I'm nginx with php-fpm on my server. I configured nginx with SSL (Let's Encrypt) and made HTTPS the default instead of HTTP. The problem is that when accessing the web via HTTP the php file is downloaded, but in HTTPS the script works. I restarted nginx/php cleaned the cache, tried other browsers, chmod and the problem persists.
I use ajenti as the control panel, so the config is auto-generated.
client_max_body_size 128m;
large_client_header_buffers 4 64k;
add_header X-Content-Type-Options "nosniff";
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1;mode=block";
add_header X-Content-Security-Policy "allow 'self';";
ssl_prefer_server_ciphers on;
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/letsencrypt/trustchain.pem;
resolver 8.8.8.8 8.8.4.4;
server {
listen *:80 http2;
listen *:443 ssl http2 default_server;
ssl_certificate /etc/letsencrypt/live/domain.xyz/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain.xyz/privkey.pem;
server_name domain.xyz;
access_log /var/log/nginx/domainxyz.access.log;
error_log /var/log/nginx/domainxyz.error.log;
root /var/www/domain.xyz;
index index.html index.htm index.php;
location / {
try_files $uri $uri/ /index.php?$args;
}
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ /\. {
deny all;
}
location ~* /(?:uploads|files)/.*\.php$ {
deny all;
}
location /wp-admin {
auth_basic "Acceso restringido";
auth_basic_user_file /var/www/pass.htpasswd;
}
location /wp-config.php {
deny all;
}
location /wp-login.php {
auth_basic "Acceso restringido";
auth_basic_user_file /var/www/pass.htpasswd;
}
location ~ /.well-known {
allow all;
}
location ~ [^/]\.php(/|$) {
fastcgi_index index.php;
include fcgi.conf;
fastcgi_pass unix:/var/run/ajenti-v-php7.0-fcgi-domainxyz-php7.0-fcgi-0.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}
nginx 1.11.1
php-fpm 7.0.8
Debian 8
You have a weird configuration. http2 can only work over https, in practice. You should define a server that forwards to https, not one server that serves both. You should define your servers in one per file
You should read my Nginx tutorial, but here are key parts.
Add this to your nginx.conf. I changed what most people use, sites-enabled to enabled-sites, as it's easier for tab completion.
Main server, in /etc/nginx/enabled-sites/example.com.conf
Then the forwarding server
I also define a separate default server. You should probably use a more accurate return code though
}