SHARE
TWEET

Untitled

a guest Aug 2nd, 2017 56 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. [root@cw008 /usr/ports/security/ca_root_nss]# cat /usr/local/etc/nginx/vhosts/virtual-ssl.conf
  2. server {
  3.        listen  443 http2 ;
  4.         ssl on;
  5.         server_name cw008.domain.net;
  6.         ssl_certificate /etc/ssl/certs/domain/domain-combined.crt;    
  7.         ssl_certificate_key /etc/ssl/certs/domain/domain.key;    
  8.  
  9.         ssl_stapling on;
  10.         ssl_stapling_verify on;
  11.         ssl_trusted_certificate /usr/local/etc/ssl/cert.pem;
  12.         resolver 8.8.8.8 8.8.4.4;
  13.         resolver_timeout 10s;
  14.        
  15.         ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  16.         ssl_ciphers 'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4';
  17.         ssl_prefer_server_ciphers on;
  18.  
  19.  
  20.         location / {
  21.             root   /tunefiles;
  22.             index index.html index.htm index.php;
  23.  
  24.         include thumbs.inc;
  25.         include mp4_secure.inc;
  26.         }
  27.  
  28.  # pass the PHP scripts to FastCGI server listening on unix:/var/run/www.socket
  29.         location ~ \.php$ {
  30.             root /tunefiles;
  31.             fastcgi_pass   unix:/var/run/www.socket;
  32.            fastcgi_index  index.php;
  33.             fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
  34.             include        fastcgi_params;
  35.             #accesslog     /var/log/nginx-fpm.log;
  36.         }
  37.  
  38.         location ~ /\.ht {
  39.             deny  all;
  40.         }
  41. }
  42.  
  43.  
  44. [root@cw008 /usr/ports/security/ca_root_nss]# cat /usr/local/etc/nginx/mp4_secure.inc
  45.         location /files/subs {
  46.                  location ~* \.(vtt)$ {
  47.                 add_header Access-Control-Allow-Origin *;
  48.                 }
  49.         }
  50.  
  51.         location  /files/videos {
  52.           secure_link $arg_h,$arg_ttl;
  53.           secure_link_md5 "$secure_link_expires$uri 1232121231";
  54.  
  55.         location ~* \.(mpd)$ {
  56.                 add_header Access-Control-Allow-Origin *;
  57.         }
  58.  
  59.         location ~ dashinit\.mp4$ {
  60.                 add_header Access-Control-Allow-Origin *;
  61.                 include cors.inc;
  62.                 sendfile off;
  63.                 aio on;
  64.                 mp4;
  65.                 mp4_buffer_size 10M;
  66.                 mp4_max_buffer_size 30M;
  67.                 expires 1y;
  68.                 add_header Cache-Control "public";
  69.                 include hotlink.inc;
  70.                 }
  71.  
  72.         location ~ \.mp4$ {
  73.                 add_header Access-Control-Allow-Origin *;
  74. #                if ($secure_link = "")  { return 403; }
  75. #                if ($secure_link = "0") { return 410; }
  76.                 include cors.inc;
  77.                 sendfile off;
  78.                 aio on;
  79.                 mp4;
  80.                 mp4_buffer_size 10M;
  81.                 mp4_max_buffer_size 30M;                                  
  82.                 expires 1y;
  83.                 add_header Cache-Control "public";
  84. #                include hotlink.inc;
  85.                 }
  86.  
  87.        location ~ \.flv$ {
  88.                 add_header Access-Control-Allow-Origin *;
  89.                 if ($secure_link = "")  { return 403; }
  90.                 if ($secure_link = "0") { return 410; }
  91.                 flv;
  92.                 expires 1y;
  93.                 add_header Cache-Control "public";
  94.                 include hotlink.inc;
  95.                 }
  96.         }
RAW Paste Data
Top