Untitled

1. server {
2. listen 443 ssl;
3. server_name www.dormain.com;
4.  
5. # SSL
6. ssl_certificate /etc/letsencrypt/live/dormain.com/fullchain.pem;
7. ssl_certificate_key /etc/letsencrypt/live/dormain.com/privkey.pem;
8. ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
9. ssl_prefer_server_ciphers on;
10. ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
11.  
12. rewrite ^(.*) https://dormain.com$1 permanent;
13. }
14. server {
15. listen 80;
16. server_name www.dormain.com;
17. rewrite ^(.*) https://dormain.com$1 permanent;
18. }
19.  
20. server {
21. server_name dormain.com;
22. return 301 $scheme://www.dormain.com$request_uri;
23. }
24.  
25. server {
26. listen 443 ssl;
27.  
28. # access_log off;
29. access_log /home/dormain.com/logs/access.log;
30. # error_log off;
31. error_log /home/dormain.com/logs/error.log;
32.  
33. root /home/dormain.com/public_html;
34. index index.php index.html index.htm;
35. server_name dormain.com;
36.  
37. # SSL
38. ssl_certificate /etc/letsencrypt/live/dormain.com/fullchain.pem;
39. ssl_certificate_key /etc/letsencrypt/live/dormain.com/privkey.pem;
40. ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
41. ssl_prefer_server_ciphers on;
42. ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
43.  
44. # Improve HTTPS performance with session resumption
45. ssl_session_cache shared:SSL:50m;
46. ssl_session_timeout 1d;
47.  
48. # DH parameters
49. ssl_dhparam /etc/nginx/ssl/dhparam.pem;
50. # Enable HSTS
51. add_header Strict-Transport-Security "max-age=31536000" always;
52.  
53. location / {
54. try_files $uri $uri/ /index.php?$args;
55. }
56.  
57. # Custom configuration
58. include /home/dormain.com/public_html/*.conf;
59.  
60. location ~ \.php$ {
61. fastcgi_split_path_info ^(.+\.php)(/.+)$;
62. include /etc/nginx/fastcgi_params;
63. fastcgi_pass 127.0.0.1:9000;
64. fastcgi_index index.php;
65. fastcgi_connect_timeout 1000;
66. fastcgi_send_timeout 1000;
67. fastcgi_read_timeout 1000;
68. fastcgi_buffer_size 256k;
69. fastcgi_buffers 4 256k;
70. fastcgi_busy_buffers_size 256k;
71. fastcgi_temp_file_write_size 256k;
72. fastcgi_intercept_errors on;
73. fastcgi_param SCRIPT_FILENAME /home/dormain.com/public_html$fastcgi_script_name;
74. }
75. location /nginx_status {
76. stub_status on;
77. access_log off;
78. allow 127.0.0.1;
79. deny all;
80. }
81. location /php_status {
82. fastcgi_pass 127.0.0.1:9000;
83. fastcgi_index index.php;
84. fastcgi_param SCRIPT_FILENAME /home/dormain.com/public_html$fastcgi_script_name;
85. include /etc/nginx/fastcgi_params;
86. allow 127.0.0.1;
87. deny all;
88. }
89. # Disable .htaccess and other hidden files
90. location ~ /\.(?!well-known).* {
91. deny all;
92. access_log off;
93. log_not_found off;
94. }
95. location = /favicon.ico {
96. log_not_found off;
97. access_log off;
98. }
99. location = /robots.txt {
100. allow all;
101. log_not_found off;
102. access_log off;
103. }
104. location ~* \.(3gp|gif|jpg|jpeg|png|ico|wmv|avi|asf|asx|mpg|mpeg|mp4|pls|mp3|mid|wav|swf|flv|exe|zip|tar|rar|gz|tgz|bz2|uha|7z|doc|docx|xls|xlsx|pdf|iso|eot|svg|ttf|woff)$ {
105. gzip_static off;
106. add_header Pragma public;
107. add_header Cache-Control "public, must-revalidate, proxy-revalidate";
108. access_log off;
109. expires 30d;
110. break;
111. }
112.  
113. location ~* \.(txt|js|css)$ {
114. add_header Pragma public;
115. add_header Cache-Control "public, must-revalidate, proxy-revalidate";
116. access_log off;
117. expires 30d;
118. break;
119. }
120. }
121.  
122.