teratail header banner
teratail header banner
質問するログイン新規登録

質問編集履歴

1

nginxの設定を追記

2018/01/29 05:49

投稿

crescens
crescens

スコア9

title CHANGED
File without changes
body CHANGED
@@ -34,4 +34,111 @@
34
34
  OS:CentOS 7.4
35
35
  Webサーバ:nginx 1.13.8
36
36
  SSL:OpenSSL 1.0.2k
37
- 他:PHP 7.2、cURL 7.57.8
37
+ 他:PHP 7.2、cURL 7.57.8
38
+
39
+
40
+ 1/29追記
41
+
42
+ ### (A)のnginxの設定
43
+
44
+ ■nginx.conf
45
+ ```conf
46
+ user nginx;
47
+ worker_processes 1;
48
+
49
+ error_log /var/log/nginx/error.log warn;
50
+ pid /var/run/nginx.pid;
51
+
52
+ events {
53
+ worker_connections 1024;
54
+ }
55
+
56
+ http {
57
+ include /etc/nginx/mime.types;
58
+ default_type application/octet-stream;
59
+
60
+ log_format main '$remote_addr - $remote_user [$time_local] "$request" '
61
+ '$status $body_bytes_sent "$http_referer" '
62
+ '"$http_user_agent" "$http_x_forwarded_for"';
63
+
64
+ access_log /var/log/nginx/access.log main;
65
+
66
+ sendfile on;
67
+ #tcp_nopush on;
68
+
69
+ resolver 127.0.0.1;
70
+
71
+ keepalive_timeout 65;
72
+
73
+ #gzip on;
74
+ brotli on;
75
+
76
+ server_tokens off;
77
+ add_header X-Frame-Options SAMEORIGIN;
78
+ add_header X-XSS-Protection "1; mode=block";
79
+ add_header X-Content-Type-Options nosniff;
80
+
81
+ include /etc/nginx/conf.d/vhost.conf;
82
+ #include /etc/nginx/conf.d/*.conf;
83
+ }
84
+ ```
85
+
86
+
87
+
88
+ ■conf.d/vhost.conf
89
+ ```conf
90
+ server {
91
+ listen 80 default_server;
92
+ listen [::]:80 default_server;
93
+ server_name example.com;
94
+ root /var/www/html;
95
+ error_log /var/log/nginx/error.log;
96
+ access_log /var/log/nginx/access.log main;
97
+
98
+ location / {
99
+ index index.html index.htm index.php;
100
+ }
101
+
102
+ # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
103
+ #
104
+ location ~ .php$ {
105
+ fastcgi_pass unix:/var/run/php-fpm/www.sock;
106
+ fastcgi_index index.php;
107
+ fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
108
+ include fastcgi_params;
109
+ }
110
+
111
+ include ssl.conf;
112
+ }
113
+ ```
114
+
115
+
116
+
117
+ ■conf.d/ssl.conf
118
+
119
+ ```conf
120
+ #
121
+ # conf.d/ssl.conf
122
+ #
123
+
124
+ #listen 443 ssl http2;
125
+ listen 443 ssl;
126
+ ssl_session_cache shared:le_nginx_SSL:1m;
127
+ ssl_session_timeout 1440m;
128
+ add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains' always;
129
+
130
+ ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
131
+ ssl_prefer_server_ciphers on;
132
+
133
+ ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA256 ECDHE-ECDSA-AES256-SHA384 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-SHA ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-SHA384 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA DHE-RSA-AES128-SHA256 DHE-RSA-AES256-SHA256 EDH-RSA-DES-CBC3-SHA";
134
+
135
+ ssl_stapling on;
136
+ ssl_stapling_verify on;
137
+
138
+ if ($scheme != "https") {
139
+ return 301 https://$host$request_uri;
140
+ }
141
+ ssl_certificate /etc/pki/tls/certs/2017.crt;
142
+ ssl_certificate_key /etc/pki/tls/private/2017.key;
143
+ ssl_trusted_certificate /etc/pki/tls/certs/2017.intermediate;
144
+ ```