2013-10-09 16:07:09 +00:00
|
|
|
server {
|
2013-12-11 11:58:17 +00:00
|
|
|
listen 443 ssl;
|
|
|
|
listen [::]:443 ipv6only=on;
|
2013-10-09 16:07:09 +00:00
|
|
|
|
|
|
|
access_log /var/log/nginx/fic.access_log;
|
2013-12-11 11:58:17 +00:00
|
|
|
error_log /var/log/nginx/fic.error_log;
|
2013-10-09 16:07:09 +00:00
|
|
|
|
2013-12-11 11:58:17 +00:00
|
|
|
root /srv/fic2014-server/htdocs;
|
|
|
|
index index.php;
|
|
|
|
|
|
|
|
ssl_certificate /srv/fic2014-server/misc/server.crt;
|
|
|
|
ssl_certificate_key /srv/fic2014-server/misc/server.key;
|
|
|
|
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
|
|
|
ssl_prefer_server_ciphers on;
|
|
|
|
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!ADH:!AECDH:!MD5:!DSS;
|
|
|
|
ssl_client_certificate /srv/fic2014-server/misc/pki/cacert.crt;
|
|
|
|
ssl_verify_client on;
|
|
|
|
add_header Strict-Transport-Security "max-age=2592000; includeSubdomains";
|
|
|
|
|
|
|
|
if ($ssl_client_s_dn !~ "/C=FR/ST=France/O=Epita/OU=SRS/")
|
|
|
|
{
|
|
|
|
return 401;
|
|
|
|
}
|
2013-10-09 16:07:09 +00:00
|
|
|
|
|
|
|
location / {
|
|
|
|
if (-f $request_filename) {
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
if (-d $request_filename) {
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
rewrite ^/(.*)$ /index.php?p=$1 last;
|
|
|
|
}
|
|
|
|
|
|
|
|
location ~* \favicon.ico$ {
|
|
|
|
access_log off;
|
|
|
|
expires 1d;
|
|
|
|
add_header Cache-Control public;
|
|
|
|
}
|
|
|
|
|
2013-11-08 14:47:55 +00:00
|
|
|
location ~ ^/(img|js|css)/ {
|
2013-10-09 16:07:09 +00:00
|
|
|
access_log off;
|
|
|
|
expires 7d;
|
|
|
|
add_header Cache-Control public;
|
|
|
|
}
|
|
|
|
|
|
|
|
location ~ /(\.ht|\.git|\.svn|\.onyx) {
|
|
|
|
deny all;
|
|
|
|
}
|
|
|
|
|
|
|
|
location ~ .*.php$
|
|
|
|
{
|
|
|
|
if (!-e $document_root$document_uri) { return 404; }
|
|
|
|
include /etc/nginx/fastcgi.conf;
|
2013-12-11 11:58:17 +00:00
|
|
|
fastcgi_pass unix:/var/run/php5-fpm.sock;
|
2013-10-09 16:07:09 +00:00
|
|
|
fastcgi_index index.php;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|