Guest User

Untitled

a guest
Aug 3rd, 2019
6
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1.  
  2. #x# HTTPS-DEFAULT
  3. server {
  4.  
  5. server_name domains.me www.domains.me;
  6. return 302 https://domains.me$request_uri;
  7. include /usr/local/nginx/conf/staticfiles.conf;
  8. }
  9. server {
  10. listen 443 ssl http2 reuseport;
  11. server_name domains.me www.domains.me;
  12.  
  13. include /usr/local/nginx/conf/ssl_include.conf;
  14. ssl_dhparam /usr/local/nginx/conf/ssl/domains.me/dhparam.pem;
  15. ssl_certificate /usr/local/nginx/conf/ssl/domains.me/domains.me-acme-ecc.cer;
  16. ssl_certificate_key /usr/local/nginx/conf/ssl/domains.me/domains.me-acme-ecc.key;
  17. ssl_trusted_certificate /usr/local/nginx/conf/ssl/domains.me/domains.me-fullchain-acme-ecc.key;
  18.  
  19.  
  20.  
  21. # cloudflare authenticated origin pull cert community.centminmod.com/threads/13847/
  22. #ssl_client_certificate /usr/local/nginx/conf/ssl/cloudflare/domains.me/origin.crt;
  23. #ssl_verify_client on;
  24. http2_max_field_size 16k;
  25. http2_max_header_size 32k;
  26. # mozilla recommended
  27. ssl_ciphers TLS13-AES-128-GCM-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
  28. ssl_prefer_server_ciphers on;
  29. #add_header Alternate-Protocol 443:npn-spdy/3;
  30.  
  31. # before enabling HSTS line below read centminmod.com/nginx_domain_dns_setup.html#hsts
  32. add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
  33. #add_header X-Frame-Options SAMEORIGIN;
  34. add_header X-Xss-Protection "1; mode=block" always;
  35. add_header X-Content-Type-Options "nosniff" always;
  36. #add_header Referrer-Policy "strict-origin-when-cross-origin";
  37. #spdy_headers_comp 5;
  38. ssl_buffer_size 4k;
  39. ssl_session_tickets on;
  40.  
  41.  
  42. # enable ocsp stapling
  43. resolver 8.8.8.8 8.8.4.4 1.1.1.1 1.0.0.1 valid=10m;
  44. resolver_timeout 10s;
  45. ssl_stapling on;
  46. ssl_stapling_verify on;
  47.  
  48.  
  49. # ngx_pagespeed & ngx_pagespeed handler
  50. include /usr/local/nginx/conf/pagespeed.conf;
  51. #include /usr/local/nginx/conf/pagespeedhandler.conf;
  52. #include /usr/local/nginx/conf/pagespeedstatslog.conf;
  53.  
  54. # limit_conn limit_per_ip 16;
  55. # ssi on;
  56.  
  57. access_log /home/nginx/domains/domains.me/log/access.log combined buffer=256k flush=5m;
  58. error_log /home/nginx/domains/domains.me/log/error.log;
  59.  
  60. include /usr/local/nginx/conf/autoprotect/domains.me/autoprotect-domains.me.conf;
  61. root /home/nginx/domains/domains.me/public;
  62. # uncomment cloudflare.conf include if using cloudflare for
  63. # server and/or vhost site
  64. #include /usr/local/nginx/conf/cloudflare.conf;
  65. include /usr/local/nginx/conf/503include-main.conf;
  66.  
  67. location / {
  68. try_files $uri $uri/ /index.php?q=$request_uri;
  69.  
  70. include /usr/local/nginx/conf/503include-only.conf;
  71. include /usr/local/nginx/conf/block.conf;
  72.  
  73.  
  74. }
  75.  
  76. include /usr/local/nginx/conf/pre-staticfiles-local-domains.me.conf;
  77. include /usr/local/nginx/conf/pre-staticfiles-global.conf;
  78. include /usr/local/nginx/conf/staticfiles.conf;
  79. include /usr/local/nginx/conf/php.conf;
  80. include /usr/local/nginx/conf/gzip.conf;
  81.  
  82. include /usr/local/nginx/conf/drop.conf;
  83. #include /usr/local/nginx/conf/errorpage.conf;
  84. include /usr/local/nginx/conf/vts_server.conf;
  85. }
RAW Paste Data