leepeterson · July 10, 2020 08:35
diff --git a/Flarum+Cloudflare Full SSL - Nginx Configuration b/Flarum+Cloudflare Full SSL - Nginx Configuration
 # HTTPS Server
 server {
 	listen 443 ssl http2 default_server;
 	listen [::]:443 ssl http2 default_server;
 	root /var/www/html;
 	index index.html index.htm index.php;
 	server_name example.com;
 	
 	ssl_certificate /etc/nginx/ssl/example.com.crt;
 	ssl_certificate_key /etc/nginx/ssl/example.com.key;
 	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 	ssl_prefer_server_ciphers on;
 	ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
 	ssl_dhparam  /etc/nginx/ssl/dhparam.pem;
 	ssl_session_cache shared:SSL:20m;
 	ssl_session_timeout 180m;
 	resolver 8.8.8.8 8.8.4.4;
 	add_header Strict-Transport-Security "max-age=31536000;
 #includeSubDomains" always;

 #Log Files
 access_log  /var/log/nginx/flarum.access.log;
 error_log   /var/log/nginx/flarum.error.log;

 location / { 
        try_files $uri $uri/ /index.php?$query_string; 
    }

    location /api { 
        try_files $uri $uri/ /api.php?$query_string; 
    }

    location /admin { 
        try_files $uri $uri/ /admin.php?$query_string; 
    }

    location /flarum {
        deny all;
        return 404;
    }

    location ~* \.html$ {
        expires -1;
    }

    location ~* \.(css|js|gif|jpe?g|png)$ {
        expires 1M;
        add_header Pragma public;
        add_header Cache-Control "public, must-revalidate, proxy-revalidate";
    }

 #PHP 7 Conf
 	
 	location ~ \.php$ {
 	include snippets/fastcgi-php.conf;
 	fastcgi_pass unix:/run/php/php7.0-fpm.sock;
 	}
 	location ~ /\.ht {
 	deny all;
 	}
 	}
 	
 # HTTP Server
 server {
 	listen         80;
 	listen    [::]:80;
 	server_name    example.com;
 	return         301 https://$server_name$request_uri;
 }
	# HTTPS Server
	server {
	listen 443 ssl http2 default_server;
	listen [::]:443 ssl http2 default_server;
	root /var/www/html;
	index index.html index.htm index.php;
	server_name example.com;

	ssl_certificate /etc/nginx/ssl/example.com.crt;
	ssl_certificate_key /etc/nginx/ssl/example.com.key;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_prefer_server_ciphers on;
	ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
	ssl_dhparam /etc/nginx/ssl/dhparam.pem;
	ssl_session_cache shared:SSL:20m;
	ssl_session_timeout 180m;
	resolver 8.8.8.8 8.8.4.4;
	add_header Strict-Transport-Security "max-age=31536000;
	#includeSubDomains" always;

	#Log Files
	access_log /var/log/nginx/flarum.access.log;
	error_log /var/log/nginx/flarum.error.log;

	location / {
	try_files $uri $uri/ /index.php?$query_string;
	}

	location /api {
	try_files $uri $uri/ /api.php?$query_string;
	}

	location /admin {
	try_files $uri $uri/ /admin.php?$query_string;
	}

	location /flarum {
	deny all;
	return 404;
	}

	location ~* \.html$ {
	expires -1;
	}

	location ~* \.(css\|js\|gif\|jpe?g\|png)$ {
	expires 1M;
	add_header Pragma public;
	add_header Cache-Control "public, must-revalidate, proxy-revalidate";
	}

	#PHP 7 Conf

	location ~ \.php$ {
	include snippets/fastcgi-php.conf;
	fastcgi_pass unix:/run/php/php7.0-fpm.sock;
	}
	location ~ /\.ht {
	deny all;
	}
	}

	# HTTP Server
	server {
	listen 80;
	listen [::]:80;
	server_name example.com;
	return 301 https://$server_name$request_uri;
	}