Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [root@cw008 /usr/ports/security/ca_root_nss]# cat /usr/local/etc/nginx/vhosts/virtual-ssl.conf
- server {
- listen 443 http2 ;
- ssl on;
- server_name cw008.domain.net;
- ssl_certificate /etc/ssl/certs/domain/domain-combined.crt;
- ssl_certificate_key /etc/ssl/certs/domain/domain.key;
- ssl_stapling on;
- ssl_stapling_verify on;
- ssl_trusted_certificate /usr/local/etc/ssl/cert.pem;
- resolver 8.8.8.8 8.8.4.4;
- resolver_timeout 10s;
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
- ssl_ciphers 'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4';
- ssl_prefer_server_ciphers on;
- location / {
- root /tunefiles;
- index index.html index.htm index.php;
- include thumbs.inc;
- include mp4_secure.inc;
- }
- # pass the PHP scripts to FastCGI server listening on unix:/var/run/www.socket
- location ~ \.php$ {
- root /tunefiles;
- fastcgi_pass unix:/var/run/www.socket;
- fastcgi_index index.php;
- fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
- include fastcgi_params;
- #accesslog /var/log/nginx-fpm.log;
- }
- location ~ /\.ht {
- deny all;
- }
- }
- [root@cw008 /usr/ports/security/ca_root_nss]# cat /usr/local/etc/nginx/mp4_secure.inc
- location /files/subs {
- location ~* \.(vtt)$ {
- add_header Access-Control-Allow-Origin *;
- }
- }
- location /files/videos {
- secure_link $arg_h,$arg_ttl;
- secure_link_md5 "$secure_link_expires$uri 1232121231";
- location ~* \.(mpd)$ {
- add_header Access-Control-Allow-Origin *;
- }
- location ~ dashinit\.mp4$ {
- add_header Access-Control-Allow-Origin *;
- include cors.inc;
- sendfile off;
- aio on;
- mp4;
- mp4_buffer_size 10M;
- mp4_max_buffer_size 30M;
- expires 1y;
- add_header Cache-Control "public";
- include hotlink.inc;
- }
- location ~ \.mp4$ {
- add_header Access-Control-Allow-Origin *;
- # if ($secure_link = "") { return 403; }
- # if ($secure_link = "0") { return 410; }
- include cors.inc;
- sendfile off;
- aio on;
- mp4;
- mp4_buffer_size 10M;
- mp4_max_buffer_size 30M;
- expires 1y;
- add_header Cache-Control "public";
- # include hotlink.inc;
- }
- location ~ \.flv$ {
- add_header Access-Control-Allow-Origin *;
- if ($secure_link = "") { return 403; }
- if ($secure_link = "0") { return 410; }
- flv;
- expires 1y;
- add_header Cache-Control "public";
- include hotlink.inc;
- }
- }
Add Comment
Please, Sign In to add comment