server { listen 80; # ipv4 http listen [::]:80; # ipv6 http server_name hamburg.freifunk.net www.hamburg.freifunk.net freifunk.ffhh; access_log off; # Bitte nicht aktivieren. Wir wollen ja nicht die IPs unserer Visitor loggen. rewrite ^ https://hamburg.freifunk.net/ permanent; } server { listen 443 ssl; # ipv4 https listen [::]:443 ssl; # ipv6 https server_name hamburg.freifunk.net www.hamburg.freifunk.net freifunk.ffhh; access_log off; # Bitte nicht aktivieren. Wir wollen ja nicht die IPs unserer Visitor loggen. # Bitte nur zum Debuggen von schweren Fehlern das Log-File temporär setzen und dann anschließend die Logs löschen. # So stellen wir sicher, dass keine IPs geloggt werden. error_log /dev/null crit; client_max_body_size 16M; root /var/www/wordpress; index index.php index.html index.htm; ssl_certificate /etc/ssl/certs/hamburg.freifunk.net.crt; ssl_certificate_key /etc/ssl/private/hamburg.freifunk.net.key; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; # Only strong ciphers in PFS mode ssl_ciphers ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Don't allow to get framed by sites that aren't on the same domain add_header X-Frame-Options SAMEORIGIN; # Tell clients never to use http or self-signed (!) certificates # There's no way to bypass this option after it has been cached! add_header Strict-Transport-Security max-age=31536000; # This order might seem weird - this is attempted to match last if rules below fail. # http://wiki.nginx.org/HttpCoreModule location / { index index.php; try_files $uri $uri/ /index.php?$args; } # Directives to send expires headers and turn off 404 error logging. location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ { expires 24h; log_not_found off; } location ~ \.php$ { fastcgi_pass unix:/var/run/php5-fpm.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /var/www/wordpress$fastcgi_script_name; # fastcgi_param SCRIPT_FILENAME /var/www/default$fastcgi_script_name; include /etc/nginx/fastcgi_params; } }