# HTTP → HTTPS リダイレクト server { listen 80 default_server; server_name _; # Let's Encrypt ACME チャレンジ用 location /.well-known/acme-challenge/ { root /var/www/html/public; } location / { return 301 https://$host$request_uri; } } # HTTPS サーバー server { listen 443 ssl default_server; server_name _; ssl_certificate /etc/nginx/ssl/server.crt; ssl_certificate_key /etc/nginx/ssl/server.key; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384'; ssl_prefer_server_ciphers on; root /var/www/html/public; index index.php index.html; charset utf-8; client_max_body_size 64M; # gzip 圧縮(Debian デフォルトの nginx.conf と重複しないよう server スコープで設定) gzip on; gzip_vary on; gzip_proxied any; gzip_comp_level 6; gzip_min_length 256; gzip_types text/plain text/css text/javascript application/javascript application/json application/xml image/svg+xml font/woff2; location / { try_files $uri $uri/ /index.php?$query_string; } # Viteビルド済みアセット(ハッシュ付きファイル名)— 長期キャッシュ location /build/ { expires 1y; add_header Cache-Control "public, immutable"; access_log off; } # 画像・フォント・その他静的ファイル location ~* \.(css|js|jpg|jpeg|png|gif|ico|svg|webp|woff|woff2|ttf|eot)$ { expires 7d; add_header Cache-Control "public"; access_log off; } location = /favicon.ico { access_log off; log_not_found off; } location = /robots.txt { access_log off; log_not_found off; } error_page 404 /index.php; location ~ \.php$ { fastcgi_pass 127.0.0.1:9000; fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; fastcgi_param HTTPS on; include fastcgi_params; fastcgi_hide_header X-Powered-By; } location ~ /\.(?!well-known).* { deny all; } }