Configs:
BackEnd:
server {
listen 80;
server_name site.domain.com;
charset utf-8;
root /var/www/site.domain.com;
index index.php index.html;
client_max_body_size 40m;
client_body_buffer_size 256k;
client_header_timeout 2m;
client_body_timeout 2m;
send_timeout 2m;
client_header_buffer_size 1k;
large_client_header_buffers 4 16k;
gzip on;
gzip_disable "msie6";
gzip_comp_level 6;
gzip_min_length 1100;
gzip_buffers 16 8k;
gzip_proxied any;
gzip_types text/plain application/xml application/javascript text/css text/js text/xml application/x-javascript text/javascript application/json application/xml+rss;
location ~* .(jpg|jpeg|gif|css|png|js|ico|html)$ {
access_log off;
expires max;
log_not_found off;
}
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~* .php$ {
try_files $uri = 404;
fastcgi_split_path_info ^(.+.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php8.2-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ /.ht {
deny all;
}
}
FrontEnd (Reverse proxy):
server {
listen 80;
server_name site.domain.com;
server_name_in_redirect off;
if ($scheme != "https") {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl http2;
server_name site.domain.com;
ssl_certificate /etc/letsencrypt/live/site.domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/site.domain.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/site.domain.com/chain.pem;
ssl_dhparam /etc/nginx/ssl/site.domain.com/dhparam.pem;
ssl_stapling on;
ssl_stapling_verify on;
ssl_session_timeout 5m;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers AES256+EECDH:AES256+EDH:!aNULL;
add_header Strict-Transport-Security "max-age=31536000";
location / {
proxy_pass http://172.23.11.22;
proxy_redirect off;
}
location ~* .php$ {
try_files $uri = 404;
fastcgi_split_path_info ^(.+.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php8.2-fpm.sock; # подключаем сокет php-fpm
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
include /etc/nginx/proxy_params;
}