Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- server {
- listen 80 default_server;
- server_name domain.com www.domain.com;
- return 301 https://$host$request_uri;
- server_tokens off;
- }
- server {
- listen 443 ssl http2;
- ssl_certificate /etc/nginx/conf.d/folder/ssl/domain/ecdsa/domain.pem;
- ssl_certificate_key /etc/nginx/conf.d/folder/ssl/domain/ecdsa/domain.key;
- ssl_certificate /etc/nginx/conf.d/folder/ssl/domain/rsa/domain.pem;
- ssl_certificate_key /etc/nginx/conf.d/folder/ssl/domain/rsa/domain.key;
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
- ssl_prefer_server_ciphers on;
- ssl_ciphers EECDH+ECDSA+CHACHA20:EECDH+CHACHA20:EECDH+ECDSA+AESGCM:EECDH+AESGCM:EDH+AESGCM:EECDH+ECDSA+AES256:EECDH+ECDSA+AES128:EECDH+AES256:EECDH+AES128:EDH+AES256:EDH+AES128;
- ssl_ecdh_curve secp384r1;
- ssl_dhparam /etc/nginx/conf.d/folder/ssl/domain/ecdsa/dhparam.pem;
- ssl_session_cache shared:SSL_DOMAIN:16m;
- ssl_session_timeout 30h;
- ssl_stapling on;
- ssl_stapling_verify on;
- ssl_trusted_certificate /etc/nginx/conf.d/folder/ssl/domain/ecdsa/fullchain.pem;
- resolver 77.88.8.8 77.88.8.1 valid=600s;
- resolver_timeout 5s;
- server_tokens off;
- #add_header Strict-Transport-Security "max-age=15552000";
- #add_header Public-Key-Pins 'pin-sha256="KJWWJSwFZJBn/M/B9bmCbpbh2+EeKTiQanPyRvIvVO4="; pin-sha256="szlZ/A7WvMIh4byiJSugWrHf8YiM+XHe/PFCJftLGos="; pin-sha256="Fbs+o+IxVNTHBpjNQYfX/TBnxPC+OWLYxQLEtqkrAfM="; max-age=1';
- add_header X-Frame-Options "SAMEORIGIN" always;
- add_header X-Xss-Protection "1; mode=block" always;
- add_header X-Content-Type-Options "nosniff" always;
- # add_header Content-Security-Policy "default-src *" always;
- add_header X-PoweredBy "Fluffy unicorns" always;
- add_header X-Human "Hey!" always;
- # add_header X-Robots-Tag "noindex, nofollow" always;
- server_name www.domain.com;
- return 301 https://domain.com$request_uri;
- }
- server {
- listen 443 ssl http2 default_server;
- ssl_certificate /etc/nginx/conf.d/folder/ssl/domain/ecdsa/domain.pem;
- ssl_certificate_key /etc/nginx/conf.d/folder/ssl/domain/ecdsa/domain.key;
- ssl_certificate /etc/nginx/conf.d/folder/ssl/domain/rsa/domain.pem;
- ssl_certificate_key /etc/nginx/conf.d/folder/ssl/domain/rsa/domain.key;
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
- ssl_prefer_server_ciphers on;
- ssl_ciphers EECDH+ECDSA+CHACHA20:EECDH+CHACHA20:EECDH+ECDSA+AESGCM:EECDH+AESGCM:EDH+AESGCM:EECDH+ECDSA+AES256:EECDH+ECDSA+AES128:EECDH+AES256:EECDH+AES128:EDH+AES256:EDH+AES128;
- ssl_ecdh_curve secp384r1;
- ssl_dhparam /etc/nginx/conf.d/folder/ssl/domain/ecdsa/dhparam.pem;
- ssl_session_cache shared:SSL_DOMAIN:16m;
- ssl_session_timeout 30h;
- ssl_stapling on;
- ssl_stapling_verify on;
- ssl_trusted_certificate /etc/nginx/conf.d/folder/ssl/domain/ecdsa/fullchain.pem;
- resolver 77.88.8.8 77.88.8.1 valid=600s;
- resolver_timeout 5s;
- server_tokens off;
- #add_header Strict-Transport-Security "max-age=15552000";
- #add_header Public-Key-Pins 'pin-sha256="KJWWJSwFZJBn/M/B9bmCbpbh2+EeKTiQanPyRvIvVO4="; pin-sha256="szlZ/A7WvMIh4byiJSugWrHf8YiM+XHe/PFCJftLGos="; pin-sha256="Fbs+o+IxVNTHBpjNQYfX/TBnxPC+OWLYxQLEtqkrAfM="; max-age=1';
- add_header X-Frame-Options "SAMEORIGIN" always;
- add_header X-Xss-Protection "1; mode=block" always;
- add_header X-Content-Type-Options "nosniff" always;
- # add_header Content-Security-Policy "default-src *" always;
- add_header X-PoweredBy "Fluffy unicorns" always;
- add_header X-Human "Hey!" always;
- # add_header X-Robots-Tag "noindex, nofollow" always;
- server_name domain.com;
- index index.html index.php;
- root /home/folder/web/html;
- charset utf-8;
- error_page 404 /404.html;
- error_page 500 502 503 504 /50x.html;
- location ~ /\. {
- deny all;
- access_log off;
- log_not_found off;
- }
- location ~* ^.+\.(js|css|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
- expires 7d;
- }
- location ~ \.php$ {
- try_files $uri $uri/ =404;
- include fastcgi.conf;
- fastcgi_pass unix:/run/php/php7.0-fpm-user.sock;
- fastcgi_index index.php;
- fastcgi_intercept_errors on;
- fastcgi_param PHP_VALUE max_execution_time=300;
- fastcgi_param PHP_VALUE max_input_vars=3000;
- fastcgi_param PHP_VALUE memory_limit=256M;
- fastcgi_param PHP_VALUE post_max_size=16M;
- fastcgi_param PHP_VALUE cgi.fix_pathinfo=0;
- fastcgi_param PHP_VALUE upload_max_filesize=16M;
- fastcgi_param PHP_VALUE default_socket_timeout=120;
- fastcgi_param PHP_VALUE date.timezone=Europe/Moscow;
- fastcgi_param PHP_VALUE session.gc_probability=1;
- fastcgi_param PHP_VALUE session.lazy_write=On;
- fastcgi_param PHP_VALUE opcache.enable=1;
- fastcgi_param PHP_VALUE opcache.enable_cli=1;
- fastcgi_param PHP_VALUE opcache.memory_consumption=64;
- fastcgi_param PHP_VALUE opcache.interned_strings_buffer=4;
- fastcgi_param PHP_VALUE opcache.max_accelerated_files=5000;
- fastcgi_param PHP_VALUE opcache.max_wasted_percentage=5;
- fastcgi_param PHP_VALUE opcache.use_cwd=1;
- fastcgi_param PHP_VALUE opcache.huge_code_pages=1;
- fastcgi_keep_conn on;
- fastcgi_pass_header Cookie;
- fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
- fastcgi_buffer_size 128k;
- fastcgi_buffers 256 16k;
- fastcgi_busy_buffers_size 256k;
- fastcgi_temp_file_write_size 256k;
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement