2014-08-26 00:19:25 +02:00
|
|
|
server {
|
2014-11-15 00:38:22 +01:00
|
|
|
listen [::]:80;
|
2014-08-26 00:19:25 +02:00
|
|
|
|
2014-11-04 23:50:07 +01:00
|
|
|
server_name hamburg.freifunk.net www.hamburg.freifunk.net freifunk.ffhh;
|
|
|
|
access_log off; # Bitte nicht aktivieren. Wir wollen ja nicht die IPs unserer Visitor loggen.
|
|
|
|
|
2014-11-06 16:41:16 +01:00
|
|
|
rewrite ^ https://$server_name$request_uri? permanent;
|
2014-11-04 23:50:07 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
server {
|
2014-11-15 00:38:22 +01:00
|
|
|
listen [::]:443 ssl;
|
2014-08-26 00:19:25 +02:00
|
|
|
|
|
|
|
server_name hamburg.freifunk.net www.hamburg.freifunk.net freifunk.ffhh;
|
|
|
|
|
|
|
|
access_log off; # Bitte nicht aktivieren. Wir wollen ja nicht die IPs unserer Visitor loggen.
|
|
|
|
|
|
|
|
# Bitte nur zum Debuggen von schweren Fehlern das Log-File temporär setzen und dann anschließend die Logs löschen.
|
|
|
|
# So stellen wir sicher, dass keine IPs geloggt werden.
|
|
|
|
error_log /dev/null crit;
|
|
|
|
|
|
|
|
client_max_body_size 16M;
|
|
|
|
|
|
|
|
root /var/www/wordpress;
|
|
|
|
index index.php index.html index.htm;
|
|
|
|
|
|
|
|
|
2014-10-18 19:46:32 +02:00
|
|
|
ssl_certificate /etc/ssl/certs/hamburg.freifunk.net.crt;
|
|
|
|
ssl_certificate_key /etc/ssl/private/hamburg.freifunk.net.key;
|
2014-08-26 00:19:25 +02:00
|
|
|
|
|
|
|
ssl_prefer_server_ciphers on;
|
|
|
|
ssl_session_cache shared:SSL:10m;
|
|
|
|
ssl_session_timeout 10m;
|
|
|
|
|
|
|
|
# Only strong ciphers in PFS mode
|
|
|
|
ssl_ciphers ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA;
|
2014-10-14 16:28:17 +02:00
|
|
|
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
2014-08-26 00:19:25 +02:00
|
|
|
|
|
|
|
|
|
|
|
# Don't allow to get framed by sites that aren't on the same domain
|
|
|
|
add_header X-Frame-Options SAMEORIGIN;
|
|
|
|
|
|
|
|
# Tell clients never to use http or self-signed (!) certificates
|
|
|
|
# There's no way to bypass this option after it has been cached!
|
2014-11-04 23:50:07 +01:00
|
|
|
add_header Strict-Transport-Security max-age=31536000;
|
2014-08-26 00:19:25 +02:00
|
|
|
|
|
|
|
# This order might seem weird - this is attempted to match last if rules below fail.
|
|
|
|
# http://wiki.nginx.org/HttpCoreModule
|
|
|
|
location / {
|
|
|
|
index index.php;
|
|
|
|
try_files $uri $uri/ /index.php?$args;
|
|
|
|
}
|
|
|
|
|
|
|
|
# Directives to send expires headers and turn off 404 error logging.
|
|
|
|
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
|
|
|
|
expires 24h;
|
|
|
|
log_not_found off;
|
|
|
|
}
|
|
|
|
|
|
|
|
location ~ \.php$ {
|
|
|
|
fastcgi_pass unix:/var/run/php5-fpm.sock;
|
|
|
|
fastcgi_index index.php;
|
|
|
|
fastcgi_param SCRIPT_FILENAME /var/www/wordpress$fastcgi_script_name;
|
|
|
|
# fastcgi_param SCRIPT_FILENAME /var/www/default$fastcgi_script_name;
|
|
|
|
include /etc/nginx/fastcgi_params;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|