nginx

Install

https://www.nginx.com/resources/wiki/start/topics/tutorials/install/

Debian /etc/apt/sources.list

# replace $release 
deb http://nginx.org/packages/debian/ $release nginx
deb-src http://nginx.org/packages/debian/ $release nginx

Если нет ключа:

$ wget http://nginx.org/packages/keys/nginx_signing.key
$ cat nginx_signing.key | sudo apt-key add -
$ apt-get update

Setup

SSL

http {

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;.
    ssl_prefer_server_ciphers on;
    ssl_session_cache   shared:SSL:10m;
    ssl_session_timeout 5m;
    ssl_stapling on;
    resolver 8.8.8.8;
}

server {

    listen 443 ssl;
    ssl                         on;
    ssl_protocols               TLSv1.2 TLSv1.1 TLSv1;
    ssl_session_timeout         10m;
    ssl_ciphers                 'EECDH+ECDSA+AESGCM:AES128+EECDH:AES128+EDH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!CAMELLIA:!ADH';
    ssl_prefer_server_ciphers   on;
    ssl_stapling                on;

    # openssl dhparam -out /etc/ssl/dh.pem 1024
    ssl_dhparam                 /etc/ssl/dh.pem;

    ssl_certificate     /path/ssl/domain_com.crt;
    ssl_certificate_key /path/ssl/domain_com.key;

}

Заворачиваем все на https://www.domain.com

server {
    listen 80;
    server_name domain.com;
    server_name www.domain.com;
    return 301 https://www.domain.com$request_uri;
}

server {
    listen 443 ssl;
    server_name domain.com;
    return 301 https://www.domain.com$request_uri;
}

server {
    server_name www.domain.com;
    listen 443 ssl;

}

Скрываем index.html и index.php

server {

      if ($request_uri ~ "^\/index\.(?:php|html)$") {
            rewrite ^ /$1 permanent;
      } 

}

Deep debug: start one process without workers(forking) for trace

strace nginx -g "daemon off; master_process off;"