# generated 2023-06-21, Mozilla Guideline v5.7, nginx 1.17.7, OpenSSL 1.1.1k, modern configuration # https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=modern&openssl=1.1.1k&guideline=5.7 server { listen 80 http2; listen [::]:80 http2; server_name = localhost $hostname; access_log /var/log/nginx/zoneminder.access_log main; error_log /var/log/nginx/zoneminder.error_log info; location / { return 301 https://$host$request_uri; } } server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name = localhost $hostname; root "/usr/share/zoneminder/www"; access_log /var/log/nginx/zoneminder.ssl_access_log main; error_log /var/log/nginx/zoneminder.ssl_error_log info; ssl_certificate "/etc/ssl/nginx/zoneminder.crt"; ssl_certificate_key "/etc/ssl/nginx/zoneminder.key"; ssl_session_timeout 1d; ssl_session_cache shared:MozSSL:10m; # about 40000 sessions ssl_session_tickets off; # modern configuration ssl_protocols TLSv1.3; ssl_prefer_server_ciphers off; # HSTS (ngx_http_headers_module is required) (63072000 seconds) add_header Strict-Transport-Security "max-age=63072000" always; # Auto redirect to server/zm when no url suffix was given #location = / { # return 301 zm; #} location /zm/cgi-bin { gzip off; alias "/usr/libexec/zoneminder/cgi-bin"; include /etc/nginx/fastcgi_params; fastcgi_param SCRIPT_FILENAME $request_filename; fastcgi_pass unix:/run/fcgiwrap-nginx.sock-1; } location /zm/cache { alias "/var/cache/zoneminder"; } location /zm { gzip off; alias "/usr/share/zoneminder/www"; index index.php; location ~ \.php$ { try_files $uri =404; expires epoch; include /etc/nginx/fastcgi_params; fastcgi_param SCRIPT_FILENAME $request_filename; fastcgi_index index.php; fastcgi_pass unix:/run/php-fpm.socket; } location ~ \.(jpg|jpeg|gif|png|ico)$ { access_log off; expires 33d; } location /zm/api/ { alias "/usr/share/zoneminder/www"; rewrite ^/zm/api(.+)$ /zm/api/app/webroot/index.php?p=$1 last; } } }