Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- server {
- listen 109.XXX.XXX.XXX:80;
- listen 109.XXX.XXX.XXX:443 ssl;
- server_name XXX.at;
- return 301 https://www.XXX.at$request_uri;
- }
- server {
- listen 109.XXX.XXX.XXX;
- server_name typo3.XXX.at XXX.XXX.at XXX.XXX.at XXX.XXX.at XXX.XXX.at ;
- return 301 https://$server_name$request_uri;
- }
- server {
- listen 109.XXX.XXX.XXX:443 ssl http2;
- server_name typo3.XXX.at XXX.XXX.at XXX.XXX.at XXX.XXX.at XXX.XXX.at ;
- root /var/www/typo3/htdocs;
- index index.php index.html index.htm;
- charset utf-8;
- error_page 404 /index.php;
- ssl_certificate ssl/XXX.at.pem;
- ssl_certificate_key ssl/XXX.at.key.pem;
- ssl_trusted_certificate ssl/XXX.at.pem;
- ssl_dhparam ssl/dh.pem;
- ssl_ecdh_curve secp384r1;
- ssl_session_cache shared:SSL:10m;
- ssl_session_timeout 10m;
- ssl_session_tickets off;
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
- ssl_prefer_server_ciphers on;
- ssl_buffer_size 1400;
- ssl_stapling off;
- ssl_stapling_verify on;
- resolver 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220 valid=60s;
- resolver_timeout 2s;
- ssl_ciphers "XXXXX";
- #add_header Public-Key-Pins 'pin-sha256="PIN1"; pin-sha256="PIN2"; max-age=5184000; includeSubDomains';
- add_header Cache-Control "public";
- add_header X-Frame-Options SAMEORIGIN;
- add_header Alternate-Protocol 443:npn-http/2;
- add_header X-Content-Type-Options nosniff;
- add_header X-XSS-Protection "1; mode=block";
- add_header X-Permitted-Cross-Domain-Policies "master-only";
- add_header "X-UA-Compatible" "IE=Edge";
- add_header "Access-Control-Allow-Origin" "*";
- add_header Content-Security-Policy "script-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com maps.gstatic.com *.googleapis.com *.google-analytics.com cdnjs.cloudflare.com assets.zendesk.com connect.facebook.net; child-src 'self' *.youtube.com assets.zendesk.com *.facebook.com s-static.ak.facebook.com tautt.zendesk.com; object-src 'self'";
- pagespeed on;
- pagespeed EnableFilters collapse_whitespace;
- pagespeed EnableFilters canonicalize_javascript_libraries;
- pagespeed EnableFilters combine_css;
- pagespeed EnableFilters combine_javascript;
- pagespeed EnableFilters elide_attributes;
- pagespeed EnableFilters extend_cache;
- pagespeed EnableFilters flatten_css_imports;
- pagespeed EnableFilters lazyload_images;
- pagespeed EnableFilters rewrite_javascript;
- pagespeed EnableFilters rewrite_images;
- pagespeed EnableFilters insert_dns_prefetch;
- pagespeed EnableFilters prioritize_critical_css;
- pagespeed FetchHttps enable,allow_self_signed;
- pagespeed FileCachePath /var/lib/nginx/nps_cache;
- pagespeed RewriteLevel CoreFilters;
- pagespeed CssFlattenMaxBytes 5120;
- pagespeed LogDir /var/log/pagespeed;
- pagespeed EnableCachePurge on;
- pagespeed PurgeMethod PURGE;
- pagespeed DownstreamCachePurgeMethod PURGE;
- pagespeed DownstreamCachePurgeLocationPrefix http://127.0.0.1:80/;
- pagespeed DownstreamCacheRewrittenPercentageThreshold 95;
- pagespeed LazyloadImagesAfterOnload on;
- pagespeed LazyloadImagesBlankUrl "data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7";
- pagespeed MemcachedThreads 1;
- pagespeed MemcachedServers "localhost:11211";
- pagespeed MemcachedTimeoutUs 100000;
- pagespeed RespectVary on;
- pagespeed Disallow "*/pma/*";
- # This will correctly rewrite your subresources with https:// URLs and thus avoid mixed content warnings.
- # Note, that you should only enable this option if you are behind a load-balancer that will set this header,
- # otherwise your users will be able to set the protocol PageSpeed uses to interpret the request.
- #
- #pagespeed RespectXForwardedProto on;
- auth_basic_user_file htpasswd/.htpasswd;
- index index.php index.html;
- location = /favicon.ico {
- log_not_found off;
- access_log off;
- }
- location = /robots.txt {
- allow all;
- log_not_found off;
- access_log off;
- }
- # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
- location ~ /\. {
- deny all;
- access_log off;
- log_not_found off;
- }
- location ~ \.php$ {
- try_files $uri =404;
- include /etc/nginx/fastcgi_params;
- fastcgi_pass 127.0.0.1:9000;
- fastcgi_index index.php;
- #fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
- fastcgi_param PATH_TRANSLATED $document_root$fastcgi_script_name;
- fastcgi_intercept_errors on;
- fastcgi_buffer_size 128k;
- fastcgi_buffers 256 16k;
- fastcgi_busy_buffers_size 256k;
- fastcgi_temp_file_write_size 256k;
- fastcgi_read_timeout 1200;
- }
- client_max_body_size 100M;
- location ~ /\.(js|css)$ {
- expires 604800s;
- }
- if (!-e $request_filename){
- rewrite ^/(.+)\.(\d+)\.(php|js|css|png|jpg|gif|gzip)$ /$1.$3 last;
- }
- location ~* ^/fileadmin/(.*/)?_recycler_/ {
- deny all;
- }
- location ~* ^/fileadmin/templates/.*(\.txt|\.ts)$ {
- deny all;
- }
- location ~* ^/typo3conf/ext/[^/]+/Resources/Private/ {
- deny all;
- }
- location ~* ^/(typo3/|fileadmin/|typo3conf/|typo3temp/|uploads/|favicon\.ico) {
- }
- location / {
- try_files $uri $uri/ /index.php?$args;
- }
- location @nocache {
- try_files $uri $uri/ /index.php$is_args$args;
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement