Bonjour à tous,
Depuis le temps, j'ai trouvé la solution.
En fait dans le fichier /etc/nginx/site-available/domain.conf voici la configuration si ça peut aider :
Depuis le temps, j'ai trouvé la solution.
En fait dans le fichier /etc/nginx/site-available/domain.conf voici la configuration si ça peut aider :
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name formation.domain.fr;
# server_name _;
location / {
return 301 https://$host$request_uri;
}
}
server {
#listen 443 ssl http2 default_server;
#listen [::]:443 ssl http2 default_server;
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
ssl_certificate /etc/nginx/certificate/fullchain2.pem;
ssl_certificate_key /etc/nginx/certificate/privkey2.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_session_tickets off;
listen 80 default_server;
listen [::]:80 default_server;
server_name formation.domain.fr;
# server_name _;
location / {
return 301 https://$host$request_uri;
}
}
server {
#listen 443 ssl http2 default_server;
#listen [::]:443 ssl http2 default_server;
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
ssl_certificate /etc/nginx/certificate/fullchain2.pem;
ssl_certificate_key /etc/nginx/certificate/privkey2.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_session_tickets off;
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
ssl_certificate /etc/nginx/certificate/fullchain2.pem;
ssl_certificate_key /etc/nginx/certificate/privkey2.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_session_tickets off;
# # curl https://ssl-config.mozilla.org/ffdhe2048.txt > /path/to/dhparam
ssl_dhparam /etc/nginx/dhparam;
# # intermediate configuration
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-EC$
ssl_prefer_server_ciphers off;
# # HSTS (ngx_http_headers_module is required) (63072000 seconds)
# a merttre si ssl # add_header Strict-Transport-Security "max-age=63072000" a$
# # Diffie-Hellman
ssl_dhparam /etc/nginx/dhparam;
# # intermediate configuration
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-EC$
ssl_prefer_server_ciphers off;
# # HSTS (ngx_http_headers_module is required) (63072000 seconds)
# a merttre si ssl # add_header Strict-Transport-Security "max-age=63072000" a$
# # Diffie-Hellman
ssl_ecdh_curve secp384r1;
# # OCSP stapling
#ssl_stapling on;
#ssl_stapling_verify on;
# # verify chain of trust of OCSP response using Root CA and Intermediate certs
#ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;
listen [::]:443 ssl http2 default_server;
ssl_certificate /etc/nginx/certificate/fullchain2.pem;
ssl_certificate_key /etc/nginx/certificate/privkey2.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_session_tickets off;
# # curl https://ssl-config.mozilla.org/ffdhe2048.txt > /path/to/dhparam
ssl_dhparam /etc/nginx/dhparam;
# # intermediate configuration
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-EC$
ssl_prefer_server_ciphers off;
# # HSTS (ngx_http_headers_module is required) (63072000 seconds)
# a merttre si ssl # add_header Strict-Transport-Security "max-age=63072000" a$
# # Diffie-Hellman
ssl_dhparam /etc/nginx/dhparam;
# # intermediate configuration
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-EC$
ssl_prefer_server_ciphers off;
# # HSTS (ngx_http_headers_module is required) (63072000 seconds)
# a merttre si ssl # add_header Strict-Transport-Security "max-age=63072000" a$
# # Diffie-Hellman
ssl_ecdh_curve secp384r1;
# # OCSP stapling
#ssl_stapling on;
#ssl_stapling_verify on;
# # verify chain of trust of OCSP response using Root CA and Intermediate certs
#ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;
# # OCSP stapling
#ssl_stapling on;
#ssl_stapling_verify on;
# # verify chain of trust of OCSP response using Root CA and Intermediate certs
#ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;
root /var/www/moodle;
#ssl_stapling on;
#ssl_stapling_verify on;
# # verify chain of trust of OCSP response using Root CA and Intermediate certs
#ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;
root /var/www/moodle;
#index index.html index.htm index.php;
index index.php index.html index.htm index.nginx-debian.html;
server_name formation.domaine.fr;
# server_name _;
# # Privacy and security: opt out Google's FLoC Network
add_header Permissions-Policy interest-cohort=();
# # CSP (Content-Security-Policy) Contenu mixte
add_header Content-Security-Policy "upgrade-insecure-requests; ";
root /var/www/moodle;
# # OCSP stapling
#ssl_stapling on;
#ssl_stapling_verify on;
# # verify chain of trust of OCSP response using Root CA and Intermediate certs
#ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;
root /var/www/moodle;
index index.php index.html index.htm index.nginx-debian.html;
server_name formation.domain.fr;
# # Privacy and security: opt out Google's FLoC Network
add_header Permissions-Policy interest-cohort=();
# # CSP (Content-Security-Policy) Contenu mixte
add_header Content-Security-Policy "upgrade-insecure-requests; ";
index index.php index.html index.htm index.nginx-debian.html;
server_name formation.univ-bfc.fr;
# server_name _;
# # Privacy and security: opt out Google's FLoC Network
add_header Permissions-Policy interest-cohort=();
# # CSP (Content-Security-Policy) Contenu mixte
add_header Content-Security-Policy "upgrade-insecure-requests; ";
location / {
try_files $uri $uri/ =404;
}
# # pass PHP scripts to FastCGI server
###location ~ \.php$ {
###include snippets/fastcgi-php.conf;
#
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
# # pass PHP scripts to FastCGI server
###location ~ \.php$ {
###include snippets/fastcgi-php.conf;
#
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
include snippets/fastcgi-php.conf;
# Mitigate https://httpoxy.org/ vulnerabilities
fastcgi_param HTTP_PROXY "";
# # With php-fpm (or other unix sockets):
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
fastcgi_index index.php;
include snippets/fastcgi-php.conf;
# Mitigate https://httpoxy.org/ vulnerabilities
fastcgi_param HTTP_PROXY "";
# # With php-fpm (or other unix sockets):
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
fastcgi_index index.php;
###fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_read_timeout 300;
# # include the fastcgi_param setting
include fastcgi_params;
# # With php-cgi (or other tcp sockets):
#fastcgi_pass 127.0.0.1:9000;
fastcgi_cache nginxcache;
fastcgi_cache_key $host$request_uri;
fastcgi_cache_valid any 1h;
fastcgi_cache_use_stale off;
fastcgi_read_timeout 300;
# # include the fastcgi_param setting
include fastcgi_params;
# # With php-cgi (or other tcp sockets):
#fastcgi_pass 127.0.0.1:9000;
fastcgi_cache nginxcache;
fastcgi_cache_key $host$request_uri;
fastcgi_cache_valid any 1h;
fastcgi_cache_use_stale off;
}
error_page 404 /error/index.php; error_page 403 =404 /error/index.php;
# # Hide all dot files but allow "Well-Known URIs" as per RFC 5785
location ~ /\.(?!well-known).*
{
return 404;
}
# # This should be after the php fpm rule and very close to the last nginx ruleset.
location ~ (/vendor/|/node_modules/|composer\.json|/readme|/README|readme\.txt$
{
deny all;
error_page 404 /error/index.php; error_page 403 =404 /error/index.php;
# # Hide all dot files but allow "Well-Known URIs" as per RFC 5785
location ~ /\.(?!well-known).*
{
return 404;
}
# # This should be after the php fpm rule and very close to the last nginx ruleset.
location ~ (/vendor/|/node_modules/|composer\.json|/readme|/README|readme\.txt$
{
deny all;
return 404;
}
}
#ssl_stapling on;
#ssl_stapling_verify on;
# # verify chain of trust of OCSP response using Root CA and Intermediate certs
#ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;
root /var/www/moodle;
index index.php index.html index.htm index.nginx-debian.html;
server_name formation.domain.fr;
# # Privacy and security: opt out Google's FLoC Network
add_header Permissions-Policy interest-cohort=();
# # CSP (Content-Security-Policy) Contenu mixte
add_header Content-Security-Policy "upgrade-insecure-requests; ";
index index.php index.html index.htm index.nginx-debian.html;
server_name formation.univ-bfc.fr;
# server_name _;
# # Privacy and security: opt out Google's FLoC Network
add_header Permissions-Policy interest-cohort=();
# # CSP (Content-Security-Policy) Contenu mixte
add_header Content-Security-Policy "upgrade-insecure-requests; ";
location / {
try_files $uri $uri/ =404;
}
# # pass PHP scripts to FastCGI server
###location ~ \.php$ {
###include snippets/fastcgi-php.conf;
#
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
# # pass PHP scripts to FastCGI server
###location ~ \.php$ {
###include snippets/fastcgi-php.conf;
#
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
include snippets/fastcgi-php.conf;
# Mitigate https://httpoxy.org/ vulnerabilities
fastcgi_param HTTP_PROXY "";
# # With php-fpm (or other unix sockets):
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
fastcgi_index index.php;
include snippets/fastcgi-php.conf;
# Mitigate https://httpoxy.org/ vulnerabilities
fastcgi_param HTTP_PROXY "";
# # With php-fpm (or other unix sockets):
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
fastcgi_index index.php;
###fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_read_timeout 300;
# # include the fastcgi_param setting
include fastcgi_params;
# # With php-cgi (or other tcp sockets):
#fastcgi_pass 127.0.0.1:9000;
fastcgi_cache nginxcache;
fastcgi_cache_key $host$request_uri;
fastcgi_cache_valid any 1h;
fastcgi_cache_use_stale off;
fastcgi_read_timeout 300;
# # include the fastcgi_param setting
include fastcgi_params;
# # With php-cgi (or other tcp sockets):
#fastcgi_pass 127.0.0.1:9000;
fastcgi_cache nginxcache;
fastcgi_cache_key $host$request_uri;
fastcgi_cache_valid any 1h;
fastcgi_cache_use_stale off;
}
error_page 404 /error/index.php; error_page 403 =404 /error/index.php;
# # Hide all dot files but allow "Well-Known URIs" as per RFC 5785
location ~ /\.(?!well-known).*
{
return 404;
}
# # This should be after the php fpm rule and very close to the last nginx ruleset.
location ~ (/vendor/|/node_modules/|composer\.json|/readme|/README|readme\.txt$
{
deny all;
error_page 404 /error/index.php; error_page 403 =404 /error/index.php;
# # Hide all dot files but allow "Well-Known URIs" as per RFC 5785
location ~ /\.(?!well-known).*
{
return 404;
}
# # This should be after the php fpm rule and very close to the last nginx ruleset.
location ~ (/vendor/|/node_modules/|composer\.json|/readme|/README|readme\.txt$
{
deny all;
return 404;
}
}
Merci
Bien cordialement
Alain