49 lines
1.6 KiB
Plaintext
49 lines
1.6 KiB
Plaintext
|
server {
|
||
|
|
listen 10.8.0.1:443 ssl http2;
|
||
|
|
listen [::]:443 ssl http2;
|
||
|
|
server_name pbx.ins;
|
||
|
|
|
||
|
|
ssl_certificate /etc/nginx/ssl/pbx-ins.chain.crt;
|
||
|
|
ssl_certificate_key /etc/nginx/ssl/pbx-ins.key.pem;
|
||
|
|
|
||
|
|
ssl_session_cache builtin:1000 shared:SSL:10m;
|
||
|
|
#include /etc/nginx/error/502;
|
||
|
|
#include /etc/nginx/error/504;
|
||
|
|
#include /etc/nginx/error/500;
|
||
|
|
#include /etc/nginx/error/404;
|
||
|
|
#include /etc/nginx/error/429;
|
||
|
|
ssl_protocols TLSv1.2;
|
||
|
|
|
||
|
|
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
|
||
|
|
|
||
|
|
ssl_prefer_server_ciphers on;
|
||
|
|
|
||
|
|
ssl_stapling on;
|
||
|
|
ssl_stapling_verify on;
|
||
|
|
client_max_body_size 230M;
|
||
|
|
client_body_timeout 1h;
|
||
|
|
#limit_req zone=one burst=15;
|
||
|
|
root /var/www/html;
|
||
|
|
|
||
|
|
index index.html index.htm index.php;
|
||
|
|
|
||
|
|
location / {
|
||
|
|
try_files $uri $uri/ =404;
|
||
|
|
}
|
||
|
|
|
||
|
|
location ~ \.php$ {
|
||
|
|
include snippets/fastcgi-php.conf; # server defaults are good
|
||
|
|
fastcgi_pass unix:/run/php/php7.3-fpm-asterisk.sock;
|
||
|
|
fastcgi_param HTACCESS on; # disables FreePBX htaccess warning
|
||
|
|
proxy_read_timeout 800;
|
||
|
|
}
|
||
|
|
|
||
|
|
# disallows the things that the FreePBX .htaccess files disallow
|
||
|
|
location ~ (/\.ht|/\.git|\.ini$|/libraries|/helpers|/i18n|/node|/views/.+php$) {
|
||
|
|
deny all;
|
||
|
|
}
|
||
|
|
|
||
|
|
# from the api module .htaccess file
|
||
|
|
rewrite ^/admin/api/([^/]*)/([^/]*)/?(.*)?$ /admin/api/api.php?module=$1&command=$2&route=$3 last;
|
||
|
|
|
||
|
|
}
|