Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- user www-data;
- worker_processes 1;
- error_log /var/log/nginx/error.log info;
- events {
- worker_connections 1024;
- }
- http {
- access_log /var/log/nginx/access.log;
- log_format main '$remote_addr $host $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $ssl_cipher $request_time';
- client_body_timeout 4s;
- client_header_timeout 4s;
- keepalive_timeout 75s;
- send_timeout 24s;
- http2_idle_timeout 128s;
- http2_recv_timeout 4s;
- charset utf-8;
- default_type application/octet-stream;
- gzip off;
- gzip_static on;
- gzip_proxied any;
- ignore_invalid_headers on;
- include mime.types;
- keepalive_requests 50;
- keepalive_disable none;
- max_ranges 1;
- msie_padding off;
- open_file_cache max=1000 inactive=2h;
- open_file_cache_errors on;
- open_file_cache_min_uses 1;
- open_file_cache_valid 1h;
- output_buffers 1 512;
- read_ahead 512K;
- recursive_error_pages on;
- reset_timedout_connection on;
- sendfile on;
- server_name_in_redirect off;
- source_charset utf-8;
- tcp_nodelay on;
- tcp_nopush off;
- limit_req_zone $binary_remote_addr zone=gulag:1m rate=60r/m;
- ssl_session_cache shared:SSL:10m;
- ssl_session_timeout 128s;
- ssl_protocols TLSv1.0 TLSv1.1 TLSv1.2;
- ssl_prefer_server_ciphers on;
- ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
- ssl_ecdh_curve secp384r1;
- ssl_dhparam /etc/ssl/certs/dhparam.pem;
- proxy_max_temp_file_size 0;
- proxy_connect_timeout 900;
- proxy_send_timeout 900;
- proxy_read_timeout 900;
- proxy_buffer_size 4k;
- proxy_buffers 4 32k;
- proxy_busy_buffers_size 64k;
- proxy_temp_file_write_size 64k;
- proxy_intercept_errors on;
- server {
- listen 80;
- server_name justin-hayes.com;
- location ^~ /.well-known/acme-challenge/ {
- alias /var/www/acme/;
- }
- location / {
- return 301 https://$server_name$request_uri;
- }
- }
- server {
- listen 80;
- server_name www.justin-hayes.com;
- location ^~ /.well-known/acme-challenge/ {
- alias /var/www/acme/;
- }
- location / {
- rewrite ^(.*) https://justin-hayes.com$1 permanent;
- }
- }
- server {
- listen 443 ssl http2;
- server_name justin-hayes.com;
- ssl_certificate /etc/ssl/acme/fullchain.pem;
- ssl_certificate_key /etc/ssl/acme/private/privkey.pem;
- ssl_session_tickets off;
- ssl_stapling on;
- ssl_stapling_verify on;
- resolver 8.8.8.8 8.8.4.4 valid=300s;
- resolver_timeout 5s;
- add_header Strict-Transport-Security "max-age=63072000; includeSubdomains;";
- add_header X-Frame-Options DENY;
- add_header X-Content-Type-Options nosniff;
- limit_req zone=gulag burst=200 nodelay;
- root /var/www/justin-hayes.com;
- index index.php index.html index.htm;
- location / {
- try_files $uri $uri/ @rewrite;
- }
- location ^~ /files/ {
- index index.php index.html index.htm /_h5ai/public/index.php;
- }
- location @rewrite {
- rewrite ^/(.*)$ /index.php?q=$1 last;
- }
- error_page 500 502 503 504 /50x.html;
- location = /50x.html {
- root /var/www/nginx-dist;
- }
- location ~ \.php$ {
- try_files $uri =404;
- fastcgi_split_path_info ^(.+\.php)(/.+)$;
- fastcgi_pass unix:/var/run/php-fpm.sock;
- fastcgi_index index.php;
- fastcgi_param SCRIPT_FILENAME $request_filename;
- include fastcgi_params;
- }
- location ~ /\.ht {
- deny all;
- }
- }
- server {
- listen 443 ssl http2;
- server_name www.justin-hayes.com;
- ssl_certificate /etc/ssl/acme/fullchain.pem;
- ssl_certificate_key /etc/ssl/acme/private/privkey.pem;
- ssl_session_tickets off;
- ssl_stapling on;
- ssl_stapling_verify on;
- resolver 8.8.8.8 8.8.4.4 valid=300s;
- resolver_timeout 5s;
- add_header Strict-Transport-Security "max-age=63072000; includeSubdomains;";
- add_header X-Frame-Options DENY;
- add_header X-Content-Type-Options nosniff;
- rewrite ^(.*) http://justin-hayes.com$1 permanent;
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement