Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Centmin Mod Getting Started Guide
- # must read http://centminmod.com/getstarted.html
- # For SPDY SSL Setup
- # read http://centminmod.com/nginx_configure_https_ssl_spdy.html
- # redirect from www to non-www forced SSL
- # uncomment, save file and restart Nginx to enable
- # if unsure use return 302 before using return 301
- server {
- server_name cungcaphangsi.com www.cungcaphangsi.com;
- return 302 https://$server_name$request_uri;
- }
- server {
- listen 443 ssl http2;
- server_name cungcaphangsi.com www.cungcaphangsi.com;
- ## redirect https www to https non-www
- if ($host = 'www.cungcaphangsi.com' ) {
- return 302 https://cungcaphangsi.com$request_uri;
- }
- ssl_dhparam /usr/local/nginx/conf/ssl/cungcaphangsi.com/dhparam.pem;
- ssl_certificate /usr/local/nginx/conf/ssl/cungcaphangsi.com/cungcaphangsi.com.crt;
- ssl_certificate_key /usr/local/nginx/conf/ssl/cungcaphangsi.com/cungcaphangsi.com.key;
- include /usr/local/nginx/conf/ssl_include.conf;
- # mozilla recommended
- ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!CAMELLIA:!DES-CBC3-SHA;
- ssl_prefer_server_ciphers on;
- #add_header Alternate-Protocol 443:npn-spdy/3;
- #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
- #add_header X-Content-Type-Options "nosniff";
- #add_header X-Frame-Options DENY;
- #spdy_headers_comp 5;
- ssl_buffer_size 1400;
- ssl_session_tickets on;
- # enable ocsp stapling
- #resolver 8.8.8.8 8.8.4.4 valid=10m;
- #resolver_timeout 10s;
- #ssl_stapling on;
- #ssl_stapling_verify on;
- #ssl_trusted_certificate /usr/local/nginx/conf/ssl/cungcaphangsi.com/cungcaphangsi.com-trusted.crt;
- # ngx_pagespeed & ngx_pagespeed handler
- #include /usr/local/nginx/conf/pagespeed.conf;
- #include /usr/local/nginx/conf/pagespeedhandler.conf;
- #include /usr/local/nginx/conf/pagespeedstatslog.conf;
- # limit_conn limit_per_ip 16;
- ssi on;
- access_log /home/nginx/domains/cungcaphangsi.com/log/access.log combined buffer=256k flush=60m;
- error_log /home/nginx/domains/cungcaphangsi.com/log/error.log;
- root /home/nginx/domains/cungcaphangsi.com/public;
- # prevent access to ./directories and files
- location ~ (?:^|/)\. {
- deny all;
- }
- location / {
- try_files $uri $uri/ /index.php?$uri&$args;
- index index.php index.html;
- }
- location /install/data/ {
- internal;
- }
- location /install/templates/ {
- internal;
- }
- location /internal_data/ {
- internal;
- }
- location /library/ {
- internal;
- }
- location ~ \.php$ {
- try_files $uri =404;
- fastcgi_pass 127.0.0.1:9000;
- fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
- include fastcgi_params;
- }
- include /usr/local/nginx/conf/staticfiles.conf;
- include /usr/local/nginx/conf/php.conf;
- include /usr/local/nginx/conf/drop.conf;
- #include /usr/local/nginx/conf/errorpage.conf;
- include /usr/local/nginx/conf/vts_server.conf;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement