Para facilitar la emisión de certificados de nginx en CloudPanel, este script ayuda listando todos los sitios activos y, si están configurados correctamente, permite la emisión de certificados para sus dominios:
__run_ssl_script() {
local VHOST_DIR="/etc/nginx/sites-enabled"
local files=("$VHOST_DIR"/*.conf)
local count=1
local -A DOMAIN_CMD
echo -e "\n\e[1;34mScanning $VHOST_DIR for vhosts...\e[0m"
echo "==========================================================="
for file in "${files[@]}"; do
[ -e "$file" ] || continue
# Grab ALL server_name lines, strip semicolons, carriage returns, and the prefix
local raw_domains
raw_domains=$(awk '/^[ \t]*server_name[ \t]/ {gsub(/;/, ""); gsub(/\r/, ""); gsub(/^[ \t]*server_name[ \t]+/, ""); print}' "$file")
if [ -n "$raw_domains" ]; then
# Read all domains into an array
local all_domains_arr
read -ra all_domains_arr <<< "$raw_domains"
local unique_domains=()
local -A seen_domains
# Loop through domains to deduplicate
local d
for d in "${all_domains_arr[@]}"; do
# Ignore duplicates and the Nginx catch-all "_"
if [[ -z "${seen_domains[$d]}" && "$d" != "_" ]]; then
seen_domains[$d]=1
unique_domains+=("$d")
fi
done
# Proceed only if we have valid domains left
if [ ${#unique_domains[@]} -gt 0 ]; then
local primary="${unique_domains[0]}"
unset 'unique_domains[0]'
local sans=""
local sans_display=""
if [ ${#unique_domains[@]} -gt 0 ]; then
sans=$(IFS=','; echo "${unique_domains[*]}")
sans_display=$(IFS=', '; echo "${unique_domains[*]}")
fi
local cmd="clpctl lets-encrypt:install:certificate --domainName=$primary"
if [ -n "$sans" ]; then
cmd="$cmd --subjectAlternativeName=$sans"
fi
DOMAIN_CMD[$count]="$cmd"
printf " [\e[1;33m%2d\e[0m] \e[1;32m%-30s\e[0m\n" "$count" "$primary"
[ -n "$sans_display" ] && printf " \e[1;30mAliases:\e[0m %s\n" "$sans_display"
printf " \e[1;30mFile:\e[0m %s\n" "$(basename "$file")"
echo "-----------------------------------------------------------"
((count++))
fi
fi
done
if [ $count -eq 1 ]; then
echo "No valid vhosts found."
return
fi
echo ""
# --- FIX: Flush the copy-paste buffer to remove phantom "Enters" ---
while read -r -t 0.1; do :; done < /dev/tty
local choice
read -p $'\e[1;37mEnter the number to generate SSL (or press Enter to cancel):\e[0m ' choice < /dev/tty
if [[ -n "$choice" && -n "${DOMAIN_CMD[$choice]}" ]]; then
echo -e "\n\e[1;32mRunning:\e[0m ${DOMAIN_CMD[$choice]}\n"
eval "${DOMAIN_CMD[$choice]}"
else
echo -e "\n\e[1;31mCanceled or invalid selection.\e[0m"
fi
}
clear
# Execute the function, then immediately remove it from memory
__run_ssl_script
unset -f __run_ssl_scriptPlantillas de vhost:
Sitios estándar PHP:
server {
listen 80;
listen [::]:80;
http2 on;
server_name -default-php.example www.-default-php.example;
return 301 https://-default-php.example$request_uri;
}
### BEGIN Only needed for environment with more than one server_name
server {
listen 443 ssl;
listen [::]:443 ssl;
listen 443 quic;
listen [::]:443 quic;
http2 on;
http3 on;
server_name www.-default-php.example;
{{ssl_certificate_key}}
{{ssl_certificate}}
add_header alt-svc 'h3=":443"; ma=86400' always;
return 301 https://-default-php.example$request_uri;
}
### END Only needed for environment with more than one server_name
server {
listen 443 quic;
listen 443 ssl;
listen [::]:443 quic;
listen [::]:443 ssl;
http2 on;
http3 on;
server_name -default-php.example;
{{ssl_certificate_key}}
{{ssl_certificate}}
{{root}}
{{nginx_access_log}}
{{nginx_error_log}}
{{settings}}
include /etc/nginx/global_settings;
### BEGIN limit static requests
limit_req zone=static burst=500 nodelay;
limit_req_status 429;
### END limit static requests
### BEGIN Enabling Nostr domain validation and Lightning Address
location ~ ^/.well-known/(nostr.json|lnurlp/.*) {
add_header Content-Type application/json always;
add_header Access-Control-Allow-Origin * always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
add_header alt-svc 'h3=":443"; ma=86400' always;
}
### END Enabling Nostr domain validation and Lightning Address
### BEGIN Settings for Traffic Advice
location = /.well-known/traffic-advice {
types { }
default_type "application/trafficadvice+json; charset=utf-8";
allow all;
}
### END Settings for Traffic Advice
### BEGIN General .well-known block
location /.well-known/ {
auth_basic off;
allow all;
}
### END General .well-known block
index index.php index.html;
### BEGIN Deny access to hidden files and version control
location ~ /\.(ht|svn|git) {
deny all;
access_log off;
log_not_found off;
}
### END Deny access to hidden files and version control
# Main Front Controller (Routes pretty URLs to index.php)
location / {
limit_req zone=limit burst=5 nodelay;
limit_req_status 429;
try_files $uri $uri/ /index.php?$args;
}
### BEGIN Static Assets
location ~* ^.+\.(css|js|jpg|jpeg|gif|png|ico|gz|svg|svgz|ttf|otf|woff|woff2|eot|mp4|ogg|ogv|webm|webp|zip|swf|map)$ {
add_header Access-Control-Allow-Origin * always;
add_header Cache-Control "max-age=21600, public, no-transform" always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
add_header X-Content-Type-Options nosniff always;
add_header alt-svc 'h3=":443"; ma=86400' always;
access_log off;
}
### END Static Assets
### BEGIN Admin PHP (Wider Tolerance)
location ~* ^/(admin/.*\.php)$ {
limit_req zone=limit burst=500 nodelay;
limit_req_status 429;
include fastcgi_params;
fastcgi_intercept_errors on;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
try_files $uri =404;
fastcgi_read_timeout 3600;
fastcgi_send_timeout 3600;
fastcgi_param HTTPS "on";
fastcgi_param SERVER_PORT 443;
fastcgi_pass 127.0.0.1:{{php_fpm_port}};
fastcgi_param PHP_VALUE "{{php_settings}}";
}
### END WP-Admin & Login PHP
### BEGIN General PHP Processing (Strict Tolerance)
location ~ \.php$ {
limit_req zone=limit burst=5 nodelay;
limit_req_status 429;
# Split the path into the script name and the path info
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# Check if the actual PHP script exists, not the extended path
try_files $fastcgi_script_name =404;
include fastcgi_params;
fastcgi_intercept_errors on;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_read_timeout 600;
fastcgi_send_timeout 600;
fastcgi_param HTTPS "on";
fastcgi_param SERVER_PORT 443;
fastcgi_pass 127.0.0.1:{{php_fpm_port}};
fastcgi_param PHP_VALUE "{{php_settings}}";
}
### END General PHP Processing
}Sitios estándar Reverse Proxy:
server {
listen 80;
listen [::]:80;
http2 on;
server_name -default-reverse.example www.-default-reverse.example;
return 301 https://-default-reverse.example$request_uri;
}
### BEGIN Only needed for environment with more than one server_name
server {
listen 443 ssl;
listen [::]:443 ssl;
listen 443 quic;
listen [::]:443 quic;
http2 on;
http3 on;
server_name www.-default-reverse.example;
{{ssl_certificate_key}}
{{ssl_certificate}}
add_header alt-svc 'h3=":443"; ma=86400' always;
return 301 https://-default-reverse.example$request_uri;
}
### END Only needed for environment with more than one server_name
server {
listen 443 quic;
listen 443 ssl;
listen [::]:443 quic;
listen [::]:443 ssl;
http2 on;
http3 on;
server_name -default-reverse.example;
{{ssl_certificate_key}}
{{ssl_certificate}}
{{root}}
{{nginx_access_log}}
{{nginx_error_log}}
{{settings}}
include /etc/nginx/global_settings;
### BEGIN Enabling Nostr domain validation and Lightning Address
location ~ ^/.well-known/(nostr.json|lnurlp/.*) {
add_header Content-Type application/json always;
add_header Access-Control-Allow-Origin * always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
add_header alt-svc 'h3=":443"; ma=86400' always;
try_files $uri @reverse_proxy;
}
### END Enabling Nostr domain validation and Lightning Address
### BEGIN Settings for Traffic Advice
location = /.well-known/traffic-advice {
types { }
default_type "application/trafficadvice+json; charset=utf-8";
allow all;
}
### END Settings for Traffic Advice
### BEGIN General .well-known block
location /.well-known/ {
auth_basic off;
allow all;
try_files $uri @reverse_proxy;
}
### END General .well-known block
### BEGIN Fix to improve reversed app capabilities
client_max_body_size 256M;
add_header Cache-Control no-transform;
### END Fix to improve reversed app capabilities
### BEGIN Deny access to hidden files and version control
location ~ /\.(ht|svn|git) {
deny all;
access_log off;
log_not_found off;
}
### END Deny access to hidden files and version control
### BEGIN Main Front Controller
location / {
try_files $uri @reverse_proxy;
}
### END Main Front Controller
### BEGIN General Reverse Proxy
location @reverse_proxy {
proxy_pass {{reverse_proxy_url}};
proxy_http_version 1.1;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_ssl_server_name on;
proxy_ssl_name $host;
proxy_pass_request_headers on;
proxy_max_temp_file_size 0;
proxy_connect_timeout 900;
proxy_send_timeout 900;
proxy_read_timeout 900;
proxy_buffering off;
proxy_cache off;
chunked_transfer_encoding on;
gzip off;
}
### END General Reverse Proxy
}Sitios estándar Estático:
server {
listen 80;
listen [::]:80;
http2 on;
server_name -default-static.example www.-default-static.example;
return 301 https://-default-static.example$request_uri;
}
### BEGIN Only needed for environment with more than one server_name
server {
listen 443 ssl;
listen [::]:443 ssl;
listen 443 quic;
listen [::]:443 quic;
http2 on;
http3 on;
server_name www.-default-static.example;
{{ssl_certificate_key}}
{{ssl_certificate}}
add_header alt-svc 'h3=":443"; ma=86400' always;
return 301 https://-default-static.example$request_uri;
}
### END Only needed for environment with more than one server_name
server {
listen 443 quic;
listen 443 ssl;
listen [::]:443 quic;
listen [::]:443 ssl;
http2 on;
http3 on;
server_name -default-static.example;
{{ssl_certificate_key}}
{{ssl_certificate}}
{{root}}
{{nginx_access_log}}
{{nginx_error_log}}
{{settings}}
include /etc/nginx/global_settings;
### BEGIN limit static requests
limit_req zone=static burst=500 nodelay;
limit_req_status 429;
### END limit static requests
### BEGIN Enabling Nostr domain validation and Lightning Address
location ~ ^/.well-known/(nostr.json|lnurlp/.*) {
add_header Content-Type application/json always;
add_header Access-Control-Allow-Origin * always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
add_header alt-svc 'h3=":443"; ma=86400' always;
}
### END Enabling Nostr domain validation and Lightning Address
### BEGIN Settings for Traffic Advice
location = /.well-known/traffic-advice {
types { }
default_type "application/trafficadvice+json; charset=utf-8";
allow all;
}
### END Settings for Traffic Advice
### BEGIN General .well-known block
location /.well-known/ {
auth_basic off;
allow all;
}
### END General .well-known block
{{settings}}
index index.html index.htm;
### BEGIN Deny access to hidden files and version control
location ~ /\.(ht|svn|git) {
deny all;
access_log off;
log_not_found off;
}
### END Deny access to hidden files and version control
### BEGIN Main Front Controller
location / {
try_files $uri $uri/ =404;
}
### END Main Front Controller
### BEGIN Static Assets (Images, CSS, JS)
location ~* ^.+\.(css|js|jpg|jpeg|gif|png|ico|gz|svg|svgz|ttf|otf|woff|woff2|eot|mp4|ogg|ogv|webm|webp|zip|swf|map)$ {
add_header Access-Control-Allow-Origin * always;
add_header Cache-Control "max-age=21600, public, no-transform" always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
add_header X-Content-Type-Options nosniff always;
add_header alt-svc 'h3=":443"; ma=86400' always;
access_log off;
}
### END Static Assets
}Sitios estándar Estático para redireccionamiento:
server {
listen 80;
listen [::]:80;
http2 on;
server_name -default-static-redirect.example www.-default-static-redirect.example;
return 301 https://-default-static-redirect.example$request_uri;
}
### BEGIN Only needed for environment with more than one server_name
server {
listen 443 ssl;
listen [::]:443 ssl;
listen 443 quic;
listen [::]:443 quic;
http2 on;
http3 on;
server_name www.-default-static-redirect.example;
{{ssl_certificate_key}}
{{ssl_certificate}}
add_header alt-svc 'h3=":443"; ma=86400' always;
return 301 https://-default-static-redirect.example$request_uri;
}
### END Only needed for environment with more than one server_name
server {
listen 443 quic;
listen 443 ssl;
listen [::]:443 quic;
listen [::]:443 ssl;
http2 on;
http3 on;
server_name -default-static-redirect.example;
{{ssl_certificate_key}}
{{ssl_certificate}}
{{root}}
{{nginx_access_log}}
{{nginx_error_log}}
{{settings}}
include /etc/nginx/global_settings;
### BEGIN limit static requests
limit_req zone=static burst=500 nodelay;
limit_req_status 429;
### END limit static requests
### BEGIN Enabling Nostr domain validation and Lightning Address
location ~ ^/.well-known/(nostr.json|lnurlp/.*) {
add_header Content-Type application/json always;
add_header Access-Control-Allow-Origin * always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
add_header alt-svc 'h3=":443"; ma=86400' always;
}
### END Enabling Nostr domain validation and Lightning Address
### BEGIN Settings for Traffic Advice
location = /.well-known/traffic-advice {
types { }
default_type "application/trafficadvice+json; charset=utf-8";
allow all;
}
### END Settings for Traffic Advice
### BEGIN General .well-known block
location /.well-known/ {
auth_basic off;
allow all;
}
### END General .well-known block
### BEGIN Redirect all requests
location / {
return 301 https://new.example/;
}
### END Redirect all requests
}Sitios estándar Wordpress (sitio único):
server {
listen 80;
listen [::]:80;
http2 on;
server_name -default-wordpress-singlesite.example www.-default-wordpress-singlesite.example;
return 301 https://-default-wordpress-singlesite.example$request_uri;
}
### BEGIN Only needed for environment with more than one server_name
server {
listen 443 ssl;
listen [::]:443 ssl;
listen 443 quic;
listen [::]:443 quic;
http2 on;
http3 on;
server_name www.-default-wordpress-singlesite.example;
{{ssl_certificate_key}}
{{ssl_certificate}}
add_header alt-svc 'h3=":443"; ma=86400' always;
return 301 https://-default-wordpress-singlesite.example$request_uri;
}
### END Only needed for environment with more than one server_name
server {
listen 443 quic;
listen 443 ssl;
listen [::]:443 quic;
listen [::]:443 ssl;
http2 on;
http3 on;
server_name -default-wordpress-singlesite.example;
{{ssl_certificate_key}}
{{ssl_certificate}}
{{root}}
{{nginx_access_log}}
{{nginx_error_log}}
{{settings}}
include /etc/nginx/global_settings;
### BEGIN limit static requests
limit_req zone=static burst=500 nodelay;
limit_req_status 429;
### END limit static requests
### BEGIN Enabling Nostr domain validation and Lightning Address
location ~ ^/.well-known/(nostr.json|lnurlp/.*) {
add_header Content-Type application/json always;
add_header Access-Control-Allow-Origin * always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
add_header alt-svc 'h3=":443"; ma=86400' always;
}
### END Enabling Nostr domain validation and Lightning Address
### BEGIN Settings for Traffic Advice
location = /.well-known/traffic-advice {
types { }
default_type "application/trafficadvice+json; charset=utf-8";
allow all;
}
### END Settings for Traffic Advice
### BEGIN General .well-known block
location /.well-known/ {
auth_basic off;
allow all;
}
### END General .well-known block
index index.php index.html;
### BEGIN Deny access to hidden files and version control
location ~ /\.(ht|svn|git) {
deny all;
access_log off;
log_not_found off;
}
### END Deny access to hidden files and version control
### BEGIN Block for WordPress legacy RPC
location = /xmlrpc.php {
deny all;
}
### END Block for WordPress legacy RPC
### BEGIN Main Front Controller
location / {
limit_req zone=limit burst=5 nodelay;
limit_req_status 429;
try_files $uri $uri/ /index.php?$args;
}
### END Main Front Controller
### BEGIN Static Assets
location ~* ^.+\.(css|js|jpg|jpeg|gif|png|ico|gz|svg|svgz|ttf|otf|woff|woff2|eot|mp4|ogg|ogv|webm|webp|zip|swf|map)$ {
add_header Access-Control-Allow-Origin * always;
add_header Cache-Control "max-age=21600, public, no-transform" always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
add_header X-Content-Type-Options nosniff always;
add_header alt-svc 'h3=":443"; ma=86400' always;
access_log off;
}
### END Static Assets
### BEGIN WP-Admin & Login PHP (Wider Tolerance)
location ~* ^/(wp-admin/.*\.php|wp-login\.php)$ {
limit_req zone=limit burst=500 nodelay;
limit_req_status 429;
include fastcgi_params;
fastcgi_intercept_errors on;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
try_files $uri =404;
fastcgi_read_timeout 3600;
fastcgi_send_timeout 3600;
fastcgi_param HTTPS "on";
fastcgi_param SERVER_PORT 443;
fastcgi_pass 127.0.0.1:{{php_fpm_port}};
fastcgi_param PHP_VALUE "{{php_settings}}";
}
### END WP-Admin & Login PHP
### BEGIN General PHP Processing (Strict Tolerance)
location ~ \.php$ {
limit_req zone=limit burst=5 nodelay;
limit_req_status 429;
include fastcgi_params;
fastcgi_intercept_errors on;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
try_files $uri =404;
fastcgi_read_timeout 600;
fastcgi_send_timeout 600;
fastcgi_param HTTPS "on";
fastcgi_param SERVER_PORT 443;
fastcgi_pass 127.0.0.1:{{php_fpm_port}};
fastcgi_param PHP_VALUE "{{php_settings}}";
}
### END General PHP Processing
}Sitios estándar Wordpress (modo MultiSite habilitado):
server {
listen 80;
listen [::]:80;
http2 on;
server_name -default-wordpress-multisite.example www.-default-wordpress-multisite.example;
return 301 https://-default-wordpress-multisite.example$request_uri;
}
### BEGIN Only needed for environment with more than one server_name
server {
listen 443 ssl;
listen [::]:443 ssl;
listen 443 quic;
listen [::]:443 quic;
http2 on;
http3 on;
server_name www.-default-wordpress-multisite.example;
{{ssl_certificate_key}}
{{ssl_certificate}}
add_header alt-svc 'h3=":443"; ma=86400' always;
return 301 https://-default-wordpress-multisite.example$request_uri;
}
### END Only needed for environment with more than one server_name
server {
listen 443 quic;
listen 443 ssl;
listen [::]:443 quic;
listen [::]:443 ssl;
http2 on;
http3 on;
server_name -default-wordpress-multisite.example;
{{ssl_certificate_key}}
{{ssl_certificate}}
{{root}}
{{nginx_access_log}}
{{nginx_error_log}}
{{settings}}
include /etc/nginx/global_settings;
### BEGIN limit static requests (Applies globally to anything not specifically overridden)
limit_req zone=static burst=500 nodelay;
limit_req_status 429;
### END limit static requests
### BEGIN Enabling Nostr domain validation and Lightning Address
location ~ ^/.well-known/(nostr.json|lnurlp/.*) {
add_header Content-Type application/json always;
add_header Access-Control-Allow-Origin * always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
add_header alt-svc 'h3=":443"; ma=86400' always;
}
### END Enabling Nostr domain validation and Lightning Address
### BEGIN Settings for Traffic Advice
location = /.well-known/traffic-advice {
types { }
default_type "application/trafficadvice+json; charset=utf-8";
allow all;
}
### END Settings for Traffic Advice
### BEGIN General .well-known block
location /.well-known/ {
auth_basic off;
allow all;
}
### END General .well-known block
index index.php index.html;
### BEGIN Deny access to hidden files and version control
location ~ /\.(ht|svn|git) {
deny all;
access_log off;
log_not_found off;
}
### END Deny access to hidden files and version control
### BEGIN Block for WordPress legacy RPC
location = /xmlrpc.php {
deny all;
}
### END Block for WordPress legacy RPC
### BEGIN WordPress Multisite Subdirectory Rewrites
if (!-e $request_filename) {
rewrite /wp-admin$ https://$host$uri/ permanent;
rewrite ^/[_0-9a-zA-Z-]+(/wp-.*) $1 last;
rewrite ^/[_0-9a-zA-Z-]+(/.*\.php)$ $1 last;
}
### END WordPress Multisite Subdirectory Rewrites
### BEGIN Main Front Controller
location / {
limit_req zone=limit burst=5 nodelay;
limit_req_status 429;
try_files $uri $uri/ /index.php?$args;
}
### END Main Front Controller
### BEGIN Static Assets
location ~* ^.+\.(css|js|jpg|jpeg|gif|png|ico|gz|svg|svgz|ttf|otf|woff|woff2|eot|mp4|ogg|ogv|webm|webp|zip|swf|map)$ {
# WordPress Multisite Subdirectory Static Rewrite
rewrite ^/[_0-9a-zA-Z-]+(/wp-.*) $1 break;
add_header Access-Control-Allow-Origin * always;
add_header Cache-Control "max-age=21600, public, no-transform" always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
add_header X-Content-Type-Options nosniff always;
add_header alt-svc 'h3=":443"; ma=86400' always;
access_log off;
}
### END Static Assets
### BEGIN WP-Admin & Login PHP (Wider Tolerance)
location ~* ^/(wp-admin/.*\.php|wp-login\.php)$ {
limit_req zone=limit burst=500 nodelay;
limit_req_status 429;
include fastcgi_params;
fastcgi_intercept_errors on;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
try_files $uri =404;
fastcgi_read_timeout 3600;
fastcgi_send_timeout 3600;
fastcgi_param HTTPS "on";
fastcgi_param SERVER_PORT 443;
fastcgi_pass 127.0.0.1:{{php_fpm_port}};
fastcgi_param PHP_VALUE "{{php_settings}}";
}
### END WP-Admin & Login PHP
### BEGIN General PHP Processing (Strict Tolerance)
location ~ \.php$ {
limit_req zone=limit burst=5 nodelay;
limit_req_status 429;
include fastcgi_params;
fastcgi_intercept_errors on;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
try_files $uri =404;
fastcgi_read_timeout 600;
fastcgi_send_timeout 600;
fastcgi_param HTTPS "on";
fastcgi_param SERVER_PORT 443;
fastcgi_pass 127.0.0.1:{{php_fpm_port}};
fastcgi_param PHP_VALUE "{{php_settings}}";
}
### END General PHP Processing
}¡Listo!