API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Apr 28th, 2015
209
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 2.74 KB | None | 0 0
raw download clone embed print report
  1. server {
  2.         listen 443 ssl spdy;
  3.         listen bubbleboom.ru:80; # open port 80
  4.         server_name  .bubbleboom.ru; # dot this detected ssl_certificate from www
  5.        
  6.         ssl_dhparam          /usr/local/nginx/conf/ssl/dhparam.pem;
  7.         ssl_certificate      /usr/local/nginx/conf/ssl/bubbleboom/ssl_bundle.pem;
  8.         ssl_certificate_key  /usr/local/nginx/conf/ssl/bubbleboom/ssl.key; 
  9.         ssl_session_cache      shared:SSL:10m;
  10.         ssl_session_timeout  10m;
  11.         ssl_protocols TLSv1.1 TLSv1.2;
  12.         ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
  13.         ssl_prefer_server_ciphers on;
  14.         add_header Strict-Transport-Security "max-age=31536000; preload";
  15.         add_header Public-Key-Pins 'pin-sha256="kb6xLprt35abNnSn74my4Dkfya9arbk5zN5a60YzuqE="; max-age=5184000;';  # уточнить цифру
  16.         add_header Content-Security-Policy-Report-Only "default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report";
  17.         add_header X-Content-Type-Options "nosniff";
  18.         add_header X-Frame-Options SAMEORIGIN;
  19.         ssl_buffer_size 1400;
  20.         add_header Alternate-Protocol 443:npn-spdy/3;
  21.         spdy_headers_comp 5;
  22.         ssl_session_tickets on;
  23.        
  24.          # enable ocsp stapling
  25.         resolver 8.8.8.8 8.8.4.4 valid=10m;
  26.         resolver_timeout 10s;
  27.         ssl_stapling on;
  28.         ssl_stapling_verify on;
  29.         ssl_trusted_certificate /usr/local/nginx/conf/ssl/startssl.pem;
  30.        
  31.        
  32.  
  33.   access_log /home/nginx/domains/bubbleboom.ru/log/access.log combined buffer=256k flush=60m;
  34.   error_log /home/nginx/domains/bubbleboom.ru/log/error.log;
  35.   root /home/nginx/domains/bubbleboom.ru/public;
  36.  
  37.  location / {
  38.  
  39. # block common exploits, sql injections etc
  40. #include /usr/local/nginx/conf/block.conf;
  41.  
  42.   # Enables directory listings when index file not found
  43.   #autoindex  on;
  44.  
  45.   # Shows file listing times as local time
  46.   #autoindex_localtime on;
  47.  
  48.   # Enable for vBulletin usage WITHOUT vbSEO installed
  49.   #try_files    $uri $uri/ /index.php;
  50.  
  51.   }
  52.  
  53.   #include /usr/local/nginx/conf/staticfiles.conf;
  54.   include /usr/local/nginx/conf/php.conf;
  55.   include /usr/local/nginx/conf/drop.conf;
  56.   #include /usr/local/nginx/conf/errorpage.conf;
  57. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!