32 lines
870 B
Plaintext
32 lines
870 B
Plaintext
|
|
server {
|
|
listen 80;
|
|
server_name {{ common_name }};
|
|
rewrite ^ https://{{ common_name }}\$request_uri?;
|
|
}
|
|
|
|
server {
|
|
root /var/www/html;
|
|
add_header X-Frame-Options "DENY";
|
|
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
|
|
listen 443 ssl;
|
|
server_name $NAME;
|
|
client_max_body_size 10G;
|
|
ssl_certificate {{certificate_path}};
|
|
ssl_certificate_key {{key_path}};
|
|
ssl_client_certificate {{authority_path}};
|
|
|
|
# Uncomment following to enable mutual authentication with certificates
|
|
#ssl_crl {{revocations_path}};
|
|
#ssl_verify_client on;
|
|
|
|
location ~ \.php\$ {
|
|
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
|
fastcgi_pass unix:/run/php5-fpm.sock;
|
|
fastcgi_index index.php;
|
|
fastcgi_param REMOTE_USER \$ssl_client_s_dn_cn;
|
|
include fastcgi_params;
|
|
}
|
|
}
|
|
|