server {
  listen 80;

  server_name domain.com www.domain.com;
  # 日志路径建议/usr/local/nginx/logs/
  access_log /usr/local/nginx/logs/www.domain.com_nginx.log combined;
  index index.html index.htm index.php;
  root /var/www/html/wordpress;


    location ~ \.php$ {
        include fastcgi_params;
        fastcgi_pass 127.0.0.1:9074;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        try_files $uri =404;
    }

  location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|mp4|ico)$ {
    expires 30d;
    access_log off;
  }
  location ~ .*\.(js|css)?$ {
    expires 7d;
    access_log off;
  }
  location ~ /\.ht {
    deny all;
  }
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    ssl_certificate /usr/local/nginx/conf/ssl/domain.com.crt;
    ssl_certificate_key /usr/local/nginx/conf/ssl/domain.com.key;
    ssl_session_timeout 1d;
    ssl_session_cache shared:MozSSL:10m;  # about 40000 sessions
    ssl_session_tickets off;


    # intermediate configuration
    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
    ssl_prefer_server_ciphers off;

    # OCSP stapling
    ssl_stapling on;
    ssl_stapling_verify on;

    server_name domain.com www.domain.com;
    # 日志路径建议/usr/local/nginx/logs/
    access_log /usr/local/nginx/logs/www.domain.com_nginx.log combined;
    index index.html index.htm index.php;
    root /var/www/html/wordpress;


    location ~ \.php$ {
        include fastcgi_params;
        fastcgi_pass 127.0.0.1:9074;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        try_files $uri =404;
    }

    location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|mp4|ico)$ {
        expires 30d;
        access_log off;
    }
    location ~ .*\.(js|css)?$ {
        expires 7d;
        access_log off;
    }
    location ~ /\.ht {
        deny all;
    }
}