server { listen 80; listen [::]:80; server_name donzo.ru www.donzo.ru; root /var/www/donzo.ru/public_html; location ^~ /.well-known/acme-challenge/ { allow all; default_type "text/plain"; } location / { return 301 https://$host$request_uri; } } server { listen 443 ssl http2; listen [::]:443 ssl http2; # ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_certificate /etc/pki/donzo.ru/donzo.ru.bundle.crt; ssl_certificate_key /etc/pki/donzo.ru/donzo.ru.key; keepalive_timeout 60; ssl_protocols TLSv1.2; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; ssl_prefer_server_ciphers off; add_header Strict-Transport-Security 'max-age=31536000'; ssl_dhparam /etc/pki/self/dhparams.pem; server_name www.donzo.ru; root /var/www/donzo.ru/public_html; access_log /var/log/nginx/donzo.ru-access.log main; error_log /var/log/nginx/donzo.ru-error.log error; location ^~ /.well-known/acme-challenge/ { allow all; default_type "text/plain"; } location / { return 301 https://donzo.ru$request_uri; } } server { listen 443 ssl http2; listen [::]:443 ssl http2; # ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_certificate /etc/pki/donzo.ru/donzo.ru.bundle.crt; ssl_certificate_key /etc/pki/donzo.ru/donzo.ru.key; keepalive_timeout 60; ssl_protocols TLSv1.2; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; ssl_prefer_server_ciphers off; add_header Strict-Transport-Security 'max-age=31536000'; ssl_dhparam /etc/pki/self/dhparams.pem; server_name donzo.ru; root /var/www/donzo.ru/public_html; access_log /var/log/nginx/donzo.ru-access.log main; error_log /var/log/nginx/donzo.ru-error.log error; set $OPEN_BASEDIR /var/www/donzo.ru; set $SENDMAIL_PATH "sendmail_path=/usr/sbin/sendmail -t -i -f noreply@donzo.ru"; error_page 401 /index.php?bff=errors&errno=401; error_page 403 /index.php?bff=errors&errno=403; error_page 404 /index.php?bff=errors&errno=404; error_page 500 /index.php?bff=errors&errno=500; error_page 501 /index.php?bff=errors&errno=501; error_page 502 /index.php?bff=errors&errno=502; error_page 504 /index.php?bff=errors&errno=504; index index.php; location = /robots.txt { access_log off; log_not_found off; try_files $uri @rewrites;} location ~ /\. { access_log off; log_not_found off; deny all; } location ~ ~$ { access_log off; log_not_found off; deny all; } location ~* \.(js|css|png|jpg|jpeg|gif|ico|swf|flv|eot|ttf|woff|pdf|xls|htc)$ { add_header Pragma "public"; add_header Cache-Control "public, must-revalidate, proxy-revalidate"; access_log off; log_not_found off; expires 360d; try_files $uri @rewrites; } location ~* ^/(files|styles|css|img|rss|seo)/.*\.(php|php2|php3|php4|php5)$ { deny all; } location ~ /\. { deny all; access_log off; log_not_found off; } if ($request_uri ~ " " ) { return 404; } if ($SENDMAIL_PATH = ''){ set $SENDMAIL_PATH "sendmail_path=/usr/sbin/sendmail -t -i"; } location ^~ /.well-known/acme-challenge/ { allow all; default_type "text/plain"; } location ~* \.php$ { try_files $uri =404; fastcgi_pass unix:/var/run/php-fpm/donzoru.sock; fastcgi_index index.php; fastcgi_split_path_info ^(.+\.php)(.*)$; if (!-f $document_root$fastcgi_script_name) { return 404; } fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_NAME $fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param PHP_ADMIN_VALUE "open_basedir=$OPEN_BASEDIR:/tmp/\n$SENDMAIL_PATH"; include fastcgi_params; } location / { try_files $uri $uri/ @rewrites; } location @rewrites { rewrite ^ /index.php last; } }