cat shop.conf server { server_name domain.com; listen 443 ssl; ssl on; ssl_certificate /etc/nginx/cert/domain.com.crt; ssl_certificate_key /etc/nginx/cert/domain.com.key; ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"; # HSTS add_header X-Frame-Options DENY; ssl_dhparam /etc/nginx/cert/dhparam.pem; add_header X-Content-Type-Options nosniff; ssl_session_tickets off; # nginx >= 1.5.9 resolver 8.8.8.8 8.8.4.4 valid=300s; resolver_timeout 5s; error_log /var/www/logs/shop_error.log crit; client_max_body_size 10m; root /var/www/html/shop; index index.php; location ~ \.php(.*)$ { fastcgi_pass php:9000; fastcgi_index index.php; fastcgi_split_path_info ^((?U).+\.php)(/?.+)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info; include fastcgi_params; } location ^~ /Runtime { deny all; } } server { listen 80; server_name domain.com; return 301 https://$server_name$request_uri; }