server { listen 80 default_server; server_name gsmamarketplace.mydomain.com; return 301 https://$server_name$request_uri; location /status { stub_status on; access_log off; allow 127.0.0.1; deny all; } } server { listen 443 ssl; server_name gsmamarketplace.mydomain.com; ssl_protocols TLSv1.3 TLSv1.2; ssl_stapling on; ssl_stapling_verify on; ssl_certificate /etc/letsencrypt/live/gsmamarketplace.mydomain.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/gsmamarketplace.mydomain.com/privkey.pem; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; root /var/www/html/gsmamarketplace/web; ssl_prefer_server_ciphers on; ssl_dhparam /etc/pki/tls/certs/gsmamarketplace.mydomain.com/dhparam.pem; add_header Strict-Transport-Security: max-age=63072000; index index.php index.html index.htm; # Make site accessible from http://localhost/ # server_name _:; location /solr { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_pass "https://localhost:8983"; } # error_page 404 /404.html; #location = /40x.html { # } fastcgi_intercept_errors on; error_page 502 504 /50x.html; error_page 500 /error-500.html; location = /error-500.html { root /var/www/html/gsmamarketplace/web/servererrorpages/error-pages-500-503/html; # index /error-500.html; } error_page 503 /error-503.html; location = /error-503.html { root /var/www/html/gsmamarketplace/web/servererrorpages/error-pages-500-503/html; # index /error-503.html; } location /apis/* { add_header 'Content-Type' 'application/json charset=UTF-8'; error_page 500 '{"error": {"status_code": 500,"status": "Internal Server error"}}'; } location / { # First attempt to serve request as file, then # as directory, then fall back to displaying a 404. ### try_files $uri $uri/ =404; try_files $uri /index.php?$query_string; # Uncomment to enable naxsi on this location # include /etc/nginx/naxsi.rules } location ^~ /simplesaml { alias /var/www/html/gsmamarketplace/simplesamlphp/www; location ~ ^(?/simplesaml)(?.+?\.php)(?/.*)?$ { include fastcgi_params; fastcgi_pass 127.0.0.1:9000; fastcgi_split_path_info ^(.+?\.php)(/.+)$; fastcgi_param SCRIPT_FILENAME $document_root$phpfile; fastcgi_param PATH_INFO $pathinfo if_not_empty; } } # error_page 404 /404.html; # error_page 500 502 503 504 /50x.html; #location = /50x.html { # root /usr/share/nginx/html; # } location ~ \.php$ { include fastcgi.conf; #fastcgi_pass unix:/run/php/php7.2-fpm.sock; fastcgi_pass 127.0.0.1:9000; fastcgi_read_timeout 300s; } location ^~ /core/install.php { deny all; } # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht { # deny all; #} }