Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- // nginx.conf
- # For more information on configuration, see:
- # * Official English Documentation: http://nginx.org/en/docs/
- # * Official Russian Documentation: http://nginx.org/ru/docs/
- user webhost wwweb;
- worker_processes 1;
- error_log /var/log/nginx/error.log;
- #error_log /var/log/nginx/error.log notice;
- #error_log /var/log/nginx/error.log info;
- pid /run/nginx.pid;
- events {
- worker_connections 1024;
- }
- http {
- include /etc/nginx/mime.types;
- default_type application/octet-stream;
- log_format main '$remote_addr - $remote_user [$time_local] "$request" '
- '$status $body_bytes_sent "$http_referer" '
- '"$http_user_agent" "$http_x_forwarded_for"';
- access_log /var/log/nginx/access.log main;
- sendfile on;
- #tcp_nopush on;
- keepalive_timeout 65;
- gzip on;
- gzip_disable "msie6";
- gzip_vary on;
- gzip_proxied any;
- gzip_comp_level 6;
- gzip_buffers 16 8k;
- gzip_http_version 1.1;
- gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript;
- index index.html index.htm;
- # Load modular configuration files from the /etc/nginx/conf.d directory.
- # See http://nginx.org/en/docs/ngx_core_module.html#include
- # for more information.
- include /etc/nginx/conf.d/*.conf;
- }
- // Actual website conf
- server {
- server_name _;
- rewrite ^ $scheme://www.mydomain.tld$request_uri redirect;
- }
- server {
- listen 80;
- listen 443 ssl spdy;
- server_name www.mydomain.tld mydomain.tld;
- # Buffer size of 1400 bytes fits in one MTU.
- # nginx 1.5.9+ ONLY
- ssl_buffer_size 1400;
- add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload';
- ssl_session_cache shared:SSL:10m;
- ssl_session_timeout 10m;
- keepalive_timeout 75 75;
- ssl_certificate /var/www/mydomain.tld/private/ssl/mydomain.tld.crt;
- ssl_certificate_key /var/www/mydomain.tld/private/ssl/mydomain.tld.key;
- #enables all versions of TLS, but not SSLv2 or 3 which are weak and now deprecated.
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
- #Disables all weak ciphers
- ssl_ciphers "kEECDH+ECDSA+AES128 kEECDH+ECDSA+AES256 kEECDH+AES128 kEECDH+AES256 kEDH+AES128 kEDH+AES256 DES-CBC3-SHA +SHA !aNULL !eNULL !LOW !MD5 !EXP !DSS !PSK !SRP !kECDH !CAMELLIA !RC4 !SEED";
- ssl_prefer_server_ciphers on;
- ssl_dhparam /var/www/mydomain.tld/private/ssl/dhparam2048.pem;
- ssl_stapling on;
- ssl_stapling_verify on;
- resolver 8.8.8.8 8.8.4.4 valid=86400;
- resolver_timeout 10;
- ssl_trusted_certificate /var/www/mydomain.tld/private/ssl/mydomain.tld.crt;
- # set client body size to 5M #
- client_max_body_size 5M;
- access_log /var/www/mydomain.tld/private/logs/access.log main;
- root /var/www/mydomain.tld/public/www;
- index index.php;
- error_page 500 502 503 504 /50x.html;
- location = /50x.html {
- root /usr/share/nginx/html;
- }
- # Global restrictions configuration file.
- # Designed to be included in any server {} block.</p>
- location = /favicon.ico {
- log_not_found off;
- access_log off;
- }
- location = /robots.txt {
- allow all;
- log_not_found off;
- access_log off;
- }
- # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
- # Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
- location ~ /\. {
- deny all;
- }
- # Deny access to any files with a .php extension in the uploads directory
- # Works in sub-directory installs and also in multisite network
- # Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
- location ~* /(?:uploads|files)/.*\.php$ {
- deny all;
- }
- # This order might seem weird - this is attempted to match last if rules below fail.
- # http://wiki.nginx.org/HttpCoreModule
- location / {
- try_files $uri $uri/ /index.php?$args;
- }
- # Add trailing slash to */wp-admin requests.
- rewrite /wp-admin$ $scheme://$host$uri/ permanent;
- # Directives to send expires headers and turn off 404 error logging.
- location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
- access_log off; log_not_found off; expires max;
- }
- # Directives to send expires headers.
- location ~* ^.+\.(css|js)$ {
- expires 14d;
- }
- # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
- #
- location ~ \.php$ {
- fastcgi_pass 127.0.0.1:9000;
- fastcgi_index index.php;
- fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
- include fastcgi_params;
- }
- location @rewrites {
- rewrite ^/sitemap_index\.xml$ /index.php?sitemap=1 last;
- rewrite ^/([^/]+?)-sitemap([0-9]+)?\.xml$ /index.php?sitemap=$1&sitemap_n=$2 last;
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement