Learn about Centmin Mod LEMP Stack today
Register Now

Nginx One nginx config file for 2 separate domains

Discussion in 'Nginx and PHP-FPM news & discussions' started by Andy, Mar 23, 2018.

  1. Andy

    Andy Active Member

    540
    88
    28
    Aug 6, 2014
    Ratings:
    +131
    Local Time:
    1:48 AM
    I have a server that hosts XF forum under /forum that serves xf.domain.com and a /wordpress installation that goes to domain.com/wp

    I wonder if anyone has any tip on how to get these to work. It's not using Centminmod but a plain nginx/centos installation.

    Appreciate it.

    Here is the file.
    Code:
    #Permanently redirect all connection through SSL
    server {
         listen 80;
         server_name domain.com/wordpress 10.1.105.62;
         return 301 https://$server_name$request_uri;
    }
    
    server {
        listen 80;
         listen 443 ssl http2;
    
          server_name domain.com/wordpress 10.1.105.62;
          index index.php;
          root /usr/local/www;
          ssl_certificate /usr/local/ssl/bundle.crt;
          ssl_certificate_key /usr/local/ssl/star_baruch_cuny_edu.key;
    
            ssl_session_cache shared:SSL:10m;
            ssl_session_timeout 10m;
            ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
    
            http2_max_field_size 16k;
            http2_max_header_size 32k;
            ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
    
    location /math/ {
                    # This is cool because no php is touched for static
                    # content. include the "?$args" part so non-default
                    # permalinks doesn't break when using query string
    index index.php index.html index.htm;
    try_files $uri $uri/ /index.php?$args;
            }
    location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
                    expires max;
                    log_not_found off;
            }
    
    
    
          location ~ \.php$ {
              try_files $uri =404;
    # fastcgi_pass 127.0.0.1:9000;
              fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
              fastcgi_index index.php;
              fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
              include fastcgi_params;
          }
    }
    #Permanently redirect all connection through SSL
    server {
         listen 80;
         server_name domain.com 10.1.105.62;
         return 301 https://$server_name$request_uri;
    }
    
    
    
    server {
        listen 80;
         listen 443 ssl http2;
    
          server_name domaincom 10.1.105.62;
          index index.php;
          root /usr/local/www;
          ssl_certificate /usr/local/ssl/bundle.crt;
          ssl_certificate_key /usr/local/ssl/star_baruch_cuny_edu.key;
    
            ssl_session_cache shared:SSL:10m;
            ssl_session_timeout 10m;
            ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
    
            http2_max_field_size 16k;
            http2_max_header_size 32k;
            ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
    
    
    location /forum/ {
     root /usr/local/www/forum;
            try_files $uri $uri/ /forum/index.php?$uri&$args;
            index index.php;
    }
    
    location /forum/install/data/ {
            internal;
    }
    location /forum/install/templates/ {
            internal;
    }
    
    location /forum/internal_data/ {
            internal;
    }
    
    location /forum/library/ {
            internal;
    }
    
    
    location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
                    expires max;
                    log_not_found off;
            }
    
    
    
          location ~ \.php$ {
              try_files $uri =404;
    # fastcgi_pass 127.0.0.1:9000;
              fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
              fastcgi_index index.php;
              fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
              include fastcgi_params;
          }
     }


     
  2. eva2000

    eva2000 Administrator Staff Member

    53,191
    12,113
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,649
    Local Time:
    4:48 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  3. Andy

    Andy Active Member

    540
    88
    28
    Aug 6, 2014
    Ratings:
    +131
    Local Time:
    1:48 AM
    @eva2000
    How can I do a redirect from http to https inside a location block?
    That is, if people go to /forum directory, they will be forced to go through https.
     
  4. Meirami

    Meirami Active Member

    154
    28
    28
    Dec 21, 2017
    Ratings:
    +63
    Local Time:
    9:48 AM
  5. eva2000

    eva2000 Administrator Staff Member

    53,191
    12,113
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,649
    Local Time:
    4:48 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Have you checked out these guides ?
    But with Chrome and major browsers forcing HTTPS, might as well do it site wide for HTTP to HTTPS redirects.