server { listen 80; server_name wiki.redcomani.org; add_header Access-Control-Allow-Origin "*"; root /srv/contenidos/wiki; index doku.php; #Remember to comment the below out when you're installing, and uncomment it when done. location ~ /(conf/|bin/|inc/|install.php) { deny all; } #Support for X-Accel-Redirect location ~ ^/data/ { internal ; } location ~ ^/lib.*\.(js|css|gif|png|ico|jpg|jpeg)$ { expires 365d; } location / { try_files $uri $uri/ @dokuwiki; } location @dokuwiki { # rewrites "doku.php/" out of the URLs if you set the userwrite setting to .htaccess in dokuwiki config page rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last; rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last; rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last; rewrite ^/(.*) /doku.php?id=$1&$args last; } # location / { # try_files $uri $uri/ =404; # } location ~ \.php$ { include snippets/fastcgi-php.conf; fastcgi_pass 127.0.0.1:9000; } location ~ /\.ht { deny all; } listen 443 ssl http2; # managed by Certbot ssl_certificate /etc/letsencrypt/live/redcomani.org/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/redcomani.org/privkey.pem; # managed by Certbot ssl_session_cache shared:le_nginx_SSL:1m; # managed by Certbot ssl_session_timeout 1440m; # managed by Certbot ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # managed by Certbot ssl_prefer_server_ciphers on; # managed by Certbot ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA256 ECDHE-ECDSA-AES256-SHA384 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-SHA ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-SHA384 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA DHE-RSA-AES128-SHA256 DHE-RSA-AES256-SHA256 EDH-RSA-DES-CBC3-SHA"; # managed by Certbot if ($scheme != "https") { return 301 https://$host$request_uri; } # managed by Certbot }