Nous éditons le fichier de vHost
sudo vi /etc/nginx/sites-available/subdomain.domain.tld
Nous y collons ces informations
##
# Nginx vhost
# Sondages
# Application: LimeSurvey
##
server {
listen 80;
server_name subdomain.domain.tld;
# Redirection from HTTP to HTTPS
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name subdomain.domain.tld;
root /var/www/subdomain.domain.tld;
access_log /var/log/nginx/subdomain.domain.tld.access.log;
error_log /var/log/nginx/subdomain.domain.tld.error.log;
charset utf-8;
try_files $uri $uri/ /index.php?r=$uri&$args;
# Disallow reading inside php script directory, see issue with debug > 1 on note
location ~ ^/(application|protected|framework|themes/\w+/views) {
deny all;
}
# Disallow direct read user upload files
location ~ ^/upload/surveys/.*/fu_[a-z0-9]*$ {
return 444;
}
# Disallow uploaded potential executable files in upload directory
location ~* /upload/.*\.(pl|cgi|py|pyc|pyo|phtml|sh|lua|php|php3|php4|php5|php6|pcgi|pcgi3|pcgi4|pcgi5|pcgi6|icn)$ {
return 444;
}
# Avoid processing of calls to unexisting static files by yii
location ~ \.(js|css|png|jpg|gif|swf|ico|pdf|mov|fla|zip|rar)$ {
try_files $uri =404;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(.*)$;
try_files $uri index.php;
fastcgi_pass unix:/run/php/limesurvey.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
}
# [OPTION] Server Name
ssl_certificate /etc/ssl/certs/name.pem;
ssl_certificate_key /etc/ssl/private/name.key;
}