oxid/config.inc.php - zcela nelogicky funguje nasledující nastavení
$this->sShopURL = 'https://www.domain.com'; // eShop base url, required
$this->sSSLShopURL = 'https://www.domain.com';
$this->sAdminSSLURL = null;
sites-enabled/domain.com - standartní instalace s ssl a přesměrováním
server {
listen 80;
server_name domain.com;
location ^~ /redmine/ {
rewrite ^/redmine/(.*) http://redmine.domain.com/$1 permanent;
}
location / {
rewrite ^ https://$server_name$request_uri? permanent;
}
}
server {
listen 443 ssl ;
listen [::]:443 ssl ;
server_name www.domain.com domain.com;
set $script_name $fastcgi_script_name;
set $fcgi_php unix:/var/run/php5-fpm.sock;
root /var/www/oxid4;
index index.php index.html;
if ($request_method ~ ^(TRACE|TRACK)$ ) {
return 403;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ (/\.|EXCEPTION_LOG\.txt|\.log$|\.tpl$|pkg.rev) {
deny all;
}
location ~ /out/pictures/.*(\.jpg|\.gif|\.png)$ {
try_files $uri /core/utils/getimg.php;
}
location ~ ^/(admin|setup)/?$ {
}
location ~ /(core|export|modules|out|tmp|views)/ {
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_index index.php;
include fastcgi_params.oxid;
fastcgi_pass $fcgi_php;
}
location / {
fastcgi_index index.php;
set $script_name $fastcgi_script_name;
if (!-e $request_filename) {
set $script_name /oxseo.php;
fastcgi_pass $fcgi_php;
}
include fastcgi_params.oxid;
}
location ^~ /redmine/ {
rewrite ^/redmine/(.*) http://redmine.domain.com/$1 permanent;
}
ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem;
ssl_prefer_server_ciphers On;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 10m;
add_header Strict-Transport-Security "max-age=31536000";
}
Žádné komentáře:
Okomentovat