open-consult/domain.extension at master · nickrod/open-consult · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# http://wiki.nginx.org/Pitfalls
# http://wiki.nginx.org/QuickStart
# http://wiki.nginx.org/Configuration
#
# Generally, you will want to move this file somewhere, and start with a clean
# file but keep this around for reference. Or just disable in sites-enabled.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##

# Default server configuration
#

limit_req_zone $binary_remote_addr zone=one:10m rate=30r/m;

server {
  listen 80;
  listen [::]:80;

  server_name domain.com www.domain.com;
	root /var/www/domain.com;

  location ~ /.well-known/acme-challenge/ {
    allow all;
    default_type "text/plain";
    try_files $uri $uri/ =404;
  }

  location / {
    return 301 https://www.domain.com$request_uri;
  }
}

server {
	listen 443 ssl;
	listen [::]:443 ssl;

  server_name domain.com;
	root /var/www/domain.com;

  ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem;
  include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
  ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

  return 301 https://www.domain.com$request_uri;
}

server {
	# SSL configuration

	listen 443 ssl;
	listen [::]:443 ssl;

	server_name www.domain.com;
	root /var/www/domain.com;

	#
	# Self signed certs generated by the ssl-cert package
	# Don't use them in a production server!
	#
	# include snippets/snakeoil.conf;

  ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem;
  include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
  ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

	# Add index.php to the list if you are using PHP

	index index.html index.htm index.nginx-debian.html index.php;

  # add backslash

  rewrite ^([^?#]*/)([^@][^?#./]+)([?#].*)?$ $1$2/$3 permanent;

  # default error page

  error_page 404 https://www.domain.com/notfound.php;

	# root location

	location / {
		# First attempt to serve request as file, then
		# as directory, then fall back to displaying a 404.
		try_files $uri $uri/ =404;
	}

	# passed the PHP scripts to FastCGI server listening on 127.0.0.1:9000

	location ~ \.php$ {
		include snippets/fastcgi-php.conf;
    fastcgi_pass unix:/run/php/php7.3-fpm.sock;
	}

	# deny access to .htaccess files, if Apache's document root
	# concurs with nginx's one

	location ~ /\.ht {
		deny all;
	}

  # caching

  location ~* \.(?:jpg|jpeg|png|gif|ico|css|js|woff)$ {
    expires 1y;
    access_log off;
    add_header Cache-Control "public";
  }

  # rate limit auth page

  location /auth.php {
    limit_req zone=one;
  }
}


# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
#	listen 80;
#	listen [::]:80;
#
#	server_name example.com;
#
#	root /var/www/example.com;
#	index index.html;
#
#	location / {
#		try_files $uri $uri/ =404;
#	}
#}