Enable full SSL in CloudFlare
https://www.cloudflare.com/a/crypto/
Generate SSL keys for vps
sudo openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout /etc/nginx/ssl/example.com.key -out /etc/nginx/ssl/example.com.crt
Clear default config & add above config
sudo nano /etc/nginx/sites-available/default
save it.
Restart Server
sudo service nginx reload
HTTPS Server
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
root /var/www/html;
index index.html index.htm index.php;
server_name example.com;
ssl_certificate /etc/nginx/ssl/example.com.crt;
ssl_certificate_key /etc/nginx/ssl/example.com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 180m;
resolver 8.8.8.8 8.8.4.4;
add_header Strict-Transport-Security "max-age=31536000;
#includeSubDomains" always;
#Log Files
access_log /var/log/nginx/flarum.access.log;
error_log /var/log/nginx/flarum.error.log;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location /api {
try_files $uri $uri/ /api.php?$query_string;
}
location /admin {
try_files $uri $uri/ /admin.php?$query_string;
}
location /flarum {
deny all;
return 404;
}
location ~* \.html$ {
expires -1;
}
location ~* \.(css|js|gif|jpe?g|png)$ {
expires 1M;
add_header Pragma public;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
}
#PHP 7 Conf
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
location ~ /\.ht {
deny all;
}
}
HTTP Server
server {
listen 80;
listen [::]:80;
server_name example.com;
return 301 https://$server_name$request_uri;
}
here is the config file :- https://goo.gl/FBGvnT