# http => https server { listen 80; listen [::]:80; # IPv6 support server_name example.com www.example.com; # Replace the path with the actual path to WordPress core files root /home/username/sites/example.com/public; # for LetsEncrypt location ^~ /.well-known/acme-challenge { auth_basic off; try_files $uri =404; expires -1; } location / { return 301 https://$host$request_uri; include 'globals/hsts.conf'; include 'globals/security-headers.conf'; } } # www.example.com => example.com (server-level) # use it only if you are a fan of micro-optimization # server { # listen 443 ssl http2; # listen [::]:443 ssl http2; # IPv6 support # server_name www.example.com; # ssl_certificate "/etc/letsencrypt/live/example.com/fullchain.pem"; # ssl_certificate_key "/etc/letsencrypt/live/example.com/privkey.pem"; # location / { # return 301 $scheme://example.com$request_uri; # include 'globals/hsts.conf'; # include 'globals/security-headers.conf'; # } # } server { listen 443 ssl http2; listen [::]:443 ssl http2; # IPv6 support server_name example.com; # hide the following line, if you enable the server-level 301 redirect above server_name www.example.com; # default file to serve index index.html; # Replace the path with the actual path to WordPress core files root /home/username/sites/example.com/public; ssl_certificate "/etc/letsencrypt/live/example.com/fullchain.pem"; ssl_certificate_key "/etc/letsencrypt/live/example.com/privkey.pem"; # Logs access_log /var/log/nginx/example.com-access.log; error_log /var/log/nginx/example.com-error.log; include globals/restrictions.conf; include globals/assets.conf; include globals/auto-versioning-support.conf; location / { try_files $uri $uri/ =404; # you may adjust the expiry information here! # expires 30m; # since static content rarely changes, it is safe to keep it to 30 minutes. YMMV. include 'globals/hsts.conf'; include 'globals/security-headers.conf'; } }