Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Centmin Mod Getting Started Guide
- # must read http://centminmod.com/getstarted.html
- # For SPDY SSL Setup
- # read http://centminmod.com/nginx_configure_https_ssl_spdy.html
- # redirect from www to non-www forced SSL
- # uncomment, save file and restart Nginx to enable
- # if unsure use return 302 before using return 301
- # server {
- # listen 80;
- # server_name codek.org www.codek.org;
- # return 302 https://$server_name$request_uri;
- # }
- server {
- listen 443 ssl http2;
- server_name codek.org www.codek.org;
- ssl_dhparam /usr/local/nginx/conf/ssl/codek.org/dhparam.pem;
- ssl_certificate /usr/local/nginx/conf/ssl/codek.org/codek.org.crt;
- ssl_certificate_key /usr/local/nginx/conf/ssl/codek.org/codek.org.key;
- include /usr/local/nginx/conf/ssl_include.conf;
- http2_max_field_size 16k;
- http2_max_header_size 32k;
- # mozilla recommended
- ssl_ciphers EECDH+CHACHA20:EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+ECDSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+SHA384:EECDH+AES128:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!CAMELLIA;
- ssl_prefer_server_ciphers on;
- #add_header Alternate-Protocol 443:npn-spdy/3;
- # HTTP Public Key Pinning Header uncomment only one that applies include or exclude domains.
- # You'd want to include subdomains if you're using SSL wildcard certificates
- # include subdomain
- #add_header Public-Key-Pins 'pin-sha256="qbAycx+EgKOAuOn4PSjtlxTXvoCRzhE4DctHLPq6FoI="; pin-sha256="lzTqiEEpyqe/1A1dmrl/qvIcPo0cxrUav05iiJW5QYI="; max-age=86400; includeSubDomains';
- # exclude subdomains
- #add_header Public-Key-Pins 'pin-sha256="qbAycx+EgKOAuOn4PSjtlxTXvoCRzhE4DctHLPq6FoI="; pin-sha256="lzTqiEEpyqe/1A1dmrl/qvIcPo0cxrUav05iiJW5QYI="; max-age=86400';
- #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
- #add_header X-Frame-Options SAMEORIGIN;
- #add_header X-Xss-Protection "1; mode=block" always;
- #add_header X-Content-Type-Options "nosniff" always;
- #spdy_headers_comp 5;
- ssl_buffer_size 1369;
- ssl_session_tickets on;
- # enable ocsp stapling
- #resolver 8.8.8.8 8.8.4.4 valid=10m;
- #resolver_timeout 10s;
- #ssl_stapling on;
- #ssl_stapling_verify on;
- #ssl_trusted_certificate /usr/local/nginx/conf/ssl/codek.org/codek.org-trusted.crt;
- # ngx_pagespeed & ngx_pagespeed handler
- #include /usr/local/nginx/conf/pagespeed.conf;
- #include /usr/local/nginx/conf/pagespeedhandler.conf;
- #include /usr/local/nginx/conf/pagespeedstatslog.conf;
- # limit_conn limit_per_ip 16;
- # ssi on;
- access_log /home/nginx/domains/codek.org/log/access.log combined buffer=256k flush=60m;
- error_log /home/nginx/domains/codek.org/log/error.log;
- include /usr/local/nginx/conf/autoprotect/codek.org/autoprotect-codek.org.conf;
- root /home/nginx/domains/codek.org/public;
- # uncomment cloudflare.conf include if using cloudflare for
- # server and/or vhost site
- #include /usr/local/nginx/conf/cloudflare.conf;
- include /usr/local/nginx/conf/503include-main.conf;
- # prevent access to ./directories and files
- # location ~ (?:^|/)\. {
- # deny all;
- # }
- location / {
- include /usr/local/nginx/conf/503include-only.conf;
- # block common exploits, sql injections etc
- #include /usr/local/nginx/conf/block.conf;
- # Enables directory listings when index file not found
- #autoindex on;
- # Shows file listing times as local time
- #autoindex_localtime on;
- # Enable for vBulletin usage WITHOUT vbSEO installed
- # More example Nginx vhost configurations at
- # http://centminmod.com/nginx_configure.html
- #try_files $uri $uri/ /index.php;
- #proxy_cache CODEK_CACHE;
- #proxy_cache_valid 200 30m;
- #proxy_cache_valid 404 10m;
- proxy_ignore_headers X-Accel-Expires Expires Cache-Control;
- proxy_ignore_headers Set-Cookie;
- proxy_hide_header Set-Cookie;
- proxy_hide_header X-powered-by;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header Host $http_host;
- expires 10m;
- proxy_pass http://codek;
- add_header X-Cache $upstream_cache_status;
- }
- # Static files
- location ~* \.(jpg|jpeg|svg|png|gif|ico|css|js|eot|woff)$ {
- # Use the nginx cache zone called APP
- proxy_cache CODEK_CACHE;
- # For valid responses, cache it for 1 day
- proxy_cache_valid 200 1d;
- # For not found, cache it for 10 minutes
- proxy_cache_valid 404 10m;
- # Ghost sends Cache-Control max-age=0 on CSS/JS for now
- # See https://github.com/TryGhost/Ghost/issues/1405?source=c#issuecomment-28196957
- proxy_ignore_headers "Cache-Control";
- access_log off;
- # Allow the browser to cache static files for 30 days
- expires 30d;
- proxy_pass http://codek;
- }
- location /content/images {
- alias /home/admin/web/codek.org/public_html/content/images;
- access_log off;
- expires max;
- }
- location /assets {
- alias /home/admin/web/codek.org/public_html/content/themes/ghost-wbkd/assets;
- access_log off;
- expires max;
- }
- location /shared {
- alias /home/admin/web/codek.org/public_html/core/shared;
- access_log off;
- expires max;
- }
- location ~ ^/(?:ghost|signout) {
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header Host $http_host;
- proxy_pass http://codek;
- add_header Cache-Control "no-cache, private, no-store, must-revalidate, max-stale=0, post-check=0, pre-check=0";
- }
- location ~ /\.ht {return 404;}
- location ~ /\.svn/ {return 404;}
- location ~ /\.git/ {return 404;}
- location ~ /\.hg/ {return 404;}
- location ~ /\.bzr/ {return 404;}
- # include /usr/local/nginx/conf/staticfiles.conf;
- # include /usr/local/nginx/conf/php.conf;
- # include /usr/local/nginx/conf/drop.conf;
- # include /usr/local/nginx/conf/errorpage.conf;
- include /usr/local/nginx/conf/vts_server.conf;
- }
Add Comment
Please, Sign In to add comment