Last active
September 19, 2022 18:32
-
-
Save nkaurelien/57bb85238c983f03c7e3c7882be88c15 to your computer and use it in GitHub Desktop.
lavaral nginx conf example avec redirection https
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Redirection http vers https | |
server { | |
listen 80; | |
listen [::]:80; | |
server_name exemple.com; | |
location ~ /\.well-known/acme-challenge { | |
allow all; | |
} | |
location / { | |
return 301 https://exemple.com$request_uri; | |
} | |
} | |
server { | |
# SSL configuration | |
# | |
listen 443 ssl ; | |
listen [::]:443 ssl ; | |
# | |
# Note: You should disable gzip for SSL traffic. | |
# See: https://bugs.debian.org/773332 | |
# | |
# Read up on ssl_ciphers to ensure a secure configuration. | |
# See: https://bugs.debian.org/765782 | |
# | |
# Self signed certs generated by the ssl-cert package | |
# Don't use them in a production server! | |
# | |
# include snippets/snakeoil.conf; | |
# root /var/www/html; | |
root /home/root/www/exemple/current/public; | |
# Add index.php to the list if you are using PHP | |
index index.php index.html index.htm index.nginx-debian.html; | |
server_name exemple.com; # managed by Certbot | |
location / { | |
# First attempt to serve request as file, then | |
# as directory, then fall back to displaying a 404. | |
try_files $uri $uri/ /index.php?$query_string /index.php?$args; | |
} | |
# Remove trailing slash to please routing system. | |
if (!-d $request_filename) { | |
rewrite ^/(.+)/$ /$1 permanent; | |
} | |
# PHP-FPM Configuration Nginx | |
location ~ \.php$ { | |
try_files $uri =404; | |
fastcgi_split_path_info ^(.+\.php)(/.+)$; | |
fastcgi_pass unix:/run/php/php7.2-fpm.sock; | |
fastcgi_index index.php; | |
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | |
include fastcgi_params; | |
} | |
# deny access to .htaccess files, if Apache's document root | |
# concurs with nginx's one | |
location ~ /\.ht { | |
deny all; | |
} | |
#### Locations | |
# On cache les fichiers statiques | |
location ~* \.(html|css|js|png|jpg|jpeg|gif|ico|svg|eot|woff|ttf)$ { expires max; } | |
# On interdit les dotfiles | |
location ~ /\. { deny all; } | |
disable_symlinks off; | |
ssl on; | |
ssl_certificate /etc/letsencrypt/live/exemple.com/fullchain.pem; # managed by Certbot | |
ssl_certificate_key /etc/letsencrypt/live/exemple.com/privkey.pem; # managed by Certbot | |
} |
Renouvellement du ssl qui expire 30 jours avec certbot
-$ sudo crontab -e
Insérer un ligne
30 3 * * 0 certbot renew --dry-run >> /var/log/letsencrypt/renewal.log
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Tester le ssl
https://www.ssllabs.com/ssltest/analyze.html?d=vps56705.lws-hosting.com
Plus d'informations sur :
https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04
https://www.grafikart.fr/tutoriels/nginx-ssl-letsencrypt-747
https://aide.lws.fr/base/Serveur-Dedie-VPS-avec-ISP-Config/Certification-SSL/installer-un-certificat-SSL-gratuit-Lets-Encrypt-VPS