Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ### nginx.conf
- # Generic startup file.
- user www-data www-data;
- worker_processes 2;
- error_log /var/log/nginx/error.log;
- pid /var/run/nginx.pid;
- events {
- worker_connections 1024;
- }
- http {
- include mime.types;
- default_type application/octet-stream;
- access_log /var/log/nginx/access.log;
- sendfile on;
- ssl_dhparam /var/www/dhparam2048.pem;
- ssl_buffer_size 4k;
- ssl_session_cache shared:SSL:10m;
- ssl_session_timeout 10m;
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
- ssl_prefer_server_ciphers on;
- ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
- resolver 127.0.0.1 valid=3600;
- resolver_timeout 10s;
- keepalive_timeout 15;
- large_client_header_buffers 8 16k;
- client_max_body_size 13m;
- index index.php index.html index.htm;
- # Upstream to abstract backend connection(s) for PHP.
- upstream php {
- server 127.0.0.1:9000;
- }
- include sites-enabled/*;
- }
- ### sites-enabled/default.conf
- server {
- listen 80 default_server;
- server_name _;
- root /var/www/default/public_html;
- include global/restrictions.conf;
- include global/location-any.conf;
- # Additional rules go here.
- include global/php-local.conf;
- }
- server {
- listen 443 default_server ssl;
- server_name _;
- root /var/www/default/public_html;
- ssl_certificate /var/www/default/default.cert.pem;
- ssl_certificate_key /var/www/default/default.key.pem;
- include global/restrictions.conf;
- include global/location-any.conf;
- # Additional rules go here.
- include global/php-local.conf;
- }
- ### sites-enabled/mydomain.org.conf
- server {
- server_name *.mydomain.org;
- rewrite ^ http://mydomain.org$request_uri permanent;
- }
- server {
- listen 443 ssl;
- server_name *.mydomain.org;
- ssl_certificate /var/www/mydomain.org/mydomain.org.chain.pem;
- ssl_certificate_key /var/www/mydomain.org/mydomain.org.key.pem;
- include global/ssl_ocsp.conf;
- rewrite ^ https://mydomain.org$request_uri permanent;
- }
- server {
- server_name mydomain.org;
- root /var/www/mydomain.org/public_html;
- include global/restrictions.conf;
- include global/location-any.conf;
- # Additional rules go here.
- include global/php-local.conf;
- }
- server {
- listen 443 ssl;
- server_name mydomain.org;
- root /var/www/mydomain.org/public_html;
- ssl_certificate /var/www/mydomain.org/mydomain.org.chain.pem;
- ssl_certificate_key /var/www/mydomain.org/mydomain.org.key.pem;
- include global/ssl_ocsp.conf;
- include global/restrictions.conf;
- include global/location-any.conf;
- # Additional rules go here.
- include global/php-local.conf;
- }
- ### global/ssl_ocsp.conf
- # Enable SSL stapling.
- # Designed to be included in any server {} block.
- ssl_trusted_certificate /var/www/root.certs.pem;
- ssl_stapling on;
- ssl_stapling_verify on;
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement