Manhhailua

https://codek.org

Jul 11th, 2016
12
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. # Centmin Mod Getting Started Guide
  2. # must read http://centminmod.com/getstarted.html
  3. # For SPDY SSL Setup
  4. # read http://centminmod.com/nginx_configure_https_ssl_spdy.html
  5.  
  6. # redirect from www to non-www  forced SSL
  7. # uncomment, save file and restart Nginx to enable
  8. # if unsure use return 302 before using return 301
  9. # server {
  10. #       listen   80;
  11. #       server_name codek.org www.codek.org;
  12. #       return 302 https://$server_name$request_uri;
  13. # }
  14.  
  15. server {
  16.   listen 443 ssl http2;
  17.   server_name codek.org www.codek.org;
  18.  
  19.   ssl_dhparam /usr/local/nginx/conf/ssl/codek.org/dhparam.pem;
  20.   ssl_certificate      /usr/local/nginx/conf/ssl/codek.org/codek.org.crt;
  21.   ssl_certificate_key  /usr/local/nginx/conf/ssl/codek.org/codek.org.key;
  22.   include /usr/local/nginx/conf/ssl_include.conf;
  23.  
  24.   http2_max_field_size 16k;
  25.   http2_max_header_size 32k;
  26.   # mozilla recommended
  27.   ssl_ciphers EECDH+CHACHA20:EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+ECDSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+SHA384:EECDH+AES128:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!CAMELLIA;
  28.   ssl_prefer_server_ciphers   on;
  29.   #add_header Alternate-Protocol  443:npn-spdy/3;
  30.   # HTTP Public Key Pinning Header uncomment only one that applies include or exclude domains.
  31.   # You'd want to include subdomains if you're using SSL wildcard certificates
  32.   # include subdomain
  33.   #add_header Public-Key-Pins 'pin-sha256="qbAycx+EgKOAuOn4PSjtlxTXvoCRzhE4DctHLPq6FoI="; pin-sha256="lzTqiEEpyqe/1A1dmrl/qvIcPo0cxrUav05iiJW5QYI="; max-age=86400; includeSubDomains';
  34.   # exclude subdomains
  35.   #add_header Public-Key-Pins 'pin-sha256="qbAycx+EgKOAuOn4PSjtlxTXvoCRzhE4DctHLPq6FoI="; pin-sha256="lzTqiEEpyqe/1A1dmrl/qvIcPo0cxrUav05iiJW5QYI="; max-age=86400';
  36.   #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
  37.   #add_header X-Frame-Options SAMEORIGIN;
  38.   #add_header X-Xss-Protection "1; mode=block" always;
  39.   #add_header X-Content-Type-Options "nosniff" always;
  40.   #spdy_headers_comp 5;
  41.   ssl_buffer_size 1369;
  42.   ssl_session_tickets on;
  43.  
  44.   # enable ocsp stapling
  45.   #resolver 8.8.8.8 8.8.4.4 valid=10m;
  46.   #resolver_timeout 10s;
  47.   #ssl_stapling on;
  48.   #ssl_stapling_verify on;
  49.   #ssl_trusted_certificate /usr/local/nginx/conf/ssl/codek.org/codek.org-trusted.crt;  
  50.  
  51.   # ngx_pagespeed & ngx_pagespeed handler
  52.   #include /usr/local/nginx/conf/pagespeed.conf;
  53.   #include /usr/local/nginx/conf/pagespeedhandler.conf;
  54.   #include /usr/local/nginx/conf/pagespeedstatslog.conf;
  55.  
  56.   # limit_conn limit_per_ip 16;
  57.   # ssi  on;
  58.  
  59.   access_log /home/nginx/domains/codek.org/log/access.log combined buffer=256k flush=60m;
  60.   error_log /home/nginx/domains/codek.org/log/error.log;
  61.  
  62.   include /usr/local/nginx/conf/autoprotect/codek.org/autoprotect-codek.org.conf;
  63.   root /home/nginx/domains/codek.org/public;
  64.   # uncomment cloudflare.conf include if using cloudflare for
  65.   # server and/or vhost site
  66.   #include /usr/local/nginx/conf/cloudflare.conf;
  67.   include /usr/local/nginx/conf/503include-main.conf;
  68.  
  69.   # prevent access to ./directories and files
  70.   # location ~ (?:^|/)\. {
  71.     # deny all;
  72.   # }  
  73.  
  74.   location / {
  75.     include /usr/local/nginx/conf/503include-only.conf;
  76.  
  77.     # block common exploits, sql injections etc
  78.     #include /usr/local/nginx/conf/block.conf;
  79.  
  80.     # Enables directory listings when index file not found
  81.     #autoindex  on;
  82.  
  83.     # Shows file listing times as local time
  84.     #autoindex_localtime on;
  85.  
  86.     # Enable for vBulletin usage WITHOUT vbSEO installed
  87.     # More example Nginx vhost configurations at
  88.     # http://centminmod.com/nginx_configure.html
  89.     #try_files    $uri $uri/ /index.php;
  90.  
  91.     #proxy_cache CODEK_CACHE;
  92.     #proxy_cache_valid 200 30m;
  93.     #proxy_cache_valid 404 10m;
  94.     proxy_ignore_headers X-Accel-Expires Expires Cache-Control;
  95.     proxy_ignore_headers Set-Cookie;
  96.     proxy_hide_header Set-Cookie;
  97.     proxy_hide_header X-powered-by;
  98.     proxy_set_header X-Real-IP $remote_addr;
  99.     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  100.     proxy_set_header Host $http_host;
  101.     expires 10m;
  102.  
  103.     proxy_pass http://codek;
  104.     add_header X-Cache $upstream_cache_status;
  105.  
  106.   }
  107.  
  108.   # Static files
  109.   location ~* \.(jpg|jpeg|svg|png|gif|ico|css|js|eot|woff)$ {
  110.     # Use the nginx cache zone called APP
  111.     proxy_cache CODEK_CACHE;
  112.     # For valid responses, cache it for 1 day
  113.     proxy_cache_valid 200 1d;
  114.     # For not found, cache it for 10 minutes
  115.     proxy_cache_valid 404 10m;
  116.  
  117.     # Ghost sends Cache-Control max-age=0 on CSS/JS for now
  118.     # See https://github.com/TryGhost/Ghost/issues/1405?source=c#issuecomment-28196957
  119.     proxy_ignore_headers "Cache-Control";
  120.     access_log off;
  121.     # Allow the browser to cache static files for 30 days
  122.     expires 30d;
  123.     proxy_pass http://codek;
  124.   }
  125.  
  126.   location /content/images {
  127.     alias /home/admin/web/codek.org/public_html/content/images;
  128.     access_log off;
  129.     expires max;
  130.   }
  131.  
  132.   location /assets {
  133.     alias /home/admin/web/codek.org/public_html/content/themes/ghost-wbkd/assets;
  134.     access_log off;
  135.     expires max;
  136.   }
  137.  
  138.   location /shared {
  139.     alias /home/admin/web/codek.org/public_html/core/shared;
  140.     access_log off;
  141.     expires max;
  142.   }
  143.  
  144.   location ~ ^/(?:ghost|signout) {
  145.     proxy_set_header X-Real-IP $remote_addr;
  146.     proxy_set_header Host $http_host;
  147.     proxy_pass http://codek;
  148.     add_header Cache-Control "no-cache, private, no-store, must-revalidate, max-stale=0, post-check=0, pre-check=0";
  149.   }
  150.  
  151.   location ~ /\.ht    {return 404;}
  152.   location ~ /\.svn/  {return 404;}
  153.   location ~ /\.git/  {return 404;}
  154.   location ~ /\.hg/   {return 404;}
  155.   location ~ /\.bzr/  {return 404;}
  156.  
  157.   # include /usr/local/nginx/conf/staticfiles.conf;
  158.   # include /usr/local/nginx/conf/php.conf;
  159.   # include /usr/local/nginx/conf/drop.conf;
  160.   # include /usr/local/nginx/conf/errorpage.conf;
  161.   include /usr/local/nginx/conf/vts_server.conf;
  162. }
RAW Paste Data