server { listen 80; server_name xxx.cn; rewrite ^(.*)$ https://www.${server_name}$1 permanent; } server { listen 80; server_name www.xxx.cn; rewrite ^(.*)$ https://${server_name}$1 permanent; } server { listen 443; ssl on; server_name xxx.cn; rewrite ^(.*)$ https://www.${server_name}$1 permanent; ssl_certificate /etc/nginx/cert/xxxxxxx.pem; ssl_certificate_key /etc/nginx/cert/xxxxxxx.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; } server { listen 443; server_name www.xxx.cn; ssl on; # SSL configuration # # listen 443 ssl default_server; # listen [::]:443 ssl default_server; # # Note: You should disable gzip for SSL traffic. # See: https://bugs.debian.org/773332 # # Read up on ssl_ciphers to ensure a secure configuration. # See: https://bugs.debian.org/765782 # # Self signed certs generated by the ssl-cert package # Don't use them in a production server! # # include snippets/snakeoil.conf; root /xxxx/public; # Add index.php to the list if you are using PHP index index.php index.htm index.html; ssl_certificate /etc/nginx/cert/xxxxxxx.pem; ssl_certificate_key /etc/nginx/cert/xxxxxx.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; location / { # First attempt to serve request as file, then # as directory, then fall back to displaying a 404. # try_files $uri $uri/ =404; try_files $uri $uri/ /index.php?$query_string; } # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # location ~ \.php$ { include snippets/fastcgi-php.conf; # With php7.0-cgi alone: #fastcgi_pass 127.0.0.1:9000; # With php7.2-fpm: fastcgi_pass unix:/run/php/php7.2-fpm.sock; } }
