Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- server {
- listen 443 ssl http2;
- server_name www.vietphuong.info;
- # SSL
- ssl_certificate /etc/nginx/ssl/vietphuong_info/vp-ssl-bundle.crt;
- ssl_certificate_key /etc/nginx/ssl/vietphuong_info/vietphuong.info.key;
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
- ssl_prefer_server_ciphers on;
- ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
- rewrite ^(.*) https://vietphuong.info$1 permanent;
- }
- server {
- listen 80;
- server_name vietphuong.info www.vietphuong.info;
- rewrite ^(.*) https://vietphuong.info$1 permanent;
- }
- server {
- listen 443 ssl http2;
- # access_log off;
- access_log /home/vietphuong.info/logs/access.log;
- # error_log off;
- error_log /home/vietphuong.info/logs/error.log;
- root /home/vietphuong.info/public_html;
- index index.php index.html index.htm;
- server_name vietphuong.info;
- # SSL
- ssl_certificate /etc/nginx/ssl/vietphuong_info/vp-ssl-bundle.crt;
- ssl_certificate_key /etc/nginx/ssl/vietphuong_info/vietphuong.info.key;
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
- ssl_prefer_server_ciphers on;
- ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
- ## OCSP Stapling
- resolver 127.0.0.1;
- ssl_stapling on;
- ssl_stapling_verify on;
- ssl_trusted_certificate /etc/nginx/ssl/vietphuong_info/vp-ssl-bundle.crt;
- # Improve HTTPS performance with session resumption
- ssl_session_cache shared:SSL:50m;
- ssl_session_timeout 1d;
- # DH parameters
- ssl_dhparam /etc/nginx/cert/dhparam.pem;
- # Enable HSTS (https://developer.mozilla.org/en-US/docs/Security/HTTP_Strict_Transport_Security)
- add_header Strict-Transport-Security "max-age=31536000" always;
- location / {
- try_files $uri $uri/ /index.php?$args;
- }
- # Custom configuration
- include /home/vietphuong.info/public_html/*.conf;
- location ~ \.php$ {
- fastcgi_split_path_info ^(.+\.php)(/.+)$;
- include /etc/nginx/fastcgi_params;
- fastcgi_pass 127.0.0.1:9000;
- fastcgi_index index.php;
- fastcgi_connect_timeout 300;
- fastcgi_send_timeout 300;
- fastcgi_read_timeout 300;
- fastcgi_buffer_size 32k;
- fastcgi_buffers 8 16k;
- fastcgi_busy_buffers_size 32k;
- fastcgi_temp_file_write_size 32k;
- fastcgi_intercept_errors on;
- fastcgi_param SCRIPT_FILENAME /home/vietphuong.info/public_html$fastcgi_script_name;
- }
- location ~ /\. {
- deny all;
- }
- location = /favicon.ico {
- log_not_found off;
- access_log off;
- }
- location = /robots.txt {
- allow all;
- log_not_found off;
- access_log off;
- }
- location ~* \.(3gp|gif|jpg|jpeg|png|ico|wmv|avi|asf|asx|mpg|mpeg|mp4|pls|mp3|mid|wav|swf|flv|exe|zip|tar|rar|gz|tgz|bz2|uha|7z|doc|docx|xls|xlsx|pdf|iso|eot|svg|ttf|woff)$ {
- gzip_static off;
- add_header Pragma public;
- add_header Cache-Control "public, must-revalidate, proxy-revalidate";
- access_log off;
- expires 30d;
- break;
- }
- location ~* \.(txt|js|css)$ {
- add_header Pragma public;
- add_header Cache-Control "public, must-revalidate, proxy-revalidate";
- access_log off;
- expires 30d;
- break;
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement