+# Nginx basic configuration
+# Features
+# * HTTPS only
+# * PHP fastcgi
+user http http;
+worker_processes 1;
+#error_log logs/error.log;
+#error_log logs/error.log notice;
+#error_log logs/error.log info;
+#error_log logs/debug.log debug;
+#pid logs/;
+events {
+ worker_connections 1024;
+http {
+ root /srv/http/;
+ include mime.types;
+ default_type application/octet-stream;
+ ssl_session_cache shared:SSL:10m;
+ ssl_session_timeout 10m;
+ ssl_protocols SSLv2 SSLv3 TLSv1;
+ ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
+ ssl_prefer_server_ciphers on;
+ #log_format main '$remote_addr - $remote_user [$time_local] "$request" '
+ # '$status $body_bytes_sent "$http_referer" '
+ # '"$http_user_agent" "$http_x_forwarded_for"';
+ #access_log logs/access.log main;
+ sendfile on;
+ #tcp_nopush on;
+ #keepalive_timeout 0;
+ keepalive_timeout 65;
+ #gzip on;
+# Redirect insecure connections to secure one
+ server {
+ listen 80;
+ server_name %HOSTNAME%;
+ rewrite ^(.*) https://$server_name$1 permanent;
+ }
+ # HTTPS server
+ #
+ # Install scripts should change %HOSTNAME% into real hostname
+ server {
+ listen 443 default ssl;
+ server_name %HOSTNAME%;
+ root /srv/http/%HOSTNAME%;
+ #ssl on;
+ ssl_certificate /etc/ssl/certs/local.crt;
+ ssl_certificate_key /etc/ssl/private/local.key;
+ location / {
+ index index.html index.htm index.php;
+ }
+ location ~ \.(php|inc)$ {
+ include fastcgi_params;
+ fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
+ fastcgi_index index.php;
+ fastcgi_param SCRIPT_FILENAME /srv/http/%HOSTNAME%/$fastcgi_script_name;
+ }
+ }