nginx

1. server {
2. listen [::]:80 default_server ipv6only=off;
3. server_name mysite.com *.mysite.com;
4.  
5. root /usr/share/nginx/sitedivision;
6. index index.php index.html index.htm;
7.  
8. location / {
9. try_files $uri $uri/ /index.php?$args ;
10. }
11.  
12. location ~ /favicon.ico {
13. access_log off;
14. log_not_found off;
15. }
16.  
17. location ~ \.php$ {
18. try_files $uri /index.php;
19. include fastcgi_params;
20. fastcgi_pass unix:/var/run/php5-fpm.sock;
21. }
22.  
23. access_log /var/log/nginx/$host-access.log;
24. error_log /var/log/nginx/wpms-error.log;
25.  
26. # ? See: http://nginx.org/en/docs/http/ngx_http_core_module.html#etag
27. # This reduces load on your server by supporting the If-Modified-Since header,
28. # since by browsers for static resources.
29.  
30. etag on;
31. expires 7d;
32. if_modified_since before;
33.  
34. # ? See: http://nginx.org/en/docs/http/ngx_http_gzip_module.html#gzip
35. # This enables GZIP compression in Nginx, making all static
36. # resources load faster in browsers.
37.  
38. gzip on;
39. gzip_vary on;
40. gzip_comp_level 6;
41. gzip_types text/plain text/xml image/svg+xml # text/html in core already.
42. application/rss+xml application/atom+xml application/xhtml+xml
43. text/css application/json application/x-javascript
44. application/font-otf application/font-ttf;
45.  
46. # ? See: http://davidwalsh.name/cdn-fonts
47. # This prevents cross-domain security issues related to fonts.
48. # Only needed if you use Static CDN Filters in ZenCache.
49.  
50. # ? This is optional, but suggested. It's a flag to tell ZenCache
51. # that you completed this Nginx configuration.
52.  
53. location ~* \.php$ {
54. fastcgi_param WP_NGINX_CONFIG done;
55. }
56. }
57.  
58. server {
59. listen 443 ssl;
60. server_name mysite.com;
61.  
62. ssl on;
63. ssl_certificate /etc/nginx/ssl/ssl-bundle.crt;
64. ssl_certificate_key /etc/nginx/ssl/mysite.com.key;
65.  
66. root /usr/share/nginx/sitedivision;
67. index index.php index.html index.htm;
68.  
69. location / {
70. try_files $uri $uri/ /index.php?$args ;
71. }
72.  
73. location ~ /favicon.ico {
74. access_log off;
75. log_not_found off;
76. }
77.  
78. location ~ \.php$ {
79. try_files $uri /index.php;
80. include fastcgi_params;
81. fastcgi_pass unix:/var/run/php5-fpm.sock;
82. }
83.  
84. location ~* \.(txt|xml|js)$ {
85. expires 8d;
86. }
87.  
88. location ~* \.(css)$ {
89. expires 8d;
90. }
91.  
92. location ~* \.(flv|ico|pdf|avi|mov|ppt|doc|mp3|wmv|wav|mp4|m4v|ogg|webm|aac)$ {
93. expires 8d;
94. }
95.  
96. location ~* \.(jpg|jpeg|png|gif|swf|webp)$ {
97. expires 8d;
98. }
99.  
100. access_log /var/log/nginx/$host-access.log;
101. error_log /var/log/nginx/wpms-error.log;
102.  
103. #enables all versions of TLS, but not SSLv2 or 3 which are weak and now deprecated.
104. ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
105.  
106. #Disables all weak ciphers
107. ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
108.  
109. ssl_prefer_server_ciphers on;
110. }