# redirect from www to non-www forced SSL# uncomment, save file and restart N

1. # redirect from www to non-www forced SSL
2. # uncomment, save file and restart Nginx to enable
3. # if unsure use return 302 before using return 301
4. server {
5. listen 80;
6. server_name domain.com www.domain.com;
7. return 302 https://$server_name$request_uri;
8. }
9.  
10. server {
11. listen 443 ssl http2 reuseport;
12. server_name domain.com www.domain.com;
13.  
14. ssl_dhparam /usr/local/nginx/conf/ssl/domain.com/dhparam.pem;
15. ssl_certificate /usr/local/nginx/conf/ssl/domain.com/domain.com.crt;
16. ssl_certificate_key /usr/local/nginx/conf/ssl/domain.com/domain.com.key;
17. include /usr/local/nginx/conf/ssl_include.conf;
18.  
19. # cloudflare authenticated origin pull cert
20. #ssl_client_certificate /usr/local/nginx/conf/ssl/cloudflare/domain.com/origin.crt;
21. #ssl_verify_client on;
22. http2_max_field_size 16k;
23. http2_max_header_size 32k;
24. # mozilla recommended
25. ssl_ciphers TLS13-AES-128-GCM-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
26. ssl_prefer_server_ciphers on;
27. #add_header Alternate-Protocol 443:npn-spdy/3;
28.  
29. # before enabling HSTS line below read centminmod.com/nginx_domain_dns_setup.html#hsts
30. #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
31. #add_header X-Frame-Options SAMEORIGIN;
32. add_header X-Xss-Protection "1; mode=block" always;
33. add_header X-Content-Type-Options "nosniff" always;
34. #add_header Referrer-Policy "strict-origin-when-cross-origin";
35. #spdy_headers_comp 5;
36. ssl_buffer_size 1369;
37. ssl_session_tickets on;
38.  
39. # enable ocsp stapling
40. #resolver 8.8.8.8 8.8.4.4 valid=10m;
41. #resolver_timeout 10s;
42. #ssl_stapling on;
43. #ssl_stapling_verify on;
44. #ssl_trusted_certificate /usr/local/nginx/conf/ssl/domain.com/domain.com-trusted.crt;
45.  
46. # ngx_pagespeed & ngx_pagespeed handler
47. #include /usr/local/nginx/conf/pagespeed.conf;
48. #include /usr/local/nginx/conf/pagespeedhandler.conf;
49. #include /usr/local/nginx/conf/pagespeedstatslog.conf;
50.  
51. # limit_conn limit_per_ip 16;
52. # ssi on;
53.  
54. access_log /home/nginx/domains/domain.com/log/access.log combined buffer=256k flush=5m;
55. error_log /home/nginx/domains/domain.com/log/error.log;
56.  
57. #include /usr/local/nginx/conf/autoprotect/domain.com/autoprotect-domain.com.conf;
58. root /home/nginx/domains/domain.com/public;
59. # uncomment cloudflare.conf include if using cloudflare for
60. # server and/or vhost site
61. include /usr/local/nginx/conf/cloudflare.conf;
62. include /usr/local/nginx/conf/503include-main.conf;
63.  
64. location / {
65. include /usr/local/nginx/conf/503include-only.conf;
66.  
67. location ~* ^/inscriere/.*\.(js|ico|gif|jpg|png|css|swf|csv)$ {}
68. location ~* ^/inscriere/setup/index.php$ { try_files not-existing-file @php; }
69. location ~* ^/inscriere/js.php { try_files not-exiting-file @php; }
70. location ~* ^/inscriere/index.php$ { try_files not-existing-file @php; }
71. location ~* ^/inscriere/public.php$ { try_files not-existing-file @php; }
72. location ~* ^/inscriere/public { rewrite ^.*$ /inscriere/public.php; }
73. location ~* ^/inscriere/setup { rewrite ^.*$ /inscriere/setup/index.php; }
74. location ~* ^/inscriere { rewrite ^.*$ /inscriere/index.php; }
75.  
76. # block common exploits, sql injections etc
77. #include /usr/local/nginx/conf/block.conf;
78.  
79. # Enables directory listings when index file not found
80. #autoindex on;
81.  
82. # Shows file listing times as local time
83. #autoindex_localtime on;
84.  
85. # Wordpress Permalinks example
86. try_files $uri $uri/ /index.php?q=$uri&$args;
87.  
88. }
89.  
90. location /forum {
91. # block common exploits, sql injections etc
92. #include /usr/local/nginx/conf/block.conf;
93.  
94. try_files $uri $uri/ /forum/index.php;
95. }
96.  
97. location ~^(/forum/page/).*(\.php)$ {
98. try_files $uri $uri/ /index.php;
99. }
100.  
101. # IP.Board PHP/CGI Protection
102. location ~^(/forum/uploads/).*(\.php)$ {
103. deny all;
104. }
105. location ~^(/forum/hooks/).*(\.php)$ {
106. deny all;
107. }
108. location ~^(/forum/cache/).*(\.php)$ {
109. deny all;
110. }
111. location ~^(/forum/public/style_).*(\.php)$ {
112. deny all;
113. }
114.  
115. location /testare/ {
116. try_files $uri $uri/ /index.php?$args;
117. }
118.  
119. include /usr/local/nginx/conf/pre-staticfiles-local-domain.com.conf;
120. include /usr/local/nginx/conf/pre-staticfiles-global.conf;
121. include /usr/local/nginx/conf/staticfiles.conf;
122. include /usr/local/nginx/conf/php.conf;
123.  
124. include /usr/local/nginx/conf/drop.conf;
125. #include /usr/local/nginx/conf/errorpage.conf;
126. include /usr/local/nginx/conf/vts_server.conf;
127. }