Home / user-363607

apeiron's questions

Martin Hope
apeiron
Asked: 2016-07-04 10:45:56 +0800 CST
  • 0

I'm nginx with php-fpm on my server. I configured nginx with SSL (Let's Encrypt) and made HTTPS the default instead of HTTP. The problem is that when accessing the web via HTTP the php file is downloaded, but in HTTPS the script works. I restarted nginx/php cleaned the cache, tried other browsers, chmod and the problem persists.

I use ajenti as the control panel, so the config is auto-generated.

client_max_body_size 128m;
large_client_header_buffers 4 64k;
add_header X-Content-Type-Options "nosniff";
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1;mode=block";
add_header X-Content-Security-Policy "allow 'self';";

ssl_prefer_server_ciphers on;
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/letsencrypt/trustchain.pem;
resolver 8.8.8.8 8.8.4.4;

server {
    listen *:80 http2;
    listen *:443 ssl http2 default_server;
    ssl_certificate /etc/letsencrypt/live/domain.xyz/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/domain.xyz/privkey.pem;
    server_name domain.xyz;

    access_log /var/log/nginx/domainxyz.access.log;
    error_log /var/log/nginx/domainxyz.error.log;

    root /var/www/domain.xyz;
    index index.html index.htm index.php;

    location / {
        try_files $uri $uri/ /index.php?$args;
    }

    rewrite /wp-admin$ $scheme://$host$uri/ permanent;

    location = /favicon.ico {
            log_not_found off;
            access_log off;
    }

    location = /robots.txt {
            allow all;
            log_not_found off;
            access_log off;
    }

    location ~ /\. {
            deny all;
    }

    location ~* /(?:uploads|files)/.*\.php$ {
            deny all;
    }

    location /wp-admin {
            auth_basic "Acceso restringido";
            auth_basic_user_file /var/www/pass.htpasswd;
    }

    location /wp-config.php {
            deny all;
    }

    location /wp-login.php {
            auth_basic "Acceso restringido";
            auth_basic_user_file /var/www/pass.htpasswd;
    }

    location ~ /.well-known {
            allow all;
    }

    location ~ [^/]\.php(/|$) {
            fastcgi_index index.php;
            include fcgi.conf;
            fastcgi_pass unix:/var/run/ajenti-v-php7.0-fcgi-domainxyz-php7.0-fcgi-0.sock;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    }
}

nginx 1.11.1
php-fpm 7.0.8
Debian 8

php nginx php-fpm ajenti