Skip to content

Nginx Examples

Nginx Examples

  • Basic Nginx conf for serving static website:
Nginx Configuration File
server {
  listen 80;
  listen [::]:80;
  charset UTF-8;
  server_name yourdomen.com;
  rewrite ^ https://$http_host$request_uri? permanent;
}

server {

  listen 443 ssl http2;
  listen [::]:443 ssl http2;
  charset UTF-8;
  server_name yourdomen.com;

  # Path to code
  root /var/www/html/webfolder/public;

  try_files $uri $uri/ /index.php;

  index index.html index.php;

#  auth_basic "Restricted";                    #For Basic Auth
#  auth_basic_user_file /var/www/html/.htpasswd;  #For Basic Auth

  error_log  /var/log/nginx/yourdomen.com_error.log;
  access_log /var/log/nginx/yourdomen.com_access.log;


  location / {
    try_files $uri $uri/ /index.html?$query_string;
  }

  location = /favicon.ico {
    log_not_found off;
    access_log off;
  }

  location = /robots.txt {
    allow all;
    log_not_found off;
    access_log off;
  }

  location ~*  \.(jpg|jpeg|png|gif|ico|css|js)$ {
    expires 365d;
  }

  location ~*  \.(pdf)$ {
    expires 30d;
  }

  location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
    expires 90d;
    add_header Cache-Control "public, no-transform";
  }

  
location ~ /\.(?!well-known).* {
    deny all;
    access_log off;
    log_not_found off;
}
  
  add_header Content-Security-Policy upgrade-insecure-requests;

  ssl_certificate /etc/nginx/ssl/your_ssl_cert.pem;
  ssl_certificate_key /etc/nginx/ssl/your_ssl_cert.key;
#  ssl_dhparam /etc/nginx/ssl/dhparams.pem;
  ssl_session_timeout 5m;
  ssl_session_cache shared:SSL:5m;


  #SSL Security
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
  #XP and IE6 support
  #ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
  ssl_ecdh_curve secp384r1;
  ssl_prefer_server_ciphers on;
  ssl_session_tickets off;

  proxy_set_header X-Forwarded-For $remote_addr;
  
  #Compress and optimize delivery of files


  gzip on;
  gzip_comp_level    5;
  gzip_min_length    256;
  gzip_vary          on;
  gzip_types
    application/atom+xml
    application/javascript
    application/json
    application/ld+json
    application/manifest+json
    application/rss+xml
    application/vnd.geo+json
    application/vnd.ms-fontobject
    application/x-font-ttf
    application/x-web-app-manifest+json
    application/xhtml+xml
    application/xml
    font/opentype
    image/bmp
    image/svg+xml
    image/x-icon
    text/cache-manifest
    text/css
    text/plain
    text/vcard
    text/vnd.rim.location.xloc
    text/vtt
    text/x-component
    text/x-cross-domain-policy;
    # text/html is always compressed by gzip module

}