Skip to content

Instantly share code, notes, and snippets.

@nkaurelien
Last active September 19, 2022 18:32
Show Gist options
  • Save nkaurelien/57bb85238c983f03c7e3c7882be88c15 to your computer and use it in GitHub Desktop.
Save nkaurelien/57bb85238c983f03c7e3c7882be88c15 to your computer and use it in GitHub Desktop.
lavaral nginx conf example avec redirection https
# Redirection http vers https
server {
listen 80;
listen [::]:80;
server_name exemple.com;
location ~ /\.well-known/acme-challenge {
allow all;
}
location / {
return 301 https://exemple.com$request_uri;
}
}
server {
# SSL configuration
#
listen 443 ssl ;
listen [::]:443 ssl ;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
# root /var/www/html;
root /home/root/www/exemple/current/public;
# Add index.php to the list if you are using PHP
index index.php index.html index.htm index.nginx-debian.html;
server_name exemple.com; # managed by Certbot
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ /index.php?$query_string /index.php?$args;
}
# Remove trailing slash to please routing system.
if (!-d $request_filename) {
rewrite ^/(.+)/$ /$1 permanent;
}
# PHP-FPM Configuration Nginx
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/run/php/php7.2-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
location ~ /\.ht {
deny all;
}
#### Locations
# On cache les fichiers statiques
location ~* \.(html|css|js|png|jpg|jpeg|gif|ico|svg|eot|woff|ttf)$ { expires max; }
# On interdit les dotfiles
location ~ /\. { deny all; }
disable_symlinks off;
ssl on;
ssl_certificate /etc/letsencrypt/live/exemple.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/exemple.com/privkey.pem; # managed by Certbot
}
@nkaurelien
Copy link
Author

Renouvellement du ssl qui expire 30 jours avec certbot

-$ sudo crontab -e

Insérer un ligne
30 3 * * 0 certbot renew --dry-run >> /var/log/letsencrypt/renewal.log

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment