Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #Redirect http www to https no-www
- server {
- server_name _;
- access_log off;
- }
- #Redirect http no-www to https no-www
- server {
- // listening to port 80
- listen "actual-server-ip";
- listen [::]:80;
- server_name localhost;
- root /home/maindir;
- index index.php;
- access_log off;
- port_in_redirect off;
- location / {
- allow 127.0.0.1;
- auth_basic "Please enter username";
- auth_basic_user_file /etc/nginx/.passfile1;
- }
- }
- server {
- // listening to port 443 for https requests
- listen 443 ssl default_server;
- listen [::]:443 ssl default_server;
- server_name localhost;
- port_in_redirect off;
- access_log off;
- ssl_certificate /main/ssl/eth0___localhost.pem;
- ssl_certificate_key /main/ssl/eth0___localhost.key;
- ssl_trusted_certificate /main/ssl/eth0___localhost.ca;
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
- ssl_dhparam /root/dhparams.pem;
- ssl_prefer_server_ciphers on;
- ssl_ecdh_curve secp384r1;
- root /home/maindir;
- add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
- add_header X-Frame-Options SAMEORIGIN;
- add_header X-Content-Type-Options nosniff;
- index index.php index.html index.htm;
- location / {
- proxy_pass http://127.0.0.1:81; // to direct requests to varnish
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto https;
- proxy_set_header X-Forwarded-Port 443;
- proxy_set_header Host $http_host;
- proxy_set_header X-Forwarded-Host $http_host;
- proxy_set_header HTTPS "on";
- proxy_read_timeout 90;
- proxy_connect_timeout 90;
- proxy_redirect off;
- }
- location ~ /.ht {
- deny all;
- }
- }
Add Comment
Please, Sign In to add comment