Hi guys,
I have just managed to get my web server up and running using 1 domain...
Now I wondered if someone could explain how what my nginx.conf need to look like in order for the web server to know which vhost it need to redirect the request to.
The nginx.cong curently has the following:
example.conf
all the sites I seen on google reference site-enabled and site-available... I have no idea what does are as FreeBSD has got none of these directory/symbolic link
All my site is SSL only
Thank you in advance
Fred
I have just managed to get my web server up and running using 1 domain...
Now I wondered if someone could explain how what my nginx.conf need to look like in order for the web server to know which vhost it need to redirect the request to.
The nginx.cong curently has the following:
Code:
worker_processes 4;
events {
worker_connections 1024;
use kqueue;
}
http {
include /usr/local/etc/nginx/mime.types;
spdy_keepalive_timeout 123s;
spdy_recv_timeout 4s;
# virtual hosting
include /usr/local/www/vhosts/*.conf;
}
example.conf
Code:
server {
listen 80;
server_name example.com [url]www.example.com;[/url]
access_log /www/webs/example_com/logs/access80.log;
error_log /www/webs/example_com/logs/error80.log error;
# tell users to go to SSL version this time
if ($ssl_protocol = "") {
rewrite ^ https://$server_name$request_uri? permanent;
}
}
server {
listen 443 ssl spdy;
server_name example.com [url]www.example.com;[/url]
access_log /www/webs/example_com/logs/access443.log;
error_log /www/webs/example_com/logs/error443.log error;
index index.html index.htm index.php;
# tell users to go to SSL version next time
add_header Strict-Transport-Security "max-age=15768000; includeSubdomains;";
# tell the browser dont allow hosting in a frame
add_header X-Frame-Options DENY;
# tell the browser we can only talk to self and google analytics.
add_header X-Content-Security-Policy "default-src 'self'; \
script-src 'self' [url]https://ssl.google-analytics.com;[/url] \
img-src 'self' https://ssl.google-analytics.com";
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# ciphers chosen for FIPS compliance.
#ssl_ciphers !aNULL:!eNULL:FIPS@STRENGTH;
# ciphers chosen for forward secrecy an compatibility
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!CAMELLIA:!PSK:!SRP;
ssl_prefer_server_ciphers on;
ssl_certificate_key /ssl_keys/example_com/example_com.key;
ssl_certificate /ssl_keys/example_com/example_com.crt;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
# enable ocsp stapling
resolver 8.8.8.8;
ssl_stapling on;
ssl_trusted_certificate /ssl_keys/example_com/example_com.crt;
root /www/webs/example_com/httpdocs;
access_log off;
expires @30m;
error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /nginx/html;
}
}
all the sites I seen on google reference site-enabled and site-available... I have no idea what does are as FreeBSD has got none of these directory/symbolic link
All my site is SSL only
Thank you in advance
Fred