35 lines
1.3 KiB
Plaintext
35 lines
1.3 KiB
Plaintext
server {
|
|
<% if node.chef_environment != "development" && File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
|
|
listen 443 ssl;
|
|
<% else -%>
|
|
listen 80;
|
|
<% end -%>
|
|
server_name <%= @server_name %>;
|
|
|
|
access_log /var/log/nginx/<%= @server_name %>.access.log;
|
|
error_log /var/log/nginx/<%= @server_name %>.error.log;
|
|
|
|
root <%= @docroot %>;
|
|
index index.php;
|
|
|
|
location / {
|
|
try_files $uri $uri/ /index.php?$args;
|
|
}
|
|
|
|
location ~ \.php$ {
|
|
try_files $uri =404;
|
|
include fastcgi_params;
|
|
fastcgi_pass 127.0.0.1:9002;
|
|
fastcgi_param SCRIPT_FILENAME <%= @docroot %>$fastcgi_script_name;
|
|
# Remove the HTTP_PROXY parameter, protect from the HTTPoxy vulnerability
|
|
# https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/
|
|
fastcgi_param HTTP_PROXY "";
|
|
}
|
|
|
|
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains";
|
|
<% if node.chef_environment != "development" && File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
|
|
ssl_certificate <%= @ssl_cert %>;
|
|
ssl_certificate_key <%= @ssl_key %>;
|
|
<% end -%>
|
|
}
|