Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #x# HTTPS-DEFAULT
- server {
- server_name mydomain.com www.mydomain.com;
- return 302 https://$server_name$request_uri;
- include /usr/local/nginx/conf/staticfiles-hsts.conf;
- }
- server {
- listen 443 ssl http2;
- server_name mydomain.com www.mydomain.com;
- include /usr/local/nginx/conf/ssl/mydomain.com/mydomain.com.crt.key.conf;
- include /usr/local/nginx/conf/ssl_include.conf;
- http2_max_field_size 16k;
- http2_max_header_size 32k;
- # mozilla recommended
- ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+ECDSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+SHA384:EECDH+AES128:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!CAMELLIA;
- ssl_prefer_server_ciphers on;
- #add_header Alternate-Protocol 443:npn-spdy/3;
- # before enabling HSTS line below read centminmod.com/nginx_domain_dns_setup.html#hsts
- add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
- #add_header X-Frame-Options SAMEORIGIN;
- #add_header X-Xss-Protection "1; mode=block" always;
- #add_header X-Content-Type-Options "nosniff" always;
- #spdy_headers_comp 5;
- ssl_buffer_size 1369;
- ssl_session_tickets on;
- # enable ocsp stapling
- resolver 8.8.8.8 8.8.4.4 valid=10m;
- resolver_timeout 10s;
- ssl_stapling on;
- ssl_stapling_verify on;
- # ngx_pagespeed & ngx_pagespeed handler
- #include /usr/local/nginx/conf/pagespeed.conf;
- #include /usr/local/nginx/conf/pagespeedhandler.conf;
- #include /usr/local/nginx/conf/pagespeedstatslog.conf;
- # limit_conn limit_per_ip 16;
- # ssi on;
- access_log /home/nginx/domains/mydomain.com/log/access.log main_ext buffer=256k flush=60m;
- error_log /home/nginx/domains/mydomain.com/log/error.log;
- include /usr/local/nginx/conf/autoprotect/mydomain.com/autoprotect-mydomain.com.conf;
- root /home/nginx/domains/mydomain.com/public;
- # uncomment cloudflare.conf include if using cloudflare for
- # server and/or vhost site
- #include /usr/local/nginx/conf/cloudflare.conf;
- #include /usr/local/nginx/conf/503include-main.conf;
- location / {
- #include /usr/local/nginx/conf/503include-only.conf;
- # block common exploits, sql injections etc
- include /usr/local/nginx/conf/block.conf;
- # Enables directory listings when index file not found
- #autoindex on;
- # Shows file listing times as local time
- #autoindex_localtime on;
- # Enable for vBulletin usage WITHOUT vbSEO installed
- try_files $uri $uri/ /index.php;
- }
- include /usr/local/nginx/conf/staticfiles-hsts.conf;
- #include /usr/local/nginx/conf/staticfiles.conf;
- include /usr/local/nginx/conf/php.conf;
- include /usr/local/nginx/conf/drop.conf;
- #include /usr/local/nginx/conf/errorpage.conf;
- include /usr/local/nginx/conf/vts_server.conf;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement