Guest User

Untitled

a guest
Aug 15th, 2020
21
55 days
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1.  
  2. #x# HTTPS-DEFAULT
  3. server {
  4.  
  5. server_name [FQDN] www.[FQDN];
  6. return 302 https://[FQDN]$request_uri;
  7. include /usr/local/nginx/conf/staticfiles.conf;
  8. }
  9.  
  10.  
  11. server {
  12. listen 443 ssl http2 reuseport;
  13. server_name [FQDN] www.[FQDN];
  14.  
  15. include /usr/local/nginx/conf/ssl/[FQDN]/[FQDN].crt.key.conf;
  16. include /usr/local/nginx/conf/ssl_include.conf;
  17.  
  18. # cloudflare authenticated origin pull cert community.centminmod.com/threads/13847/
  19. #ssl_client_certificate /usr/local/nginx/conf/ssl/cloudflare/[FQDN]/origin.crt;
  20. #ssl_verify_client on;
  21. http2_max_field_size 16k;
  22. http2_max_header_size 32k;
  23. # mozilla recommended
  24. ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
  25. ssl_prefer_server_ciphers on;
  26. #add_header Alternate-Protocol 443:npn-spdy/3;
  27.  
  28. # before enabling HSTS line below read centminmod.com/nginx_domain_dns_setup.html#hsts
  29. #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
  30. #add_header X-Frame-Options SAMEORIGIN;
  31. add_header X-Xss-Protection "1; mode=block" always;
  32. add_header X-Content-Type-Options "nosniff" always;
  33. #add_header Referrer-Policy "strict-origin-when-cross-origin";
  34. #spdy_headers_comp 5;
  35. ssl_buffer_size 1369;
  36. ssl_session_tickets on;
  37.  
  38. # enable ocsp stapling
  39. resolver 8.8.8.8 8.8.4.4 1.1.1.1 1.0.0.1 valid=10m;
  40. resolver_timeout 10s;
  41. ssl_stapling on;
  42. ssl_stapling_verify on;
  43.  
  44. # ngx_pagespeed & ngx_pagespeed handler
  45. #include /usr/local/nginx/conf/pagespeed.conf;
  46. #include /usr/local/nginx/conf/pagespeedhandler.conf;
  47. #include /usr/local/nginx/conf/pagespeedstatslog.conf;
  48.  
  49. # limit_conn limit_per_ip 16;
  50. # ssi on;
  51.  
  52. access_log /home/nginx/domains/[FQDN]/log/access.log combined buffer=256k flush=5m;
  53. error_log /home/nginx/domains/[FQDN]/log/error.log;
  54.  
  55. include /usr/local/nginx/conf/autoprotect/[FQDN]/autoprotect-[FQDN].conf;
  56. root /home/nginx/domains/[FQDN]/public;
  57. # uncomment cloudflare.conf include if using cloudflare for
  58. # server and/or vhost site
  59. #include /usr/local/nginx/conf/cloudflare.conf;
  60. include /usr/local/nginx/conf/503include-main.conf;
  61.  
  62. location / {
  63. include /usr/local/nginx/conf/503include-only.conf;
  64.  
  65. # block common exploits, sql injections etc
  66. #include /usr/local/nginx/conf/block.conf;
  67.  
  68. # Enables directory listings when index file not found
  69. #autoindex on;
  70.  
  71. # Shows file listing times as local time
  72. #autoindex_localtime on;
  73.  
  74. # Wordpress Permalinks example
  75. #try_files $uri $uri/ /index.php?q=$uri&$args;
  76.  
  77. }
  78.  
  79. include /usr/local/nginx/conf/pre-staticfiles-local-[FQDN].conf;
  80. include /usr/local/nginx/conf/pre-staticfiles-global.conf;
  81. include /usr/local/nginx/conf/staticfiles.conf;
  82. include /usr/local/nginx/conf/php.conf;
  83.  
  84. include /usr/local/nginx/conf/drop.conf;
  85. #include /usr/local/nginx/conf/errorpage.conf;
  86. include /usr/local/nginx/conf/vts_server.conf;
  87. }
  88.  
RAW Paste Data