Update Nginx config

config/nginx/sites-available/ssl.sample-site.dev.conf

@@ -9,7 +9,7 @@ server {
 
     ## Automatically redirect site to HTTPS protocol.
     location / {
-        rewrite 301 https://$server_name$request_uri;
+        return 301 https://$server_name$request_uri;
     }
 }
 
@@ -22,58 +22,44 @@ server {
     server_name ssl.sample-site.dev;
 
     ## SSL configuration.
-    ssl on;
-
+    include /etc/nginx/includes/ssl.conf;
     ssl_certificate /etc/nginx/ssl/ssl.sample-site.dev/ssl.sample-site.dev.crt;
     ssl_certificate_key /etc/nginx/ssl/ssl.sample-site.dev/ssl.sample-site.dev.key;
     ssl_dhparam /etc/nginx/ssl/dhparams-4096.pem;
 
-    ssl_session_cache shared:SSL:10m;
-    ssl_session_timeout 24h;
-    ssl_prefer_server_ciphers on;
-
-    # Enables SSLv3/TLSv1, but not SSLv2 which is weak and should no longer be used.
-    ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
-
-    # Disables all weak ciphers
-    #ssl_ciphers ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM;
-    #ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
-    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA;
-
-    ## SSL optimization setting.
-    keepalive_timeout 300;
-
     ## Logging setting.
     access_log /var/log/nginx/ssl.sample-site.dev.access.log;
     error_log /var/log/nginx/ssl.sample-site.dev.error.log;
 
-    root /home/masedi/Webs/ssl.sample-site.dev;
+    #charset utf-8;
+
+    ## Virtual host root directory.
+    set $root_path '/home/lemper/webapps/ssl.sample-site.dev';
+    root $root_path;
     index index.php index.html index.htm;
 
+    ## Uncomment to enable Mod PageSpeed (Nginx must be installed with mod PageSpeed).
+    #include /etc/nginx/includes/mod_pagespeed.conf;
+
     ## Global directives configuration.
     include /etc/nginx/includes/rules_security.conf;
     include /etc/nginx/includes/rules_staticfiles.conf;
     include /etc/nginx/includes/rules_restriction.conf;
 
-    ## Default vhost directives configuration, use only one config.
+    ## Default vhost directives configuration.
+    #include /etc/nginx/includes/rules_fastcgi_cache.conf;
     include /etc/nginx/vhost/site_default.conf;
 
-    ## pass the PHP scripts to FastCGI server listening on unix socket
+    ## Pass the PHP scripts to FastCGI server listening on Unix socket.
     location ~ \.php$ {
-        try_files $uri =404;
+        try_files \$uri =404;
 
         fastcgi_split_path_info ^(.+\.php)(/.+)$;
-        #NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
-
         fastcgi_index index.php;
 
         # Include FastCGI Params.
         include /etc/nginx/fastcgi_params;
 
-        # Overwrite FastCGI Params here. Test only, params should be added to fastcgi_params.
-        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-        fastcgi_param SCRIPT_NAME $fastcgi_script_name;
-
         # Include FastCGI Configs.
         include /etc/nginx/includes/fastcgi.conf;
 
@@ -81,6 +67,11 @@ server {
         #include /etc/nginx/includes/fastcgi_cache.conf;
 
         # FastCGI socket, change to fits your own socket!
-        fastcgi_pass unix:/run/php/php7.3-fpm.masedi.sock;
+        fastcgi_pass unix:/run/php/php7.3-fpm.lemper.sock;
     }
+
+    ## Uncomment to enable error page directives configuration.
+    #include /etc/nginx/includes/error_pages.conf;
+
+    ## Add your custom site directives here.
 }

scripts/ngxvhost.sh

@@ -452,6 +452,27 @@ map \$http_host \$blogid {
 _EOF_
 }
 
+## Output server block for HTTP to HTTPS redirection
+#
+function http_to_https() {
+cat <<- _EOF_
+
+# HTTP to HTTPS redirection
+server {
+    listen 80;
+    #listen [::]:80 default_server ipv6only=on;
+
+    ## Make site accessible from world web.
+    server_name ${SERVERNAME};
+
+    ## Automatically redirect site to HTTPS protocol.
+    location / {
+        return 301 https://$server_name$request_uri;
+    }
+}
+_EOF_
+}
+
 ## Output index.html skeleton for default index page
 # To be outputted into new index.html file in document root
 #