NGINX Config

Use the following configuration if you are installing on NGINX.
In the sample code config, there are some variables that you need to change manually based on your server.

server {
        listen Your_IP_ADDRESS_HERE:443 http2;
        # If you don't have http2 support, delete http2 here
            server_name domain.com http://www.domain.com;
            root /var/www/domain.com/;
            index index.php index.html index.htm;
            access_log /var/log/nginx/domains/domain.com.log combined;
            error_log /var/log/nginx/domains/domain.com.error.log error;
            add_header Strict-Transport-Security "max-age=31536000; includeSubdomains" always;
            add_header X-Frame-Options SAMEORIGIN;
            add_header X-Content-Type-Options nosniff;
            add_header X-XSS-Protection "1; mode=block";

        # If you dont want SSL, please remove ssl section below and add :80 instead of :443 on top server definition 
            ssl on;
            ssl_certificate /path/to/ssl.pem;
            ssl_certificate_key /path/to/ssl.key;
            ssl_session_timeout 5m;

        # To generate the following DHPARAM.PEM file, run first the following command on the server:
        # openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048
        # Il will take at least 20 minutes!
        # If you don't want it, comment the following line 

            ssl_dhparam /etc/ssl/certs/dhparam.pem; 

            ssl_prefer_server_ciphers on;
            resolver 8.8.8.8;
            ssl_stapling on;
            ssl_trusted_certificate /path/to/ssl.pem;
            # same certificate as up


        location / {
            try_files $uri $uri/ /index.php?/$request_uri;
            add_header Strict-Transport-Security "max-age=31536000; includeSubdomains" always;
            add_header X-Frame-Options SAMEORIGIN;
            add_header X-Content-Type-Options nosniff;
            add_header X-XSS-Protection "1; mode=block";

            location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
            expires max;
        }

        location ~ [^/]\.php(/|$) {
            add_header Strict-Transport-Security "max-age=31536000; includeSubdomains" always;
            add_header X-Frame-Options SAMEORIGIN;
            add_header X-Content-Type-Options nosniff;
            add_header X-XSS-Protection "1; mode=block";
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            if (!-f $document_root$fastcgi_script_name) {
            return 404;
        }
            fastcgi_read_timeout 300;
            fastcgi_pass 127.0.0.1:9002;
            fastcgi_index index.php;
            include /etc/nginx/fastcgi_params;
            # modify this path if OS flavor different than Ubuntu/Debian
        }
        
        location /backups {
		    deny all;
		    return 404;
        }

        # Optional, disallow access to this directories and folders
        location ~* "/\.(htaccess|htpasswd|git|svn)$" {
            deny all;
            return 404;
        }
    }
}
Related Articles