PHP Classes
elePHPant
Icontem

File: docs/es-la/01-intro/example-config/nginx.conf

Recommend this page to a friend!
  Classes of Scott Arciszewski  >  CMS Airship  >  docs/es-la/01-intro/example-config/nginx.conf  >  Download  
File: docs/es-la/01-intro/example-config/nginx.conf
Role: Auxiliary data
Content type: text/plain
Description: Auxiliary data
Class: CMS Airship
Content management system with security features
Author: By
Last change:
Date: 10 months ago
Size: 2,156 bytes
 

Contents

Class file image Download
# HTTPS-only server
server {
    listen 443;
    listen [::]:443;

    ssl on;

    # Replace these:
    server_name example.com;
    ssl_certificate /etc/ssl/example.com.cert;
    ssl_certificate_key /etc/ssl/private/example.com.pem;
    ssl_trusted_certificate /etc/ssl/intermediate.cert;

    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:50m;
    ssl_session_tickets off;

    ssl_stapling on;
    ssl_stapling_verify on;

    # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
    ssl_dhparam /etc/openssl/dhparam.pem;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

    # Mozilla recommended ciphers
    # https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility
    ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
    ssl_prefer_server_ciphers on;

    resolver 8.8.4.4 8.8.8.8 valid=300s;
    resolver_timeout 10s;

    # Add HSTS
    add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";

    root /var/www/airship/src/public;
    index index.php index.html index.htm;

    location / {
        try_files $uri $uri/ /index.php?$args;
    }

    location /index.php {
		include snippets/fastcgi-php.conf;
		# php7.0-fpm:
		fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
	}
}

# Redirect to HTTPS
server {
    listen 80;
    listen [::]:80;

    root /var/www/airship/src/public;
    index index.php index.html index.htm;

    server_name example.com;

    location / {
        rewrite ^ https://example.com$request_uri? permanent;
    }
}