Oxid 4.9.6 +Nginx + letsencrypt + phpfpm

 Funkční konfigurace nginx

server {
    listen 80;
    listen [::]:80;
    server_name site.cz;

        location ~ /.well-known {
                allow all;
        }

    access_log      /var/log/nginx/site.cz.access.log;
    error_log       /var/log/nginx/site.cz.error.log;


       server_name www.site.cz site.cz;

       set $script_name $fastcgi_script_name;
       set $fcgi_php unix:/var/run/php5-fpm.sock;

       root /var/www/oxid4;


       index index.php index.html;

      if ($request_method ~ ^(TRACE|TRACK)$ ) {
               return 403;
      }

       location = /favicon.ico {
                log_not_found off;
                access_log off;
       }
       location = /robots.txt {
                allow all;
                log_not_found off;
                access_log off;
       }

       location ~ (/\.|EXCEPTION_LOG\.txt|\.log$|\.tpl$|pkg.rev) {
                deny all;
       }

      location ~ /out/pictures/.*(\.jpg|\.gif|\.png)$ {
               try_files $uri /getimg.php;
      }

      location ~ ^/(admin|setup)/?$ {
      }

      location ~ /(core|export|modules|out|tmp|views)/ {
      }




       location = /oxseo.php {
                if ($args ~ "mod_rewrite_module_is=off") {
                       rewrite /oxseo.php /oxseo.php?mod_rewrite_module_is=on? break;
                }
           try_files $uri =404;
           fastcgi_split_path_info ^(.+\.php)(/.+)$;
           fastcgi_index index.php;
           include fastcgi_params.oxid;
           fastcgi_pass $fcgi_php;
       }
       location ~ \.php$ {
           try_files $uri =404;
           fastcgi_split_path_info ^(.+\.php)(/.+)$;
           fastcgi_index index.php;
           include fastcgi_params.oxid;
           fastcgi_pass $fcgi_php;
       }

       location / {
           fastcgi_index index.php;
           set $script_name $fastcgi_script_name;
           if (!-e $request_filename) {
               set $script_name /oxseo.php;
               fastcgi_pass $fcgi_php;
           }
           include fastcgi_params.oxid;
       }


}

# Default server configuration
#
server {
    # SSL configuration
    #
    listen 443 ssl ;
    listen [::]:443 ssl ;

    access_log      /var/log/nginx/site.cz.access.log;
    error_log       /var/log/nginx/site.cz.error.log;

       server_name www.site.cz site.cz;

       set $script_name $fastcgi_script_name;
       set $fcgi_php unix:/var/run/php5-fpm.sock;

       root /var/www/oxid4;

       index index.php index.html;

      if ($request_method ~ ^(TRACE|TRACK)$ ) {
               return 403;
      }

       location = /favicon.ico {
                log_not_found off;
                access_log off;
       }
       location = /robots.txt {
                allow all;
                log_not_found off;
                access_log off;
       }

       location ~ (/\.|EXCEPTION_LOG\.txt|\.log$|\.tpl$|pkg.rev) {
                deny all;
       }

      location ~ /out/pictures/.*(\.jpg|\.gif|\.png)$ {
               try_files $uri /getimg.php;
      }

      location ~ ^/(admin|setup)/?$ {
      }

      location ~ /(core|export|modules|out|tmp|views)/ {
      }


       location ~ \.php$ {
           try_files $uri =404;
           fastcgi_split_path_info ^(.+\.php)(/.+)$;
           fastcgi_index index.php;
           include fastcgi_params.oxid;
           fastcgi_pass $fcgi_php;
       }

       location / {
           fastcgi_index index.php;
           set $script_name $fastcgi_script_name;
           if (!-e $request_filename) {
               set $script_name /oxseo.php;
               fastcgi_pass $fcgi_php;
           }
           include fastcgi_params.oxid;
       }


    location ^~ /redmine/ {
        rewrite ^/redmine/(.*) http://redmine.site.cz/$1 permanent;
    }




    ssl_certificate /etc/letsencrypt/live/site/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/site/privkey.pem;
    ssl_prefer_server_ciphers On;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
    ssl_session_cache shared:SSL:20m;
    ssl_session_timeout 10m;
    add_header Strict-Transport-Security "max-age=31536000";

}