## Non-SSL server { listen IP.ADDRESS:80; server_name name.site; access_log off; error_log /path/to/logs/name.site.error.log crit; ## redirect to https location / { return 301 https://name.site$request_uri; } } server { listen IP.ADDRESS:443 ssl http2; server_name name.site; ## ssl keepalive_timeout 70; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:DES-CBC3-SHA:!RC4:!aNULL:!eNULL:!MD5:!EXPORT:!EXP:!LOW:!SEED:!CAMELLIA:!IDEA:!PSK:!SRP:!SSLv:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; ssl_certificate /path/to/ssl-certificates/certificate.pem; ssl_certificate_key /path/to/ssl-certificates/privkey.pem; ## GZIP allow gzip_disable "MSIE [1-6]\.(?!.*SV1)"; gzip_http_version 1.1; gzip_vary on; gzip_comp_level 6; gzip_buffers 16 8k; gzip_types application/atom+xml application/javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-ttf application/x-javascript application/x-web-app-manifest+json application/xhtml+xml application/xml application/xml+rss font/opentype image/svg+xml image/x-icon text/css text/javascript text/json text/plain text/x-component text/x-js text/xml; gzip_min_length 300; ## Logs access_log /path/to/logs/name.site.front.log main; error_log /path/to/logs/name.site.error.log notice; ## Default settings root /path/to/site-root/www/; index index.php; fastcgi_index index.php; # static content location ^~ /content/ { gzip on; expires max; } location ^~ /static/ { gzip on; expires max; } ## Non-static location / { try_files $uri $uri/ /index.php$is_args$args; } ## scripts which is placed out of /www/ folder: ## /script/core/xxx/ -> /back/core/code/xxx.php location ~ ^/(ru/|en/)?script/(?core|prj)/(?