Para facilitar a emissão de certificados do nginx no CloudPanel, esse script ajuda listando todos os sites ativos e, se configurados corretamente, permitem a emissão de certificados para seus domínios:
__run_ssl_script() {
local VHOST_DIR="/etc/nginx/sites-enabled"
local files=("$VHOST_DIR"/*.conf)
local count=1
local -A DOMAIN_CMD
echo -e "\n\e[1;34mScanning $VHOST_DIR for vhosts...\e[0m"
echo "==========================================================="
for file in "${files[@]}"; do
[ -e "$file" ] || continue
# Grab ALL server_name lines, strip semicolons, carriage returns, and the prefix
local raw_domains
raw_domains=$(awk '/^[ \t]*server_name[ \t]/ {gsub(/;/, ""); gsub(/\r/, ""); gsub(/^[ \t]*server_name[ \t]+/, ""); print}' "$file")
if [ -n "$raw_domains" ]; then
# Read all domains into an array
local all_domains_arr
read -ra all_domains_arr <<< "$raw_domains"
local unique_domains=()
local -A seen_domains
# Loop through domains to deduplicate
local d
for d in "${all_domains_arr[@]}"; do
# Ignore duplicates and the Nginx catch-all "_"
if [[ -z "${seen_domains[$d]}" && "$d" != "_" ]]; then
seen_domains[$d]=1
unique_domains+=("$d")
fi
done
# Proceed only if we have valid domains left
if [ ${#unique_domains[@]} -gt 0 ]; then
local primary="${unique_domains[0]}"
unset 'unique_domains[0]'
local sans=""
local sans_display=""
if [ ${#unique_domains[@]} -gt 0 ]; then
sans=$(IFS=','; echo "${unique_domains[*]}")
sans_display=$(IFS=', '; echo "${unique_domains[*]}")
fi
local cmd="clpctl lets-encrypt:install:certificate --domainName=$primary"
if [ -n "$sans" ]; then
cmd="$cmd --subjectAlternativeName=$sans"
fi
DOMAIN_CMD[$count]="$cmd"
printf " [\e[1;33m%2d\e[0m] \e[1;32m%-30s\e[0m\n" "$count" "$primary"
[ -n "$sans_display" ] && printf " \e[1;30mAliases:\e[0m %s\n" "$sans_display"
printf " \e[1;30mFile:\e[0m %s\n" "$(basename "$file")"
echo "-----------------------------------------------------------"
((count++))
fi
fi
done
if [ $count -eq 1 ]; then
echo "No valid vhosts found."
return
fi
echo ""
# --- FIX: Flush the copy-paste buffer to remove phantom "Enters" ---
while read -r -t 0.1; do :; done < /dev/tty
local choice
read -p $'\e[1;37mEnter the number to generate SSL (or press Enter to cancel):\e[0m ' choice < /dev/tty
if [[ -n "$choice" && -n "${DOMAIN_CMD[$choice]}" ]]; then
echo -e "\n\e[1;32mRunning:\e[0m ${DOMAIN_CMD[$choice]}\n"
eval "${DOMAIN_CMD[$choice]}"
else
echo -e "\n\e[1;31mCanceled or invalid selection.\e[0m"
fi
}
clear
# Execute the function, then immediately remove it from memory
__run_ssl_script
unset -f __run_ssl_scriptPadrões de vhost:
Sites padrão PHP:
server {
listen 80;
listen [::]:80;
http2 on;
server_name -default-php.example www.-default-php.example;
return 301 https://-default-php.example$request_uri;
}
### BEGIN Only needed for environment with more than one server_name
server {
listen 443 ssl;
listen [::]:443 ssl;
listen 443 quic;
listen [::]:443 quic;
http2 on;
http3 on;
server_name www.-default-php.example;
{{ssl_certificate_key}}
{{ssl_certificate}}
add_header alt-svc 'h3=":443"; ma=86400' always;
return 301 https://-default-php.example$request_uri;
}
### END Only needed for environment with more than one server_name
server {
listen 443 quic;
listen 443 ssl;
listen [::]:443 quic;
listen [::]:443 ssl;
http2 on;
http3 on;
server_name -default-php.example;
{{ssl_certificate_key}}
{{ssl_certificate}}
{{root}}
{{nginx_access_log}}
{{nginx_error_log}}
{{settings}}
include /etc/nginx/global_settings;
### BEGIN limit static requests
limit_req zone=static burst=500 nodelay;
limit_req_status 429;
### END limit static requests
### BEGIN Enabling Nostr domain validation and Lightning Address
location ~ ^/.well-known/(nostr.json|lnurlp/.*) {
add_header Content-Type application/json always;
add_header Access-Control-Allow-Origin * always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
add_header alt-svc 'h3=":443"; ma=86400' always;
}
### END Enabling Nostr domain validation and Lightning Address
### BEGIN Settings for Traffic Advice
location = /.well-known/traffic-advice {
types { }
default_type "application/trafficadvice+json; charset=utf-8";
allow all;
}
### END Settings for Traffic Advice
### BEGIN General .well-known block
location /.well-known/ {
auth_basic off;
allow all;
}
### END General .well-known block
index index.php index.html;
### BEGIN Deny access to hidden files and version control
location ~ /\.(ht|svn|git) {
deny all;
access_log off;
log_not_found off;
}
### END Deny access to hidden files and version control
# Main Front Controller (Routes pretty URLs to index.php)
location / {
limit_req zone=limit burst=5 nodelay;
limit_req_status 429;
try_files $uri $uri/ /index.php?$args;
}
### BEGIN Static Assets
location ~* ^.+\.(css|js|jpg|jpeg|gif|png|ico|gz|svg|svgz|ttf|otf|woff|woff2|eot|mp4|ogg|ogv|webm|webp|zip|swf|map)$ {
add_header Access-Control-Allow-Origin * always;
add_header Cache-Control "max-age=21600, public, no-transform" always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
add_header X-Content-Type-Options nosniff always;
add_header alt-svc 'h3=":443"; ma=86400' always;
access_log off;
}
### END Static Assets
### BEGIN Admin PHP (Wider Tolerance)
location ~* ^/(admin/.*\.php)$ {
limit_req zone=limit burst=500 nodelay;
limit_req_status 429;
include fastcgi_params;
fastcgi_intercept_errors on;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
try_files $uri =404;
fastcgi_read_timeout 3600;
fastcgi_send_timeout 3600;
fastcgi_param HTTPS "on";
fastcgi_param SERVER_PORT 443;
fastcgi_pass 127.0.0.1:{{php_fpm_port}};
fastcgi_param PHP_VALUE "{{php_settings}}";
}
### END WP-Admin & Login PHP
### BEGIN General PHP Processing (Strict Tolerance)
location ~ \.php$ {
limit_req zone=limit burst=5 nodelay;
limit_req_status 429;
# Split the path into the script name and the path info
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# Check if the actual PHP script exists, not the extended path
try_files $fastcgi_script_name =404;
include fastcgi_params;
fastcgi_intercept_errors on;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_read_timeout 600;
fastcgi_send_timeout 600;
fastcgi_param HTTPS "on";
fastcgi_param SERVER_PORT 443;
fastcgi_pass 127.0.0.1:{{php_fpm_port}};
fastcgi_param PHP_VALUE "{{php_settings}}";
}
### END General PHP Processing
}Sites padrão Reverse Proxy:
server {
listen 80;
listen [::]:80;
http2 on;
server_name -default-reverse.example www.-default-reverse.example;
return 301 https://-default-reverse.example$request_uri;
}
### BEGIN Only needed for environment with more than one server_name
server {
listen 443 ssl;
listen [::]:443 ssl;
listen 443 quic;
listen [::]:443 quic;
http2 on;
http3 on;
server_name www.-default-reverse.example;
{{ssl_certificate_key}}
{{ssl_certificate}}
add_header alt-svc 'h3=":443"; ma=86400' always;
return 301 https://-default-reverse.example$request_uri;
}
### END Only needed for environment with more than one server_name
server {
listen 443 quic;
listen 443 ssl;
listen [::]:443 quic;
listen [::]:443 ssl;
http2 on;
http3 on;
server_name -default-reverse.example;
{{ssl_certificate_key}}
{{ssl_certificate}}
{{root}}
{{nginx_access_log}}
{{nginx_error_log}}
{{settings}}
include /etc/nginx/global_settings;
### BEGIN Enabling Nostr domain validation and Lightning Address
location ~ ^/.well-known/(nostr.json|lnurlp/.*) {
add_header Content-Type application/json always;
add_header Access-Control-Allow-Origin * always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
add_header alt-svc 'h3=":443"; ma=86400' always;
try_files $uri @reverse_proxy;
}
### END Enabling Nostr domain validation and Lightning Address
### BEGIN Settings for Traffic Advice
location = /.well-known/traffic-advice {
types { }
default_type "application/trafficadvice+json; charset=utf-8";
allow all;
}
### END Settings for Traffic Advice
### BEGIN General .well-known block
location /.well-known/ {
auth_basic off;
allow all;
try_files $uri @reverse_proxy;
}
### END General .well-known block
### BEGIN Fix to improve reversed app capabilities
client_max_body_size 256M;
add_header Cache-Control no-transform;
### END Fix to improve reversed app capabilities
### BEGIN Deny access to hidden files and version control
location ~ /\.(ht|svn|git) {
deny all;
access_log off;
log_not_found off;
}
### END Deny access to hidden files and version control
### BEGIN Main Front Controller
location / {
try_files $uri @reverse_proxy;
}
### END Main Front Controller
### BEGIN General Reverse Proxy
location @reverse_proxy {
proxy_pass {{reverse_proxy_url}};
proxy_http_version 1.1;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_ssl_server_name on;
proxy_ssl_name $host;
proxy_pass_request_headers on;
proxy_max_temp_file_size 0;
proxy_connect_timeout 900;
proxy_send_timeout 900;
proxy_read_timeout 900;
proxy_buffering off;
proxy_cache off;
chunked_transfer_encoding on;
gzip off;
}
### END General Reverse Proxy
}Sites padrão Estático:
server {
listen 80;
listen [::]:80;
http2 on;
server_name -default-static.example www.-default-static.example;
return 301 https://-default-static.example$request_uri;
}
### BEGIN Only needed for environment with more than one server_name
server {
listen 443 ssl;
listen [::]:443 ssl;
listen 443 quic;
listen [::]:443 quic;
http2 on;
http3 on;
server_name www.-default-static.example;
{{ssl_certificate_key}}
{{ssl_certificate}}
add_header alt-svc 'h3=":443"; ma=86400' always;
return 301 https://-default-static.example$request_uri;
}
### END Only needed for environment with more than one server_name
server {
listen 443 quic;
listen 443 ssl;
listen [::]:443 quic;
listen [::]:443 ssl;
http2 on;
http3 on;
server_name -default-static.example;
{{ssl_certificate_key}}
{{ssl_certificate}}
{{root}}
{{nginx_access_log}}
{{nginx_error_log}}
{{settings}}
include /etc/nginx/global_settings;
### BEGIN limit static requests
limit_req zone=static burst=500 nodelay;
limit_req_status 429;
### END limit static requests
### BEGIN Enabling Nostr domain validation and Lightning Address
location ~ ^/.well-known/(nostr.json|lnurlp/.*) {
add_header Content-Type application/json always;
add_header Access-Control-Allow-Origin * always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
add_header alt-svc 'h3=":443"; ma=86400' always;
}
### END Enabling Nostr domain validation and Lightning Address
### BEGIN Settings for Traffic Advice
location = /.well-known/traffic-advice {
types { }
default_type "application/trafficadvice+json; charset=utf-8";
allow all;
}
### END Settings for Traffic Advice
### BEGIN General .well-known block
location /.well-known/ {
auth_basic off;
allow all;
}
### END General .well-known block
{{settings}}
index index.html index.htm;
### BEGIN Deny access to hidden files and version control
location ~ /\.(ht|svn|git) {
deny all;
access_log off;
log_not_found off;
}
### END Deny access to hidden files and version control
### BEGIN Main Front Controller
location / {
try_files $uri $uri/ =404;
}
### END Main Front Controller
### BEGIN Static Assets (Images, CSS, JS)
location ~* ^.+\.(css|js|jpg|jpeg|gif|png|ico|gz|svg|svgz|ttf|otf|woff|woff2|eot|mp4|ogg|ogv|webm|webp|zip|swf|map)$ {
add_header Access-Control-Allow-Origin * always;
add_header Cache-Control "max-age=21600, public, no-transform" always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
add_header X-Content-Type-Options nosniff always;
add_header alt-svc 'h3=":443"; ma=86400' always;
access_log off;
}
### END Static Assets
}Sites padrão Estático para redirecionamento:
server {
listen 80;
listen [::]:80;
http2 on;
server_name -default-static-redirect.example www.-default-static-redirect.example;
return 301 https://-default-static-redirect.example$request_uri;
}
### BEGIN Only needed for environment with more than one server_name
server {
listen 443 ssl;
listen [::]:443 ssl;
listen 443 quic;
listen [::]:443 quic;
http2 on;
http3 on;
server_name www.-default-static-redirect.example;
{{ssl_certificate_key}}
{{ssl_certificate}}
add_header alt-svc 'h3=":443"; ma=86400' always;
return 301 https://-default-static-redirect.example$request_uri;
}
### END Only needed for environment with more than one server_name
server {
listen 443 quic;
listen 443 ssl;
listen [::]:443 quic;
listen [::]:443 ssl;
http2 on;
http3 on;
server_name -default-static-redirect.example;
{{ssl_certificate_key}}
{{ssl_certificate}}
{{root}}
{{nginx_access_log}}
{{nginx_error_log}}
{{settings}}
include /etc/nginx/global_settings;
### BEGIN limit static requests
limit_req zone=static burst=500 nodelay;
limit_req_status 429;
### END limit static requests
### BEGIN Enabling Nostr domain validation and Lightning Address
location ~ ^/.well-known/(nostr.json|lnurlp/.*) {
add_header Content-Type application/json always;
add_header Access-Control-Allow-Origin * always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
add_header alt-svc 'h3=":443"; ma=86400' always;
}
### END Enabling Nostr domain validation and Lightning Address
### BEGIN Settings for Traffic Advice
location = /.well-known/traffic-advice {
types { }
default_type "application/trafficadvice+json; charset=utf-8";
allow all;
}
### END Settings for Traffic Advice
### BEGIN General .well-known block
location /.well-known/ {
auth_basic off;
allow all;
}
### END General .well-known block
### BEGIN Redirect all requests
location / {
return 301 https://new.example/;
}
### END Redirect all requests
}Sites padrão Wordpress (site único):
server {
listen 80;
listen [::]:80;
http2 on;
server_name -default-wordpress-singlesite.example www.-default-wordpress-singlesite.example;
return 301 https://-default-wordpress-singlesite.example$request_uri;
}
### BEGIN Only needed for environment with more than one server_name
server {
listen 443 ssl;
listen [::]:443 ssl;
listen 443 quic;
listen [::]:443 quic;
http2 on;
http3 on;
server_name www.-default-wordpress-singlesite.example;
{{ssl_certificate_key}}
{{ssl_certificate}}
add_header alt-svc 'h3=":443"; ma=86400' always;
return 301 https://-default-wordpress-singlesite.example$request_uri;
}
### END Only needed for environment with more than one server_name
server {
listen 443 quic;
listen 443 ssl;
listen [::]:443 quic;
listen [::]:443 ssl;
http2 on;
http3 on;
server_name -default-wordpress-singlesite.example;
{{ssl_certificate_key}}
{{ssl_certificate}}
{{root}}
{{nginx_access_log}}
{{nginx_error_log}}
{{settings}}
include /etc/nginx/global_settings;
### BEGIN limit static requests
limit_req zone=static burst=500 nodelay;
limit_req_status 429;
### END limit static requests
### BEGIN Enabling Nostr domain validation and Lightning Address
location ~ ^/.well-known/(nostr.json|lnurlp/.*) {
add_header Content-Type application/json always;
add_header Access-Control-Allow-Origin * always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
add_header alt-svc 'h3=":443"; ma=86400' always;
}
### END Enabling Nostr domain validation and Lightning Address
### BEGIN Settings for Traffic Advice
location = /.well-known/traffic-advice {
types { }
default_type "application/trafficadvice+json; charset=utf-8";
allow all;
}
### END Settings for Traffic Advice
### BEGIN General .well-known block
location /.well-known/ {
auth_basic off;
allow all;
}
### END General .well-known block
index index.php index.html;
### BEGIN Deny access to hidden files and version control
location ~ /\.(ht|svn|git) {
deny all;
access_log off;
log_not_found off;
}
### END Deny access to hidden files and version control
### BEGIN Block for WordPress legacy RPC
location = /xmlrpc.php {
deny all;
}
### END Block for WordPress legacy RPC
### BEGIN Main Front Controller
location / {
limit_req zone=limit burst=5 nodelay;
limit_req_status 429;
try_files $uri $uri/ /index.php?$args;
}
### END Main Front Controller
### BEGIN Static Assets
location ~* ^.+\.(css|js|jpg|jpeg|gif|png|ico|gz|svg|svgz|ttf|otf|woff|woff2|eot|mp4|ogg|ogv|webm|webp|zip|swf|map)$ {
add_header Access-Control-Allow-Origin * always;
add_header Cache-Control "max-age=21600, public, no-transform" always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
add_header X-Content-Type-Options nosniff always;
add_header alt-svc 'h3=":443"; ma=86400' always;
access_log off;
}
### END Static Assets
### BEGIN WP-Admin & Login PHP (Wider Tolerance)
location ~* ^/(wp-admin/.*\.php|wp-login\.php)$ {
limit_req zone=limit burst=500 nodelay;
limit_req_status 429;
include fastcgi_params;
fastcgi_intercept_errors on;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
try_files $uri =404;
fastcgi_read_timeout 3600;
fastcgi_send_timeout 3600;
fastcgi_param HTTPS "on";
fastcgi_param SERVER_PORT 443;
fastcgi_pass 127.0.0.1:{{php_fpm_port}};
fastcgi_param PHP_VALUE "{{php_settings}}";
}
### END WP-Admin & Login PHP
### BEGIN General PHP Processing (Strict Tolerance)
location ~ \.php$ {
limit_req zone=limit burst=5 nodelay;
limit_req_status 429;
include fastcgi_params;
fastcgi_intercept_errors on;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
try_files $uri =404;
fastcgi_read_timeout 600;
fastcgi_send_timeout 600;
fastcgi_param HTTPS "on";
fastcgi_param SERVER_PORT 443;
fastcgi_pass 127.0.0.1:{{php_fpm_port}};
fastcgi_param PHP_VALUE "{{php_settings}}";
}
### END General PHP Processing
}Sites padrão Wordpress (modo MultiSite habilitado):
server {
listen 80;
listen [::]:80;
http2 on;
server_name -default-wordpress-multisite.example www.-default-wordpress-multisite.example;
return 301 https://-default-wordpress-multisite.example$request_uri;
}
### BEGIN Only needed for environment with more than one server_name
server {
listen 443 ssl;
listen [::]:443 ssl;
listen 443 quic;
listen [::]:443 quic;
http2 on;
http3 on;
server_name www.-default-wordpress-multisite.example;
{{ssl_certificate_key}}
{{ssl_certificate}}
add_header alt-svc 'h3=":443"; ma=86400' always;
return 301 https://-default-wordpress-multisite.example$request_uri;
}
### END Only needed for environment with more than one server_name
server {
listen 443 quic;
listen 443 ssl;
listen [::]:443 quic;
listen [::]:443 ssl;
http2 on;
http3 on;
server_name -default-wordpress-multisite.example;
{{ssl_certificate_key}}
{{ssl_certificate}}
{{root}}
{{nginx_access_log}}
{{nginx_error_log}}
{{settings}}
include /etc/nginx/global_settings;
### BEGIN limit static requests (Applies globally to anything not specifically overridden)
limit_req zone=static burst=500 nodelay;
limit_req_status 429;
### END limit static requests
### BEGIN Enabling Nostr domain validation and Lightning Address
location ~ ^/.well-known/(nostr.json|lnurlp/.*) {
add_header Content-Type application/json always;
add_header Access-Control-Allow-Origin * always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
add_header alt-svc 'h3=":443"; ma=86400' always;
}
### END Enabling Nostr domain validation and Lightning Address
### BEGIN Settings for Traffic Advice
location = /.well-known/traffic-advice {
types { }
default_type "application/trafficadvice+json; charset=utf-8";
allow all;
}
### END Settings for Traffic Advice
### BEGIN General .well-known block
location /.well-known/ {
auth_basic off;
allow all;
}
### END General .well-known block
index index.php index.html;
### BEGIN Deny access to hidden files and version control
location ~ /\.(ht|svn|git) {
deny all;
access_log off;
log_not_found off;
}
### END Deny access to hidden files and version control
### BEGIN Block for WordPress legacy RPC
location = /xmlrpc.php {
deny all;
}
### END Block for WordPress legacy RPC
### BEGIN WordPress Multisite Subdirectory Rewrites
if (!-e $request_filename) {
rewrite /wp-admin$ https://$host$uri/ permanent;
rewrite ^/[_0-9a-zA-Z-]+(/wp-.*) $1 last;
rewrite ^/[_0-9a-zA-Z-]+(/.*\.php)$ $1 last;
}
### END WordPress Multisite Subdirectory Rewrites
### BEGIN Main Front Controller
location / {
limit_req zone=limit burst=5 nodelay;
limit_req_status 429;
try_files $uri $uri/ /index.php?$args;
}
### END Main Front Controller
### BEGIN Static Assets
location ~* ^.+\.(css|js|jpg|jpeg|gif|png|ico|gz|svg|svgz|ttf|otf|woff|woff2|eot|mp4|ogg|ogv|webm|webp|zip|swf|map)$ {
# WordPress Multisite Subdirectory Static Rewrite
rewrite ^/[_0-9a-zA-Z-]+(/wp-.*) $1 break;
add_header Access-Control-Allow-Origin * always;
add_header Cache-Control "max-age=21600, public, no-transform" always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
add_header X-Content-Type-Options nosniff always;
add_header alt-svc 'h3=":443"; ma=86400' always;
access_log off;
}
### END Static Assets
### BEGIN WP-Admin & Login PHP (Wider Tolerance)
location ~* ^/(wp-admin/.*\.php|wp-login\.php)$ {
limit_req zone=limit burst=500 nodelay;
limit_req_status 429;
include fastcgi_params;
fastcgi_intercept_errors on;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
try_files $uri =404;
fastcgi_read_timeout 3600;
fastcgi_send_timeout 3600;
fastcgi_param HTTPS "on";
fastcgi_param SERVER_PORT 443;
fastcgi_pass 127.0.0.1:{{php_fpm_port}};
fastcgi_param PHP_VALUE "{{php_settings}}";
}
### END WP-Admin & Login PHP
### BEGIN General PHP Processing (Strict Tolerance)
location ~ \.php$ {
limit_req zone=limit burst=5 nodelay;
limit_req_status 429;
include fastcgi_params;
fastcgi_intercept_errors on;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
try_files $uri =404;
fastcgi_read_timeout 600;
fastcgi_send_timeout 600;
fastcgi_param HTTPS "on";
fastcgi_param SERVER_PORT 443;
fastcgi_pass 127.0.0.1:{{php_fpm_port}};
fastcgi_param PHP_VALUE "{{php_settings}}";
}
### END General PHP Processing
}Feito!