Guest User

Untitled

a guest
Apr 6th, 2015
434
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. ### nginx.conf
  2. # Generic startup file.
  3. user www-data www-data;
  4. worker_processes 2;
  5.  
  6. error_log /var/log/nginx/error.log;
  7. pid /var/run/nginx.pid;
  8.  
  9. events {
  10. worker_connections 1024;
  11. }
  12.  
  13. http {
  14. include mime.types;
  15. default_type application/octet-stream;
  16. access_log /var/log/nginx/access.log;
  17.  
  18. sendfile on;
  19.  
  20. ssl_dhparam /var/www/dhparam2048.pem;
  21. ssl_buffer_size 4k;
  22. ssl_session_cache shared:SSL:10m;
  23. ssl_session_timeout 10m;
  24. ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  25. ssl_prefer_server_ciphers on;
  26. ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
  27.  
  28. resolver 127.0.0.1 valid=3600;
  29. resolver_timeout 10s;
  30.  
  31. keepalive_timeout 15;
  32. large_client_header_buffers 8 16k;
  33. client_max_body_size 13m;
  34. index index.php index.html index.htm;
  35.  
  36. # Upstream to abstract backend connection(s) for PHP.
  37. upstream php {
  38. server 127.0.0.1:9000;
  39. }
  40.  
  41. include sites-enabled/*;
  42. }
  43.  
  44.  
  45. ### sites-enabled/default.conf
  46. server {
  47. listen 80 default_server;
  48. server_name _;
  49. root /var/www/default/public_html;
  50.  
  51. include global/restrictions.conf;
  52. include global/location-any.conf;
  53.  
  54. # Additional rules go here.
  55.  
  56. include global/php-local.conf;
  57. }
  58.  
  59. server {
  60. listen 443 default_server ssl;
  61. server_name _;
  62. root /var/www/default/public_html;
  63.  
  64. ssl_certificate /var/www/default/default.cert.pem;
  65. ssl_certificate_key /var/www/default/default.key.pem;
  66.  
  67. include global/restrictions.conf;
  68. include global/location-any.conf;
  69.  
  70. # Additional rules go here.
  71.  
  72. include global/php-local.conf;
  73. }
  74.  
  75.  
  76. ### sites-enabled/mydomain.org.conf
  77. server {
  78. server_name *.mydomain.org;
  79. rewrite ^ http://mydomain.org$request_uri permanent;
  80. }
  81.  
  82. server {
  83. listen 443 ssl;
  84. server_name *.mydomain.org;
  85.  
  86. ssl_certificate /var/www/mydomain.org/mydomain.org.chain.pem;
  87. ssl_certificate_key /var/www/mydomain.org/mydomain.org.key.pem;
  88.  
  89. include global/ssl_ocsp.conf;
  90.  
  91. rewrite ^ https://mydomain.org$request_uri permanent;
  92. }
  93.  
  94. server {
  95. server_name mydomain.org;
  96. root /var/www/mydomain.org/public_html;
  97.  
  98. include global/restrictions.conf;
  99. include global/location-any.conf;
  100.  
  101. # Additional rules go here.
  102.  
  103. include global/php-local.conf;
  104. }
  105.  
  106. server {
  107. listen 443 ssl;
  108. server_name mydomain.org;
  109. root /var/www/mydomain.org/public_html;
  110.  
  111. ssl_certificate /var/www/mydomain.org/mydomain.org.chain.pem;
  112. ssl_certificate_key /var/www/mydomain.org/mydomain.org.key.pem;
  113.  
  114. include global/ssl_ocsp.conf;
  115. include global/restrictions.conf;
  116. include global/location-any.conf;
  117.  
  118. # Additional rules go here.
  119.  
  120. include global/php-local.conf;
  121. }
  122.  
  123.  
  124. ### global/ssl_ocsp.conf
  125. # Enable SSL stapling.
  126. # Designed to be included in any server {} block.
  127. ssl_trusted_certificate /var/www/root.certs.pem;
  128. ssl_stapling on;
  129. ssl_stapling_verify on;
RAW Paste Data