server {
listen 80;
server_name xxx.cn;
rewrite ^(.*)$ https://www.${server_name}$1 permanent;
}
server {
listen 80;
server_name www.xxx.cn;
rewrite ^(.*)$ https://${server_name}$1 permanent;
}
server {
listen 443;
ssl on;
server_name xxx.cn;
rewrite ^(.*)$ https://www.${server_name}$1 permanent;
ssl_certificate /etc/nginx/cert/xxxxxxx.pem;
ssl_certificate_key /etc/nginx/cert/xxxxxxx.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
}
server {
listen 443;
server_name www.xxx.cn;
ssl on;
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /xxxx/public;
# Add index.php to the list if you are using PHP
index index.php index.htm index.html;
ssl_certificate /etc/nginx/cert/xxxxxxx.pem;
ssl_certificate_key /etc/nginx/cert/xxxxxx.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
# try_files $uri $uri/ =404;
try_files $uri $uri/ /index.php?$query_string;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
include snippets/fastcgi-php.conf;
# With php7.0-cgi alone:
#fastcgi_pass 127.0.0.1:9000;
# With php7.2-fpm:
fastcgi_pass unix:/run/php/php7.2-fpm.sock;
}
}