Hi, I am using virtualmin and I have obtained new SSL certificate from Let’s Encrypt. And checked the folder, where my domain.conf under the folder “/etc/nginx/sites-enabled”
ssl_certificate /home/user/ssl.combined;
ssl_certificate_key /home/user/ssl.key;
They are in the folder listed above. I am not sure what else I shall do to my connection secured.
Also, I am not sure if I shall open another post or I can ask another question:
I tried to follow this configuration to deploy my Nginx server. However, the folder is different, my server is not using “/var/www/flarum/public”, rather is “home/user”, when I run, “sudo nginx -t”,
I believe I should use relative path, but I don’t know how.
nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/sites-enabled/flarum.conf:51
nginx: [emerg] directive "ssl_certificate" is not terminated by ";" in /etc/nginx/sites-enabled/flarum.conf:52
nginx: configuration file /etc/nginx/nginx.conf test failed
And this is the customized the flarum.conf file, I came up with:
server {
listen [::]:80;
listen 80;
server_name domain.net;
return 301 https://$host$request_uri;
root /var/www/flarum/public;
index index.php;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~* \.php$ {
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
include fastcgi_params;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
location ~* \.(jpg|jpeg|png|gif|ico|css|js|woff2)$ {
expires 365d;
}
}
server {
listen 443 ssl;
server_name domain.net;
root /var/www/flarum/public;
index index.php;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~* \.php$ {
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
include fastcgi_params;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
ssl_certificate /etc/nginx/ssl/forum_acehsc_net.pem;
ssl_certificate_key /etc/nginx/ssl/forum_blank_net.key;
ssl_prefer_server_ciphers on;
ssl_buffer_size 4k;
ssl_ecdh_curve auto;
## OCSP Stapling
ssl_stapling on;
ssl_stapling_verify on;
resolver 1.1.1.1 valid=300s;
resolver_timeout 5s;
ssl_trusted_certificate /etc/nginx/ssl/forum_blank_net.pem;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_session_timeout 10m;
ssl_session_tickets off;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
add_header Content-Security-Policy "upgrade-insecure-requests" always;
ssl_dhparam /etc/nginx/ssl/dhparam-2048.pem;
location ~* \.(jpg|jpeg|png|gif|ico|css|js|woff2)$ {
expires 365d;
}
}