API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Feb 23rd, 2017
76
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Nginx 5.11 KB | None | 0 0
raw download clone embed print report
  1. server {
  2.     listen 80 default_server;
  3.     server_name domain.com www.domain.com;
  4.     return 301 https://$host$request_uri;
  5.     server_tokens off;
  6. }
  7. server {
  8.     listen 443 ssl http2;
  9.     ssl_certificate /etc/nginx/conf.d/folder/ssl/domain/ecdsa/domain.pem;
  10.     ssl_certificate_key /etc/nginx/conf.d/folder/ssl/domain/ecdsa/domain.key;
  11.     ssl_certificate /etc/nginx/conf.d/folder/ssl/domain/rsa/domain.pem;
  12.     ssl_certificate_key /etc/nginx/conf.d/folder/ssl/domain/rsa/domain.key;
  13.     ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  14.     ssl_prefer_server_ciphers on;
  15.     ssl_ciphers EECDH+ECDSA+CHACHA20:EECDH+CHACHA20:EECDH+ECDSA+AESGCM:EECDH+AESGCM:EDH+AESGCM:EECDH+ECDSA+AES256:EECDH+ECDSA+AES128:EECDH+AES256:EECDH+AES128:EDH+AES256:EDH+AES128;
  16.     ssl_ecdh_curve secp384r1;
  17.     ssl_dhparam /etc/nginx/conf.d/folder/ssl/domain/ecdsa/dhparam.pem;
  18.     ssl_session_cache shared:SSL_DOMAIN:16m;
  19.     ssl_session_timeout 30h;
  20.     ssl_stapling on;
  21.     ssl_stapling_verify on;
  22.     ssl_trusted_certificate /etc/nginx/conf.d/folder/ssl/domain/ecdsa/fullchain.pem;
  23.     resolver 77.88.8.8 77.88.8.1 valid=600s;
  24.     resolver_timeout 5s;
  25.     server_tokens off;
  26.     #add_header Strict-Transport-Security "max-age=15552000";
  27.     #add_header Public-Key-Pins 'pin-sha256="KJWWJSwFZJBn/M/B9bmCbpbh2+EeKTiQanPyRvIvVO4="; pin-sha256="szlZ/A7WvMIh4byiJSugWrHf8YiM+XHe/PFCJftLGos="; pin-sha256="Fbs+o+IxVNTHBpjNQYfX/TBnxPC+OWLYxQLEtqkrAfM="; max-age=1';
  28.     add_header X-Frame-Options "SAMEORIGIN" always;
  29.     add_header X-Xss-Protection "1; mode=block" always;
  30.     add_header X-Content-Type-Options "nosniff" always;
  31. #   add_header Content-Security-Policy "default-src *" always;
  32.     add_header X-PoweredBy "Fluffy unicorns" always;
  33.     add_header X-Human "Hey!" always;
  34.  
  35. #   add_header X-Robots-Tag "noindex, nofollow" always;
  36.  
  37.     server_name www.domain.com;
  38.     return 301 https://domain.com$request_uri;
  39. }
  40. server {
  41.     listen 443 ssl http2 default_server;
  42.     ssl_certificate /etc/nginx/conf.d/folder/ssl/domain/ecdsa/domain.pem;
  43.     ssl_certificate_key /etc/nginx/conf.d/folder/ssl/domain/ecdsa/domain.key;
  44.     ssl_certificate /etc/nginx/conf.d/folder/ssl/domain/rsa/domain.pem;
  45.     ssl_certificate_key /etc/nginx/conf.d/folder/ssl/domain/rsa/domain.key;
  46.     ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  47.     ssl_prefer_server_ciphers on;
  48.     ssl_ciphers EECDH+ECDSA+CHACHA20:EECDH+CHACHA20:EECDH+ECDSA+AESGCM:EECDH+AESGCM:EDH+AESGCM:EECDH+ECDSA+AES256:EECDH+ECDSA+AES128:EECDH+AES256:EECDH+AES128:EDH+AES256:EDH+AES128;
  49.     ssl_ecdh_curve secp384r1;
  50.     ssl_dhparam /etc/nginx/conf.d/folder/ssl/domain/ecdsa/dhparam.pem;
  51.     ssl_session_cache shared:SSL_DOMAIN:16m;
  52.     ssl_session_timeout 30h;
  53.     ssl_stapling on;
  54.     ssl_stapling_verify on;
  55.     ssl_trusted_certificate /etc/nginx/conf.d/folder/ssl/domain/ecdsa/fullchain.pem;
  56.     resolver 77.88.8.8 77.88.8.1 valid=600s;
  57.     resolver_timeout 5s;
  58.     server_tokens off;
  59.     #add_header Strict-Transport-Security "max-age=15552000";
  60.     #add_header Public-Key-Pins 'pin-sha256="KJWWJSwFZJBn/M/B9bmCbpbh2+EeKTiQanPyRvIvVO4="; pin-sha256="szlZ/A7WvMIh4byiJSugWrHf8YiM+XHe/PFCJftLGos="; pin-sha256="Fbs+o+IxVNTHBpjNQYfX/TBnxPC+OWLYxQLEtqkrAfM="; max-age=1';
  61.     add_header X-Frame-Options "SAMEORIGIN" always;
  62.     add_header X-Xss-Protection "1; mode=block" always;
  63.     add_header X-Content-Type-Options "nosniff" always;
  64. #   add_header Content-Security-Policy "default-src *" always;
  65.     add_header X-PoweredBy "Fluffy unicorns" always;
  66.     add_header X-Human "Hey!" always;
  67.  
  68. #   add_header X-Robots-Tag "noindex, nofollow" always;
  69.  
  70.     server_name domain.com;
  71.  
  72.     index index.html index.php;
  73.     root /home/folder/web/html;
  74.     charset utf-8;
  75.  
  76.     error_page 404 /404.html;
  77.     error_page 500 502 503 504 /50x.html;
  78.  
  79.     location ~ /\. {
  80.         deny all;
  81.         access_log off;
  82.         log_not_found off;
  83.     }
  84.  
  85.     location ~* ^.+\.(js|css|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
  86.         expires 7d;
  87.     }
  88.  
  89.     location ~ \.php$ {
  90.         try_files $uri $uri/ =404;
  91.         include fastcgi.conf;
  92.         fastcgi_pass unix:/run/php/php7.0-fpm-user.sock;
  93.         fastcgi_index index.php;
  94.         fastcgi_intercept_errors on;
  95.  
  96. fastcgi_param PHP_VALUE max_execution_time=300;
  97. fastcgi_param PHP_VALUE max_input_vars=3000;
  98. fastcgi_param PHP_VALUE memory_limit=256M;
  99. fastcgi_param PHP_VALUE post_max_size=16M;
  100. fastcgi_param PHP_VALUE cgi.fix_pathinfo=0;
  101. fastcgi_param PHP_VALUE upload_max_filesize=16M;
  102. fastcgi_param PHP_VALUE default_socket_timeout=120;
  103. fastcgi_param PHP_VALUE date.timezone=Europe/Moscow;
  104. fastcgi_param PHP_VALUE session.gc_probability=1;
  105. fastcgi_param PHP_VALUE session.lazy_write=On;
  106. fastcgi_param PHP_VALUE opcache.enable=1;
  107. fastcgi_param PHP_VALUE opcache.enable_cli=1;
  108. fastcgi_param PHP_VALUE opcache.memory_consumption=64;
  109. fastcgi_param PHP_VALUE opcache.interned_strings_buffer=4;
  110. fastcgi_param PHP_VALUE opcache.max_accelerated_files=5000;
  111. fastcgi_param PHP_VALUE opcache.max_wasted_percentage=5;
  112. fastcgi_param PHP_VALUE opcache.use_cwd=1;
  113. fastcgi_param PHP_VALUE opcache.huge_code_pages=1;
  114.  
  115.         fastcgi_keep_conn on;
  116.         fastcgi_pass_header Cookie;
  117.         fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
  118.  
  119.         fastcgi_buffer_size 128k;
  120.         fastcgi_buffers 256 16k;
  121.         fastcgi_busy_buffers_size 256k;
  122.         fastcgi_temp_file_write_size 256k;
  123.     }
  124. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!