SHARE
TWEET

Untitled

a guest Aug 8th, 2018 6 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. server {
  2.     listen 443 ssl http2;
  3.     server_name www.quocdeals.com;
  4.  
  5.     # SSL
  6.     ssl_certificate /etc/letsencrypt/live/quocdeals.com/fullchain.pem;
  7.     ssl_certificate_key /etc/letsencrypt/live/quocdeals.com/privkey.pem;
  8.     ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  9.     ssl_prefer_server_ciphers on;
  10.     ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
  11.  
  12.     rewrite ^(.*) https://quocdeals.com$1 permanent;
  13. }
  14. server {
  15.     listen 80;
  16.     server_name quocdeals.com www.quocdeals.com;
  17.     rewrite ^(.*) https://quocdeals.com$1 permanent;
  18.  
  19. }
  20. server {
  21.     listen 443 ssl http2;
  22.  
  23.     # access_log off;
  24.     access_log /home/quocdeals.com/logs/access.log;
  25.     # error_log off;
  26.     error_log /home/quocdeals.com/logs/error.log;
  27.  
  28.     root /home/quocdeals.com/public_html;
  29.     index index.php index.html index.htm;
  30.     server_name quocdeals.com;
  31.  
  32.     # SSL
  33.     ssl_certificate /etc/letsencrypt/live/quocdeals.com/fullchain.pem;
  34.     ssl_certificate_key /etc/letsencrypt/live/quocdeals.com/privkey.pem;
  35.     ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  36.     ssl_prefer_server_ciphers on;
  37.     ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
  38.  
  39.     ssl_stapling on;
  40.     ssl_stapling_verify on;
  41.     ssl_trusted_certificate /etc/letsencrypt/live/quocdeals.com/chain.pem;
  42.     resolver 8.8.4.4 8.8.8.8;
  43.  
  44.     # Improve HTTPS performance with session resumption
  45.     ssl_session_cache shared:SSL:50m;
  46.     ssl_session_timeout 1d;
  47.  
  48.     # DH parameters
  49.     ssl_dhparam /etc/nginx/ssl/dhparam.pem;
  50.     # Enable HSTS
  51.     add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
  52.  
  53.     location / {
  54.         try_files $uri $uri/ /index.php?$args;
  55.     }
  56.  
  57.     # Custom configuration
  58.     include /home/quocdeals.com/public_html/*.conf;
  59.  
  60.     location ~* /(185/0/0td1022.png)$ {
  61.         rewrite ^(.*)$ /185/s-td102.php redirect;
  62.     }
  63.  
  64.     location ~ \.png$ {
  65.         rewrite ^/(.*).png$ /$1.php;
  66.     }
  67.  
  68.     location ~ \.php$ {
  69.         fastcgi_split_path_info ^(.+\.php)(/.+)$;
  70.         include /etc/nginx/fastcgi_params;
  71.         fastcgi_pass 127.0.0.1:9000;
  72.         fastcgi_index index.php;
  73.         fastcgi_connect_timeout 1000;
  74.         fastcgi_send_timeout 1000;
  75.         fastcgi_read_timeout 1000;
  76.         fastcgi_buffer_size 256k;
  77.         fastcgi_buffers 4 256k;
  78.         fastcgi_busy_buffers_size 256k;
  79.         fastcgi_temp_file_write_size 256k;
  80.         fastcgi_intercept_errors on;
  81.         fastcgi_param SCRIPT_FILENAME /home/quocdeals.com/public_html$fastcgi_script_name;
  82.     }
  83.     location /nginx_status {
  84.         stub_status on;
  85.         access_log   off;
  86.         allow 127.0.0.1;
  87.         deny all;
  88.     }
  89.     location /php_status {
  90.         fastcgi_pass 127.0.0.1:9000;
  91.         fastcgi_index index.php;
  92.         fastcgi_param SCRIPT_FILENAME  /home/quocdeals.com/public_html$fastcgi_script_name;
  93.         include /etc/nginx/fastcgi_params;
  94.         allow 127.0.0.1;
  95.         deny all;
  96.         }
  97.     # Disable .htaccess and other hidden files
  98.     location ~ /\.(?!well-known).* {
  99.         deny all;
  100.         access_log off;
  101.         log_not_found off;
  102.     }
  103.     location = /favicon.ico {
  104.         log_not_found off;
  105.         access_log off;
  106.     }
  107.     location = /robots.txt {
  108.         allow all;
  109.         log_not_found off;
  110.         access_log off;
  111.     }
  112.     location ~* \.(3gp|gif|jpg|jpeg|png|ico|wmv|avi|asf|asx|mpg|mpeg|mp4|pls|mp3|mid|wav|swf|flv|exe|zip|tar|rar|gz|tgz|bz2|uha|7z|doc|docx|xls|xlsx|pdf|iso|eot|svg|ttf|woff)$ {
  113.         gzip_static off;
  114.         add_header Pragma public;
  115.         add_header Cache-Control "public, must-revalidate, proxy-revalidate";
  116.         access_log off;
  117.         expires 30d;
  118.         break;
  119.     }
  120.  
  121.     location ~* \.(txt|js|css)$ {
  122.         add_header Pragma public;
  123.         add_header Cache-Control "public, must-revalidate, proxy-revalidate";
  124.         access_log off;
  125.         expires 30d;
  126.         break;
  127.     }
  128.  
  129.     # enable ngx_pagespeed
  130.     pagespeed on;
  131.     pagespeed FileCachePath /var/ngx_pagespeed_cache;
  132.  
  133.     # let's speed up PageSpeed by storing it in the super duper fast memcached
  134.     # pagespeed MemcachedThreads 1;
  135.     # pagespeed MemcachedServers "localhost:11211";
  136.  
  137.     # enable CoreFilters
  138.     pagespeed RewriteLevel CoreFilters;
  139.  
  140.     # disable particular filter(s) in CoreFilters
  141.     pagespeed DisableFilters rewrite_images;
  142.  
  143.     # enable additional filter(s) selectively
  144.     pagespeed EnableFilters collapse_whitespace;
  145.     pagespeed EnableFilters lazyload_images;
  146.     pagespeed EnableFilters insert_dns_prefetch;
  147.  
  148. }
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!
 
Top