47 lines
1.5 KiB
Plaintext
47 lines
1.5 KiB
Plaintext
server {
|
|
listen 80;
|
|
server_name <%= @server_name %>;
|
|
access_log /var/log/nginx/<%= @server_name %>.access.log;
|
|
error_log /var/log/nginx/<%= @server_name %>.error.log;
|
|
|
|
location /.well-known {
|
|
root <%= @docroot %>;
|
|
}
|
|
location / {
|
|
return 301 https://$host$request_uri;
|
|
}
|
|
}
|
|
|
|
server {
|
|
<% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
|
|
listen 443 ssl;
|
|
<% end -%>
|
|
server_name <%= @server_name %>;
|
|
|
|
access_log /var/log/nginx/<%= @server_name %>.access.log;
|
|
error_log /var/log/nginx/<%= @server_name %>.error.log;
|
|
|
|
root <%= @docroot %>;
|
|
index index.php;
|
|
|
|
location / {
|
|
try_files $uri $uri/ /index.php?$args;
|
|
}
|
|
|
|
location ~ \.php$ {
|
|
try_files $uri =404;
|
|
include fastcgi_params;
|
|
fastcgi_pass 127.0.0.1:9002;
|
|
fastcgi_param SCRIPT_FILENAME <%= @docroot %>$fastcgi_script_name;
|
|
# Remove the HTTP_PROXY parameter, protect from the HTTPoxy vulnerability
|
|
# https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/
|
|
fastcgi_param HTTP_PROXY "";
|
|
}
|
|
|
|
<% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
|
|
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains";
|
|
ssl_certificate <%= @ssl_cert %>;
|
|
ssl_certificate_key <%= @ssl_key %>;
|
|
<% end -%>
|
|
}
|