1) Add the DOMAIN.conf file as shown below to /etc/nginx/sites-available
2) Create a symbolic link to DOMAIN.conf in /etc/nginx/sites-enabled
ln -s /etc/nginx/sites-available/DOMAIN.conf /etc/nginx/sites-enabled
3) Comment out the "return" redirect line and ssl_certificate, ssl_certificate_key lines.
4) Restart nginx
5) Create your SSL certificate :
certbot-auto certonly --agree-tos --domains DOMAIN.co.uk,www.DOMAIN.co.uk --email info@startnet.co.uk --text --webroot --webroot-path /var/www/vhosts/DOMAIN.co.uk
6) Uncomment the "return" redirect line and ssl_certificate, ssl_certificate_key lines.
7) Restart nginx again!
DONE.
server {
listen 80;
server_name DOMAIN.co.uk www.DOMAIN.co.uk;
# redirect all traffic to SSL
return 301 https://$server_name$request_uri;
root /var/www/vhosts/DOMAIN.co.uk;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name DOMAIN www.DOMAIN.co.uk;
# auth_basic "Restricted";
# auth_basic_user_file /etc/nginx/htpasswd;
ssl_certificate /etc/letsencrypt/live/DOMAIN.co.uk/cert.pem;
ssl_certificate_key /etc/letsencrypt/live/DOMAIN.co.uk/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # drop SSLv3 (POODLE vulnerabilit$
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
# ssl_dhparam /etc/ssl/certs/dhparam.pem;
root /var/www/vhosts/DOMAIN.co.uk;
index index.php index.html index.htm;
location / {
try_files $uri $uri/ /index.php?q=$uri&$args;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
#fastcgi_pass unix:/var/run/php-fpm/php5-fpm.sock;
fastcgi_pass unix:/var/run/php-fpm/php72-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;
}
# to protect csv files from accessing directly.
location ~ ^/wp-content/uploads/wsoe/(.*?)\.csv$ {
rewrite / permanent;
}
}