Nginx notes

Install

https://www.nginx.com/resources/wiki/start/topics/tutorials/install/

Debian /etc/apt/sources.list

# replace $release 
deb http://nginx.org/packages/debian/ $release nginx
deb-src http://nginx.org/packages/debian/ $release nginx

Если нет ключа:

$ wget http://nginx.org/packages/keys/nginx_signing.key
$ cat nginx_signing.key | sudo apt-key add -
$ apt-get update

SSL

http {

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;.
    ssl_prefer_server_ciphers on;
    ssl_session_cache   shared:SSL:10m;
    ssl_session_timeout 5m;
    ssl_stapling on;
    resolver 8.8.8.8;
}

server {

    listen 443 ssl;
    ssl                         on;
    ssl_protocols               TLSv1.2 TLSv1.1 TLSv1;
    ssl_session_timeout         10m;
    ssl_ciphers                 'EECDH+ECDSA+AESGCM:AES128+EECDH:AES128+EDH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!CAMELLIA:!ADH';
    ssl_prefer_server_ciphers   on;
    ssl_stapling                on;

    # openssl dhparam -out /etc/ssl/dh.pem 1024
    ssl_dhparam                 /etc/ssl/dh.pem;

    ssl_certificate     /path/ssl/domain_com.crt;
    ssl_certificate_key /path/ssl/domain_com.key;

}

Заворачиваем все на https://www.domain.com

server {
    listen 80;
    server_name domain.com;
    server_name www.domain.com;
    return 301 https://www.domain.com$request_uri;
}

server {
    listen 443 ssl;
    server_name domain.com;
    return 301 https://www.domain.com$request_uri;
}

server {
    server_name www.domain.com;
    listen 443 ssl;

}

Скрываем index.html и index.php

server {

      if ($request_uri ~ "^\/index\.(?:php|html)$") {
            rewrite ^ /$1 permanent;
      } 

}

Nginx + php-fpm. Ошибка: FastCGI sent in stderr: “Unable to open primary script: /home/dima/Dropbox/www/ucet/public_html/index.php (No such file or directory)”
FastCGI должен пройти полный путь до скрипта:

# хоть было так 
[email protected]:/home/dima# ls -la /home/dima/Dropbox/www/ucet/public_html/
total 136
drwxr-xr-x 10 dima dima 4096 мар 10 21:46 .
drwxr-xr-x 13 dima dima 4096 мар 10 21:43 ..
# не хватало
chmod 755 /home/dima