Newer
Older
listen [::]:{vhost_port} ipv6only=on;
ssl {ssl_on};
{ssl_comment}ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
{ssl_comment}ssl_certificate /usr/local/ispconfig/interface/ssl/ispserver.crt;
{ssl_comment}ssl_certificate_key /usr/local/ispconfig/interface/ssl/ispserver.key;
Till Brehm
committed
{ssl_comment}ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
{ssl_comment}ssl_prefer_server_ciphers on;
# redirect to https if accessed with http
{ssl_comment}error_page 497 https://$host:{vhost_port}$request_uri;
server_name _;
root /usr/local/ispconfig/interface/web/;
location / {
index index.php index.html;
}
# serve static files directly
location ~* ^.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt)$ {
access_log off;
}
location ~ \.php$ {
Falko Timme
committed
include /etc/nginx/fastcgi_params;
Falko Timme
committed
fastcgi_pass unix:{fpm_socket};
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
#fastcgi_param PATH_INFO $fastcgi_script_name;
Falko Timme
committed
fastcgi_buffer_size 128k;
fastcgi_buffers 256 4k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
Till Brehm
committed
fastcgi_param HTTP_PROXY "";
}
location ~ /\. {
deny all;
}
Falko Timme
committed
# location /phpmyadmin {
# root /usr/share/;
# index index.php index.html index.htm;
# location ~ ^/phpmyadmin/(.+\.php)$ {
# try_files $uri =404;
# root /usr/share/;
# include /etc/nginx/fastcgi_params;
Falko Timme
committed
# fastcgi_pass unix:{fpm_socket};
Falko Timme
committed
# {ssl_comment}fastcgi_param HTTPS {fastcgi_ssl};
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME $request_filename;
# }
# location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
# root /usr/share/;
# }
# }
# location /phpMyAdmin {
# rewrite ^/* /phpmyadmin last;
# }
#
# location /squirrelmail {
# root /usr/share/;
# index index.php index.html index.htm;
# location ~ ^/squirrelmail/(.+\.php)$ {
# try_files $uri =404;
# root /usr/share/;
# include /etc/nginx/fastcgi_params;
Falko Timme
committed
# fastcgi_pass unix:{fpm_socket};
Falko Timme
committed
# {ssl_comment}fastcgi_param HTTPS {fastcgi_ssl};
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME $request_filename;
# }
# location ~* ^/squirrelmail/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
# root /usr/share/;
# }
# }
# location /webmail {
# rewrite ^/* /squirrelmail last;
# }