minor tuning to nginx example config

for example we really do wish to force people to use HTTPS ;)
This commit is contained in:
Mikael Nordfeldth 2015-12-27 23:58:10 +01:00
parent 4bc0b374bc
commit 7f4b51e246

View File

@ -1,20 +1,28 @@
server { server {
# Ports
listen 80; listen 80;
# Uncomment the following line listen [::]:80;
# to enable HTTPS
#listen 443 ssl; # FIXME: change domain name here (and also make sure you do the same in the next 'server' section)
server_name social.example.org;
# redirect all traffic to HTTPS
rewrite ^ https://$server_name$request_uri? permanent;
}
server {
# Use HTTPS. Seriously. Set it up with a cert (any cert) before you run the install.
listen 443 ssl;
# Server name # Server name
# Change "example.org" to your domain name # Change "social.example.org" to your site's domain name
server_name example.org; server_name social.example.org;
# SSL # SSL
# Uncomment and change the paths to setup # Uncomment and change the paths to setup
# your SSL key/cert. See https://cipherli.st/ # your SSL key/cert. See https://cipherli.st/
# for more information # for more information
#ssl_certificate /path/to/ssl.cert; ssl_certificate ssl/certs/social.example.org.crt;
#ssl_certificate_key /path/to/ssl.key; ssl_certificate_key ssl/private/social.example.org.key;
# Logs # Logs
# Uncomment and change the paths to setup # Uncomment and change the paths to setup
@ -32,12 +40,14 @@ server {
# PHP # PHP
location ~ \.php { location ~ \.php {
fastcgi_pass unix:/run/php-fpm/php-fpm.sock; include snippets/fastcgi-php.conf;
# This should be the same value as in your (optional) /etc/php5/fpm/pool.d/$server.conf
fastcgi_pass unix:/var/run/php5-fpm.sock;
# Remove the "fastcgi_pass" line above and uncomment # Remove the "fastcgi_pass" line above and uncomment
# the one below to use TCP sockets instead of Unix sockets # the one below to use TCP sockets instead of Unix sockets
#fastcgi_pass 127.0.0.1:9000; #fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi.conf;
} }
# Location # Location
@ -49,5 +59,10 @@ server {
location @gnusocial { location @gnusocial {
rewrite ^(.*)$ /index.php?p=$1 last; rewrite ^(.*)$ /index.php?p=$1 last;
} }
# Restrict access that is unnecessary anyway
location ~ /\.(ht|git) {
deny all;
}
} }