<% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%> server { listen 443 ssl; server_name <%= @server_name %>; access_log /var/log/nginx/<%= @server_name %>.access.log; error_log /var/log/nginx/<%= @server_name %>.error.log; root <%= @docroot %>; index index.php; location / { try_files $uri $uri/ /index.php?$args; } location ~ \.php$ { try_files $uri =404; include fastcgi_params; fastcgi_pass 127.0.0.1:9002; fastcgi_param SCRIPT_FILENAME <%= @docroot %>$fastcgi_script_name; # Remove the HTTP_PROXY parameter, protect from the HTTPoxy vulnerability # https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/ fastcgi_param HTTP_PROXY ""; } add_header Strict-Transport-Security "max-age=15768000; includeSubDomains"; ssl_certificate <%= @ssl_cert %>; ssl_certificate_key <%= @ssl_key %>; } <% end -%>