Install
https://www.nginx.com/resources/wiki/start/topics/tutorials/install/
Debian /etc/apt/sources.list
# replace $release deb http://nginx.org/packages/debian/ $release nginx deb-src http://nginx.org/packages/debian/ $release nginx
Если нет ключа:
$ wget http://nginx.org/packages/keys/nginx_signing.key $ cat nginx_signing.key | sudo apt-key add - $ apt-get update
SSL
http {
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;.
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
ssl_stapling on;
resolver 8.8.8.8;
}
server {
listen 443 ssl;
ssl on;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_session_timeout 10m;
ssl_ciphers 'EECDH+ECDSA+AESGCM:AES128+EECDH:AES128+EDH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!CAMELLIA:!ADH';
ssl_prefer_server_ciphers on;
ssl_stapling on;
# openssl dhparam -out /etc/ssl/dh.pem 1024
ssl_dhparam /etc/ssl/dh.pem;
ssl_certificate /path/ssl/domain_com.crt;
ssl_certificate_key /path/ssl/domain_com.key;
}
Заворачиваем все на https://www.domain.com
server {
listen 80;
server_name domain.com;
server_name www.domain.com;
return 301 https://www.domain.com$request_uri;
}
server {
listen 443 ssl;
server_name domain.com;
return 301 https://www.domain.com$request_uri;
}
server {
server_name www.domain.com;
listen 443 ssl;
}
Скрываем index.html и index.php
server {
if ($request_uri ~ "^\/index\.(?:php|html)$") {
rewrite ^ /$1 permanent;
}
}
Nginx + php-fpm. Ошибка: FastCGI sent in stderr: “Unable to open primary script: /home/dima/Dropbox/www/ucet/public_html/index.php (No such file or directory)”
FastCGI должен пройти полный путь до скрипта:
# хоть было так [email protected]:/home/dima# ls -la /home/dima/Dropbox/www/ucet/public_html/ total 136 drwxr-xr-x 10 dima dima 4096 мар 10 21:46 . drwxr-xr-x 13 dima dima 4096 мар 10 21:43 .. # не хватало chmod 755 /home/dima