SHARE
TWEET

Untitled

a guest Apr 6th, 2015 324 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. ### nginx.conf
  2. # Generic startup file.
  3. user www-data www-data;
  4. worker_processes  2;
  5.  
  6. error_log  /var/log/nginx/error.log;
  7. pid        /var/run/nginx.pid;
  8.  
  9. events {
  10.         worker_connections  1024;
  11. }
  12.  
  13. http {
  14.         include mime.types;
  15.         default_type       application/octet-stream;
  16.         access_log         /var/log/nginx/access.log;
  17.  
  18.         sendfile           on;
  19.  
  20.         ssl_dhparam                /var/www/dhparam2048.pem;
  21.         ssl_buffer_size            4k;
  22.         ssl_session_cache          shared:SSL:10m;
  23.         ssl_session_timeout        10m;
  24.         ssl_protocols              TLSv1 TLSv1.1 TLSv1.2;
  25.         ssl_prefer_server_ciphers  on;
  26.         ssl_ciphers                'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
  27.  
  28.         resolver 127.0.0.1 valid=3600;
  29.         resolver_timeout 10s;
  30.  
  31.         keepalive_timeout        15;
  32.         large_client_header_buffers 8 16k;
  33.         client_max_body_size 13m;
  34.         index              index.php index.html index.htm;
  35.  
  36.         # Upstream to abstract backend connection(s) for PHP.
  37.         upstream php {
  38.                 server 127.0.0.1:9000;
  39.         }
  40.  
  41.         include sites-enabled/*;
  42. }
  43.  
  44.  
  45. ### sites-enabled/default.conf
  46. server {
  47.         listen 80 default_server;
  48.         server_name _;
  49.         root /var/www/default/public_html;
  50.  
  51.         include global/restrictions.conf;
  52.         include global/location-any.conf;
  53.  
  54.         # Additional rules go here.
  55.  
  56.         include global/php-local.conf;
  57. }
  58.  
  59. server {
  60.         listen 443 default_server ssl;
  61.         server_name _;
  62.         root /var/www/default/public_html;
  63.  
  64.         ssl_certificate        /var/www/default/default.cert.pem;
  65.         ssl_certificate_key    /var/www/default/default.key.pem;
  66.  
  67.         include global/restrictions.conf;
  68.         include global/location-any.conf;
  69.  
  70.         # Additional rules go here.
  71.  
  72.         include global/php-local.conf;
  73. }
  74.  
  75.  
  76. ### sites-enabled/mydomain.org.conf
  77. server {
  78.         server_name *.mydomain.org;
  79.         rewrite ^ http://mydomain.org$request_uri permanent;
  80. }
  81.  
  82. server {
  83.         listen 443 ssl;
  84.         server_name *.mydomain.org;
  85.  
  86.         ssl_certificate        /var/www/mydomain.org/mydomain.org.chain.pem;
  87.         ssl_certificate_key    /var/www/mydomain.org/mydomain.org.key.pem;
  88.  
  89.         include global/ssl_ocsp.conf;
  90.  
  91.         rewrite ^ https://mydomain.org$request_uri permanent;
  92. }
  93.  
  94. server {
  95.         server_name mydomain.org;
  96.         root /var/www/mydomain.org/public_html;
  97.  
  98.         include global/restrictions.conf;
  99.         include global/location-any.conf;
  100.  
  101.         # Additional rules go here.
  102.  
  103.         include global/php-local.conf;
  104. }
  105.  
  106. server {
  107.         listen 443 ssl;
  108.         server_name mydomain.org;
  109.         root /var/www/mydomain.org/public_html;
  110.  
  111.         ssl_certificate        /var/www/mydomain.org/mydomain.org.chain.pem;
  112.         ssl_certificate_key    /var/www/mydomain.org/mydomain.org.key.pem;
  113.  
  114.         include global/ssl_ocsp.conf;
  115.         include global/restrictions.conf;
  116.         include global/location-any.conf;
  117.  
  118.         # Additional rules go here.
  119.  
  120.         include global/php-local.conf;
  121. }
  122.  
  123.  
  124. ### global/ssl_ocsp.conf
  125. # Enable SSL stapling.
  126. # Designed to be included in any server {} block.
  127. ssl_trusted_certificate    /var/www/root.certs.pem;
  128. ssl_stapling               on;
  129. ssl_stapling_verify        on;
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!
 
Top