API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Sep 28th, 2016
56
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.15 KB | None | 0 0
raw download clone embed print report
  1. server {
  2. listen 80;
  3. listen [::]:80;
  4. server_name
  5. server-example
  6. example.net
  7. www.example.net
  8. ;
  9.  
  10. root /srv/users/serverpilot/apps/example/public;
  11.  
  12. access_log /srv/users/serverpilot/log/example/example_nginx.access.log main;
  13. error_log /srv/users/serverpilot/log/example/example_nginx.error.log;
  14.  
  15. proxy_set_header Host $host;
  16. proxy_set_header X-Real-IP $remote_addr;
  17. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  18.  
  19. include /etc/nginx-sp/vhosts.d/example.d/*.nonssl_conf;
  20. include /etc/nginx-sp/vhosts.d/example.d/*.conf;
  21. }
  22.  
  23. server {
  24. listen 443 ssl http2;
  25. listen [::]:443 ssl http2;
  26. server_name example.net www.example.net;
  27.  
  28.  
  29. ssl on;
  30.  
  31. # certificates
  32. ssl_certificate /etc/nginx-sp/certs/example.net/example.net.chained.crt;
  33. ssl_certificate_key /etc/nginx-sp/certs/example.net/example.net.key;
  34.  
  35. #SSL Optimization
  36. ssl_session_timeout 1d;
  37. ssl_session_cache shared:SSL:20m;
  38. ssl_session_tickets off;
  39.  
  40. # modern configuration
  41. ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  42. ssl_prefer_server_ciphers on;
  43.  
  44. ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
  45.  
  46. # OCSP stapling
  47. ssl_stapling on;
  48. ssl_stapling_verify on;
  49.  
  50. # verify chain of trust of OCSP response
  51. ssl_trusted_certificate /etc/nginx-sp/certs/example.net/example.net.chained.crt;
  52. #root directory and logfiles
  53. root /srv/users/serverpilot/apps/example/public;
  54.  
  55. access_log /srv/users/serverpilot/log/example/example_nginx.access.log main;
  56. error_log /srv/users/serverpilot/log/example/example_nginx.error.log;
  57.  
  58. #proxyset
  59. proxy_set_header Host $host;
  60. proxy_set_header X-Real-IP $remote_addr;
  61. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  62. proxy_set_header X-Forwarded-SSL on;
  63. proxy_set_header X-Forwarded-Proto $scheme;
  64.  
  65. #includes
  66. include /etc/nginx-sp/vhosts.d/example.d/*.nonssl_conf;
  67. include /etc/nginx-sp/vhosts.d/example.d/*.conf;
  68. }
  69.  
  70. url statuscodes
  71. url with http + www 301 → 200 (1 redirect)
  72. url with http 301 → 200 (1 redirect)
  73. url with https + www 301 → 200 (1 redirect)
  74. url with https 200 (0 redirect)
  75.  
  76. location /path/ {
  77. return 301 https://www.example.com/path/;
  78. }
  79.  
  80. server {
  81. listen 443 ssl http2; # http2 only if you built that module in
  82. server_name www.example.com;
  83.  
  84. ssl_certificate /path/to/file;
  85. ssl_certificate_key /path/to/file;
  86.  
  87. # Insert other SSL configuration
  88.  
  89. return 301 https://example.com$request_uri;
  90. }
  91.  
  92. server {
  93. listen 80;
  94. server_name example.com www.example.com;
  95. return 301 https://example.com$request_uri;
  96. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!