Ixonn Group

NGINX Config

You are here:
< All Topics

Use the following configuration if you are installing on NGINX.
In the sample code config, there are some variables that you need to change manually based on your server.

Advanced Config

server {

        listen Your_IP_ADDRESS_HERE:443 http2;

        # If you don’t have http2 support, delete http2 here

            server_name domain.com http://www.domain.com;

            root /var/www/domain.com/;

            index index.php index.html index.htm;

            access_log /var/log/nginx/domains/domain.com.log combined;

            error_log /var/log/nginx/domains/domain.com.error.log error;

            add_header Strict-Transport-Security “max-age=31536000; includeSubdomains” always;

            add_header X-Frame-Options SAMEORIGIN;

            add_header X-Content-Type-Options nosniff;

            add_header X-XSS-Protection “1; mode=block”;

 

        # If you dont want SSL, please remove ssl section below and add :80 instead of :443 on top server definition

            ssl on;

            ssl_certificate /path/to/ssl.pem;

            ssl_certificate_key /path/to/ssl.key;

            ssl_session_timeout 5m;

 

        # To generate the following DHPARAM.PEM file, run first the following command on the server:

        # openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048

        # Il will take at least 20 minutes!

        # If you don’t want it, comment the following line

 

            ssl_dhparam /etc/ssl/certs/dhparam.pem;

 

            ssl_prefer_server_ciphers on;

            resolver 8.8.8.8;

            ssl_stapling on;

            ssl_trusted_certificate /path/to/ssl.pem;

            # same certificate as up

 

 

        location / {

            try_files $uri $uri/ /index.php?/$request_uri;

            add_header Strict-Transport-Security “max-age=31536000; includeSubdomains” always;

            add_header X-Frame-Options SAMEORIGIN;

            add_header X-Content-Type-Options nosniff;

            add_header X-XSS-Protection “1; mode=block”;

 

            location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {

            expires max;

        }

 

        location ~ [^/]\.php(/|$) {

            add_header Strict-Transport-Security “max-age=31536000; includeSubdomains” always;

            add_header X-Frame-Options SAMEORIGIN;

            add_header X-Content-Type-Options nosniff;

            add_header X-XSS-Protection “1; mode=block”;

            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

            if (!-f $document_root$fastcgi_script_name) {

            return 404;

        }

            fastcgi_read_timeout 300;

            fastcgi_pass 127.0.0.1:9002;

            fastcgi_index index.php;

            include /etc/nginx/fastcgi_params;

            # modify this path if OS flavor different than Ubuntu/Debian

        }

       

        location /backups {

                   deny all;

                   return 404;

        }

 

        # Optional, disallow access to this directories and folders

        location ~* “/\.(htaccess|htpasswd|git|svn)$” {

            deny all;

            return 404;

        }

    }

}

Simple Config

server {

        server_name yourdomain.com www.yourdomain.com;

 

        root /path/to/your/website.com/;

        index index.html index.php;

 

        # set expiration of assets to MAX for caching

        location ~* \.(ico|css|js|gif|jpe?g|png)(\?[0-9]+)?$ {

                expires max;

                log_not_found off;

        }

 

        location / {

                # Check if a file or directory index file exists, else route it to index.php.

                try_files $uri $uri/ /index.php;

        }

       

        location /backups {

                deny all;

                return 404;

        }

 

        location ~* \.php$ {

                fastcgi_pass 127.0.0.1:9000;

                include fastcgi.conf;

        }

}

Related Articles

Table of Contents
Scroll Up