server { listen 80; listen [::]:80; server_name domainesource.machin.com; # Renvoi vers le port 443 location / { return 301 https://$server_name$request_uri; } } server { listen 443 ssl; listen [::]:443 ssl; server_name domainesource.machin.com; index index.php index.html; root /website; # En avant pour SSL :) ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; ssl_session_cache shared:SSL:4m; ssl_session_timeout 1440m; ssl_stapling on; ssl_stapling_verify on; resolver 8.8.8.8 8.8.4.4; add_header Strict-Transport-Security max-age=31536000; ssl_certificate /etc/letsencrypt/live/domainesource.machin.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/domainesource.machin.com/privkey.pem; # SSL fini ! # Updates Icecast add_header X-Frame-Options DENY; add_header X-Content-Type-Options nosniff; location /monstream { proxy_pass http://127.0.0.1:60099/monstream; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } location /status-json.xsl { proxy_pass http://127.0.0.1:60099/status-json.xsl; proxy_set_header Host $host; } location ~ \.php$ { # MINIMUM FONCTIONNEL PHP fastcgi_pass unix:/run/php/php-fpm.sock; fastcgi_split_path_info ^(.+\.php)(/.+)$; include snippets/fastcgi-php.conf; fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name; # /MINIMUM FONCTIONNEL PHP # PETIT PLUS PERIGLIONI fastcgi_read_timeout 300; # /PETIT PLUS PERIGLIONI } }