updateconfig

1. # Centmin Mod Getting Started Guide
2. # must read http://centminmod.com/getstarted.html
3. # For SPDY SSL Setup
4. # read http://centminmod.com/nginx_configure_https_ssl_spdy.html
5.  
6. # redirect from www to non-www forced SSL
7. # uncomment, save file and restart Nginx to enable
8. # if unsure use return 302 before using return 301
9. server {
10. server_name cungcaphangsi.com www.cungcaphangsi.com;
11. return 302 https://$server_name$request_uri;
12. }
13.  
14. server {
15. listen 443 ssl http2;
16. server_name cungcaphangsi.com www.cungcaphangsi.com;
17.  
18. ## redirect https www to https non-www
19. if ($host = 'www.cungcaphangsi.com' ) {
20. return 302 https://cungcaphangsi.com$request_uri;
21. }
22.  
23. ssl_dhparam /usr/local/nginx/conf/ssl/cungcaphangsi.com/dhparam.pem;
24. ssl_certificate /usr/local/nginx/conf/ssl/cungcaphangsi.com/cungcaphangsi.com.crt;
25. ssl_certificate_key /usr/local/nginx/conf/ssl/cungcaphangsi.com/cungcaphangsi.com.key;
26. include /usr/local/nginx/conf/ssl_include.conf;
27.  
28. # mozilla recommended
29. ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!CAMELLIA:!DES-CBC3-SHA;
30. ssl_prefer_server_ciphers on;
31. #add_header Alternate-Protocol 443:npn-spdy/3;
32. #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
33. #add_header X-Content-Type-Options "nosniff";
34. #add_header X-Frame-Options DENY;
35. #spdy_headers_comp 5;
36. ssl_buffer_size 1400;
37. ssl_session_tickets on;
38.  
39. # enable ocsp stapling
40. #resolver 8.8.8.8 8.8.4.4 valid=10m;
41. #resolver_timeout 10s;
42. #ssl_stapling on;
43. #ssl_stapling_verify on;
44. #ssl_trusted_certificate /usr/local/nginx/conf/ssl/cungcaphangsi.com/cungcaphangsi.com-trusted.crt;
45.  
46. # ngx_pagespeed & ngx_pagespeed handler
47. #include /usr/local/nginx/conf/pagespeed.conf;
48. #include /usr/local/nginx/conf/pagespeedhandler.conf;
49. #include /usr/local/nginx/conf/pagespeedstatslog.conf;
50.  
51. # limit_conn limit_per_ip 16;
52. ssi on;
53.  
54. access_log /home/nginx/domains/cungcaphangsi.com/log/access.log combined buffer=256k flush=60m;
55. error_log /home/nginx/domains/cungcaphangsi.com/log/error.log;
56.  
57. root /home/nginx/domains/cungcaphangsi.com/public;
58.  
59. # prevent access to ./directories and files
60. location ~ (?:^|/)\. {
61. deny all;
62. }
63.  
64.  
65.  
66. location / {
67. try_files $uri $uri/ /index.php?$uri&$args;
68. index index.php index.html;
69. }
70.  
71. location /install/data/ {
72. internal;
73. }
74. location /install/templates/ {
75. internal;
76. }
77. location /internal_data/ {
78. internal;
79. }
80. location /library/ {
81. internal;
82. }
83.  
84. location ~ \.php$ {
85. try_files $uri =404;
86. fastcgi_pass 127.0.0.1:9000;
87. fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
88. include fastcgi_params;
89. }
90.  
91.  
92.  
93. include /usr/local/nginx/conf/staticfiles.conf;
94. include /usr/local/nginx/conf/php.conf;
95. include /usr/local/nginx/conf/drop.conf;
96. #include /usr/local/nginx/conf/errorpage.conf;
97. include /usr/local/nginx/conf/vts_server.conf;
98. }