Absolutely..and thanks
Running this on Forge / Digital Ocean
############www.myurl.com
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/www.myurl.com/before/*;
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name www.myurl.com;
root /home/forge/www.myurl.com/current/public;
# FORGE SSL (DO NOT REMOVE!)
ssl_certificate /etc/nginx/ssl/www.myurl.com/676408/server.crt;
ssl_certificate_key /etc/nginx/ssl/www.myurl.com/676408/server.key;
ssl_protocols TLSv1.2;
ssl_ciphers
ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dhparams.pem;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
index index.html index.htm index.php;
charset utf-8;
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/www.myurl.com/server/*;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
# Expire rules for static content - 2019-05-24
# cache.appcache, your document html and data
location ~* \.(?:manifest|appcache|html?|xml|json)$ {
expires -1;
}
# Feed
location ~* \.(?:rss|atom)$ {
expires 1h;
add_header Pragma public;
add_header Cache-Control "public";
}
# Media: images, icons, video, audio, HTC
location ~*
\.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ {
expires 7d;
access_log off;
add_header Pragma public;
add_header Cache-Control "public";
}
# CSS and Javascript
location ~* \.(?:css|js)$ {
expires 7d;
access_log off;
add_header Pragma public;
add_header Cache-Control "public";
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/www.myurl.com-error.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.(?!well-known).* {
deny all;
}
}
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/www.myurl.com/after/*;
# Redirect every request to HTTPS...
server {
listen 80;
listen [::]:80;
server_name .myurl.com;
return 301 https://$host$request_uri;
}
############ssl_redirect.conf
# Redirect SSL to primary domain SSL...
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
# FORGE SSL (DO NOT REMOVE!)
ssl_certificate /etc/nginx/ssl/www.myurl.com/676408/server.crt;
ssl_certificate_key /etc/nginx/ssl/www.myurl.com/676408/server.key;
ssl_protocols TLSv1.2;
ssl_ciphers
ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dhparams.pem;
server_name myurl.com;
return 301 https://www.myurl.com$request_uri;
}
Posted at Nginx Forum:
https://forum.nginx.org/read.php?2,286700,286702#msg-286702
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
