-
-
Save wmandai/b295531af554216f1885 to your computer and use it in GitHub Desktop.
server { | |
listen X.X.X.X:443 ssl http2; | |
ssl_protocols TLSv1.2; | |
ssl_certificate cert.pem; | |
ssl_certificate_key privkey.pem; | |
server_name domain.com; | |
root /var/www/domain.com; | |
autoindex on; | |
index index.php; | |
location / { | |
try_files $uri $uri/ /index.php; | |
location = /index.php { | |
fastcgi_pass unix:/var/lib/php5-fpm/web.sock; | |
fastcgi_param SCRIPT_FILENAME /var/www/domain.com$fastcgi_script_name; | |
include /etc/nginx/fastcgi_params; | |
fastcgi_index index.php; | |
} | |
} | |
location ~ \.php$ { | |
return 444; | |
} | |
# set expiration of assets to MAX for caching | |
location ~* \.(ico|css|js|gif|jpe?g|png)(\?[0-9]+)?$ { | |
expires max; | |
log_not_found off; | |
} | |
} |
Here is the updated nginx config with cloudflare Full SSL
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
root /var/www/example.com;
index index.php index.html index.htm;
server_name example.com www.example.com;
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 180m;
resolver 8.8.8.8 8.8.4.4;
add_header Strict-Transport-Security "max-age=31536000" always;
# define error page
error_page 404 = @NotFound;
# error page location redirect 301
location @NotFound {
return 301 /;
}
location / {
try_files $uri $uri/ /index.php;
}
location = /index.php {
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
fastcgi_index index.php;
}
}
server {
listen 80;
listen [::]:80;
server_name example.com www.example.com;
return 301 https://$server_name$request_uri;
}
it's not working. can you update it with php fpm 7