summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--overlay/etc/nginx/conf/nginx.conf81
1 files changed, 81 insertions, 0 deletions
diff --git a/overlay/etc/nginx/conf/nginx.conf b/overlay/etc/nginx/conf/nginx.conf
new file mode 100644
index 0000000..6ee28b9
--- /dev/null
+++ b/overlay/etc/nginx/conf/nginx.conf
@@ -0,0 +1,81 @@
+# Nginx basic configuration
+# Features
+# * HTTPS only
+# * PHP fastcgi
+
+user http http;
+worker_processes 1;
+
+#error_log logs/error.log;
+#error_log logs/error.log notice;
+#error_log logs/error.log info;
+#error_log logs/debug.log debug;
+
+#pid logs/nginx.pid;
+
+
+events {
+ worker_connections 1024;
+}
+
+
+http {
+ root /srv/http/;
+ include mime.types;
+ default_type application/octet-stream;
+
+#
+ ssl_session_cache shared:SSL:10m;
+ ssl_session_timeout 10m;
+
+ ssl_protocols SSLv2 SSLv3 TLSv1;
+ ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
+ ssl_prefer_server_ciphers on;
+
+ #log_format main '$remote_addr - $remote_user [$time_local] "$request" '
+ # '$status $body_bytes_sent "$http_referer" '
+ # '"$http_user_agent" "$http_x_forwarded_for"';
+
+ #access_log logs/access.log main;
+
+ sendfile on;
+ #tcp_nopush on;
+
+ #keepalive_timeout 0;
+ keepalive_timeout 65;
+
+ #gzip on;
+
+# Redirect insecure connections to secure one
+ server {
+ listen 80;
+ server_name %HOSTNAME%;
+
+ rewrite ^(.*) https://$server_name$1 permanent;
+ }
+
+ # HTTPS server
+ #
+ # Install scripts should change %HOSTNAME% into real hostname
+ server {
+ listen 443 default ssl;
+ server_name %HOSTNAME%;
+ root /srv/http/%HOSTNAME%;
+
+ #ssl on;
+ ssl_certificate /etc/ssl/certs/local.crt;
+ ssl_certificate_key /etc/ssl/private/local.key;
+
+
+ location / {
+ index index.html index.htm index.php;
+ }
+
+ location ~ \.(php|inc)$ {
+ include fastcgi_params;
+ fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
+ fastcgi_index index.php;
+ fastcgi_param SCRIPT_FILENAME /srv/http/%HOSTNAME%/$fastcgi_script_name;
+ }
+ }
+}