index.php;
	fastcgi_pass 127.0.0.1:9000;
	}

	location ~ /\.ht {
	deny all;
	}

	# 캐싱할 데이터가 있다면 추가
	location ~* \.(?:jpg\|jpeg\|gif\|png\|ico\|cur\|gz\|svg\|svgz\|mp4\|ogg\|ogv\|webm\|htc\|woff)$ {
	expires 1M;
	add_header Cache-Control "public";
	}

	location ~* \.(?:css\|js)$ {
	expires 7d;
	add_header Cache-Control "public";
	}
	}