server { listen 12.234.456.67:80; server_name domaine1.fr www.domaine1.fr; ## Redirige le HTTP vers le HTTPS ## return 301 https://$server_name$request_uri; } server { server_name domaine1.fr www.domaine1.fr; listen 12.234.456.67:443; root /home/domaine1/public_html; index index.php; access_log /var/log/virtualmin/domaine1.fr_access_log; error_log /var/log/virtualmin/domaine1.fr_error_log; fastcgi_param GATEWAY_INTERFACE CGI/1.1; fastcgi_param SERVER_SOFTWARE nginx; fastcgi_param QUERY_STRING $query_string; fastcgi_param REQUEST_METHOD $request_method; fastcgi_param CONTENT_TYPE $content_type; fastcgi_param CONTENT_LENGTH $content_length; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; #fastcgi_param SCRIPT_FILENAME /home/domaine1/public_html$fastcgi_script_name; fastcgi_param SCRIPT_NAME $fastcgi_script_name; fastcgi_param REQUEST_URI $request_uri; fastcgi_param DOCUMENT_URI $document_uri; fastcgi_param DOCUMENT_ROOT /home/domaine1/public_html; fastcgi_param SERVER_PROTOCOL $server_protocol; fastcgi_param REMOTE_ADDR $remote_addr; fastcgi_param REMOTE_PORT $remote_port; fastcgi_param SERVER_ADDR $server_addr; fastcgi_param SERVER_PORT $server_port; fastcgi_param SERVER_NAME $server_name; fastcgi_param HTTPS $https; location / { # try_files $uri $uri/ =404; #try_files $uri $uri/ /index.php?q=$uri&$args; try_files $uri $uri/ /index.php?$args; #index index.php; } location ~ \.php$ { fastcgi_split_path_info ^(.+?\.php)(/.*)$; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_TRANSLATED $document_root$fastcgi_script_name; include fastcgi_params; #index index.php; #include snippets/fastcgi-php.conf; #try_files $uri =404; #fastcgi_pass unix:/var/php-nginx/149995329949757.sock/socket; fastcgi_pass unix:/run/php/php7.0-fpm.sock; #fastcgi_buffers 256 16k; #fastcgi_buffer_size 128k; #fastcgi_busy_buffers_size 256k; #fastcgi_temp_file_write_size 256k; #fastcgi_read_timeout 240; #fastcgi_intercept_errors on; #fastcgi_split_path_info ^(.+?\.php)(/.*)$; #if (!-f $document_root$fastcgi_script_name) { # return 404; #} } location ~ /\.ht { deny all; } location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ { expires 31536000s; add_header Pragma "public"; add_header Cache-Control "max-age=31536000, public"; log_not_found off; access_log off; } #listen 12.234.456.67:443 ssl http2; ssl_certificate /home/domaine1/ssl.cert; ssl_certificate_key /home/domaine1/ssl.key; ssl_session_tickets off; ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS'; # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits ssl_dhparam /etc/ssl/private/dhparams_2048.pem; # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months) add_header Strict-Transport-Security max-age=15768000; # OCSP Stapling --- # fetch OCSP records from URL in ssl_certificate and cache them ssl_stapling on; ssl_stapling_verify on; }