45 lines
1.6 KiB
Plaintext
45 lines
1.6 KiB
Plaintext
server {
|
|
listen 80;
|
|
<% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
|
|
listen <%= @server_port %> ssl http2;
|
|
<% end -%>
|
|
server_name <%= @server_name %> <%= @server_aliases.join(" ") %>;
|
|
|
|
access_log /var/log/nginx/<%= @server_name %>.access.log;
|
|
error_log /var/log/nginx/<%= @server_name %>.error.log;
|
|
|
|
client_max_body_size 20m;
|
|
|
|
root <%= @docroot %>;
|
|
index index.php;
|
|
|
|
location / {
|
|
try_files $uri $uri/ /index.php?$args;
|
|
<% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
|
|
set $redirect_to_ssl "no";
|
|
if ($ssl_protocol = "") {
|
|
set $redirect_to_ssl "yes";
|
|
}
|
|
if ($redirect_to_ssl = yes) {
|
|
rewrite ^(.*) https://$host$1 permanent;
|
|
}
|
|
<% end -%>
|
|
}
|
|
|
|
location ~ \.php$ {
|
|
try_files $uri =404;
|
|
include fastcgi_params;
|
|
fastcgi_pass 127.0.0.1:9001;
|
|
fastcgi_param SCRIPT_FILENAME <%= @docroot %>$fastcgi_script_name;
|
|
# Remove the HTTP_PROXY parameter, protect from the HTTPoxy vulnerability
|
|
# https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/
|
|
fastcgi_param HTTP_PROXY "";
|
|
}
|
|
|
|
<% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
|
|
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains";
|
|
ssl_certificate <%= @ssl_cert %>;
|
|
ssl_certificate_key <%= @ssl_key %>;
|
|
<% end -%>
|
|
}
|