server { listen 443 ssl http2; server_name www.chiasebanquyen.com; # S

1. server {
2. listen 443 ssl http2;
3. server_name www.chiasebanquyen.com;
4.  
5. # SSL
6. ssl_certificate /etc/letsencrypt/live/chiasebanquyen.com/fullchain.pem;
7. ssl_certificate_key /etc/letsencrypt/live/chiasebanquyen.com/privkey.pem;
8. ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
9. ssl_prefer_server_ciphers on;
10. ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
11. rewrite ^(.*) https://chiasebanquyen.com$1 permanent;
12. }
13. server {
14. listen 80;
15.  
16. server_name chiasebanquyen.com www.chiasebanquyen.com;
17. # SSL
18. ssl_certificate /etc/letsencrypt/live/chiasebanquyen.com/fullchain.pem;
19. ssl_certificate_key /etc/letsencrypt/live/chiasebanquyen.com/privkey.pem;
20. ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
21. ssl_prefer_server_ciphers on;
22. ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
23.  
24. # Improve HTTPS performance with session resumption
25. ssl_session_cache shared:SSL:50m;
26. ssl_session_timeout 1d;
27.  
28. # DH parameters
29. ssl_dhparam /etc/nginx/ssl/dhparam.pem;
30. # Enable HSTS
31. add_header Strict-Transport-Security "max-age=31536000" always;
32.  
33. rewrite ^(.*) https://chiasebanquyen.com$1 permanent;
34. }
35. server {
36. listen 443 ssl http2;
37.  
38. # access_log off;
39. access_log /home/chiasebanquyen.com/logs/access.log;
40. # error_log off;
41. error_log /home/chiasebanquyen.com/logs/error.log;
42.  
43. root /home/chiasebanquyen.com/public_html;
44. index index.php index.html index.htm;
45. server_name chiasebanquyen.com;
46.  
47. location / {
48. try_files $uri $uri/ /index.php?$args;
49. }
50.  
51. # Custom configuration
52. include /home/chiasebanquyen.com/public_html/*.conf;
53.  
54. location ~ \.php$ {
55. fastcgi_split_path_info ^(.+\.php)(/.+)$;
56. include /etc/nginx/fastcgi_params;
57. fastcgi_pass 127.0.0.1:9000;
58. fastcgi_index index.php;
59. fastcgi_connect_timeout 1000;
60. fastcgi_send_timeout 1000;
61. fastcgi_read_timeout 1000;
62. fastcgi_buffer_size 256k;
63. fastcgi_buffers 4 256k;
64. fastcgi_busy_buffers_size 256k;
65. fastcgi_temp_file_write_size 256k;
66. fastcgi_intercept_errors on;
67. fastcgi_param SCRIPT_FILENAME /home/chiasebanquyen.com/public_html$fastcgi_script_name;
68. }
69. location /nginx_status {
70. stub_status on;
71. access_log off;
72. allow 127.0.0.1;
73. deny all;
74. }
75. location /php_status {
76. fastcgi_pass 127.0.0.1:9000;
77. fastcgi_index index.php;
78. fastcgi_param SCRIPT_FILENAME /home/chiasebanquyen.com/public_html$fastcgi_script_name;
79. include /etc/nginx/fastcgi_params;
80. allow 127.0.0.1;
81. deny all;
82. }
83. location ~ /\. {
84. deny all;
85. }
86. location = /favicon.ico {
87. log_not_found off;
88. access_log off;
89. }
90. location = /robots.txt {
91. allow all;
92. log_not_found off;
93. access_log off;
94. }
95. location ~* \.(3gp|gif|jpg|jpeg|png|ico|wmv|avi|asf|asx|mpg|mpeg|mp4|pls|mp3|mid|wav|swf|flv|exe|zip|tar|rar|gz|tgz|bz2|uha|7z|doc|docx|xls|xlsx|pdf|iso|eot|svg|ttf|woff)$ {
96. gzip_static off;
97. add_header Pragma public;
98. add_header Cache-Control "public, must-revalidate, proxy-revalidate";
99. access_log off;
100. expires 30d;
101. break;
102. }
103.  
104. location ~* \.(txt|js|css)$ {
105. add_header Pragma public;
106. add_header Cache-Control "public, must-revalidate, proxy-revalidate";
107. access_log off;
108. expires 30d;
109. break;
110. }
111. }
112.  
113. server {
114. listen 2313;
115.  
116. access_log off;
117. log_not_found off;
118. error_log /home/chiasebanquyen.com/logs/nginx_error.log;
119.  
120. root /home/chiasebanquyen.com/private_html;
121. index index.php index.html index.htm;
122. server_name chiasebanquyen.com;
123.  
124. error_page 497 https://$host:2313$request_uri;
125. # SSL
126. ssl_certificate /etc/letsencrypt/live/chiasebanquyen.com/fullchain.pem;
127. ssl_certificate_key /etc/letsencrypt/live/chiasebanquyen.com/privkey.pem;
128. ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
129. ssl_prefer_server_ciphers on;
130. ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
131.  
132. auth_basic "Restricted";
133. auth_basic_user_file /home/chiasebanquyen.com/private_html/hocvps/.htpasswd;
134.  
135. location / {
136. try_files $uri $uri/ /index.php;
137. }
138. location ~ \.php$ {
139. fastcgi_split_path_info ^(.+\.php)(/.+)$;
140. include /etc/nginx/fastcgi_params;
141. fastcgi_pass 127.0.0.1:9000;
142. fastcgi_index index.php;
143. fastcgi_connect_timeout 1000;
144. fastcgi_send_timeout 1000;
145. fastcgi_read_timeout 1000;
146. fastcgi_buffer_size 256k;
147. fastcgi_buffers 4 256k;
148. fastcgi_busy_buffers_size 256k;
149. fastcgi_temp_file_write_size 256k;
150. fastcgi_intercept_errors on;
151. fastcgi_param SCRIPT_FILENAME /home/chiasebanquyen.com/private_html$fastcgi_script_name;
152. }
153.  
154. location ~ /\. {
155. deny all;
156. }
157. }