moodle-ssl.conf 1.5 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061
  1. server {
  2. listen 80;
  3. listen [::]:80;
  4. server_name localhost;
  5. # Redirect HTTP to HTTPS
  6. return 301 https://$host$request_uri;
  7. }
  8. server {
  9. # SSL configuration
  10. #
  11. listen 443 ssl;
  12. listen [::]:443;
  13. ssl_certificate /etc/nginx/ssl/localhost.crt;
  14. ssl_certificate_key /etc/nginx/ssl/localhost.key;
  15. #
  16. # Note: You should disable gzip for SSL traffic.
  17. # See: https://bugs.debian.org/773332
  18. gzip off;
  19. #
  20. # Read up on ssl_ciphers to ensure a secure configuration.
  21. # See: https://bugs.debian.org/765782
  22. root /var/www/moodle;
  23. # Add index.php to the list if you are using PHP
  24. index index.php index.html index.htm;
  25. server_name localhost;
  26. access_log /var/log/nginx/moodle-access.log;
  27. error_log /var/log/nginx/moodle-error.log;
  28. # Activate HSTS (HTTP Strict Transport Security)
  29. # Note: reinclude if in a location a header is set
  30. include snippets/hsts.conf;
  31. # Allow favicon.ico, robots.txt, .well-known/
  32. # Deny *.txt, *.log, .*/*.php, .*, *.json, .lock, *.ht
  33. include snippets/allowed.conf;
  34. include snippets/denied.conf;
  35. location / {
  36. # First attempt to serve request as file, then
  37. # as directory, then fall back to displaying a 404.
  38. try_files $uri $uri/ =404;
  39. }
  40. # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
  41. #
  42. location ~ [^/]\.php(/|$) {
  43. fastcgi_split_path_info ^(.+\.php)(/.+)$;
  44. fastcgi_index index.php;
  45. fastcgi_pass unix:/run/php/php7.2-fpm.sock;
  46. include fastcgi_params;
  47. fastcgi_param PATH_INFO $fastcgi_path_info;
  48. fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
  49. }
  50. }