Skip to content

Instantly share code, notes, and snippets.

@akiraaisha

akiraaisha/nginx.conf

Last active October 8, 2018 03:24
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save akiraaisha/043c1663b29ffaf1c9421f0bdc33b2c1 to your computer and use it in GitHub Desktop.
Save akiraaisha/043c1663b29ffaf1c9421f0bdc33b2c1 to your computer and use it in GitHub Desktop.
Download ZIP
NGINX working config
Raw
nginx.conf
#user nobody;
worker_processes auto;
error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
pid logs/nginx.pid;
events {
worker_connections 1024;
accept_mutex off;
}
http {
include mime.types;
default_type application/octet-stream;
server_tokens off;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
access_log off;
sendfile on;
sendfile_max_chunk 512k;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
server_names_hash_bucket_size 128;
#gzip on;
#gzip_comp_level 9;
#gzip_min_length 256;
server {
server_name julian.fufufu.moe;
resolver 1.1.1.1 1.0.0.1 valid=300s;
resolver_timeout 5s;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Content-Security-Policy "default-src '*'";
#REDIRECTS TO HTTPS
return 301 https://xn--julian-204eg.xn--cnqxyh92cdj7al4gr4w.hk$request_uri;
rewrite ^ https://xn--julian-204eg.xn--cnqxyh92cdj7al4gr4w.hk$request_uri permanent;
return 200 https://xn--julian-204eg.xn--cnqxyh92cdj7al4gr4w.hk$request_uri;
listen 80 default_server;
#index index.php;
#root html\blog\public;
#root html/DVWA;
#charset koi8-r;
#access_log logs/host.access.log main;
#location / {
# #root html/blog/public;
# root html/test;
# #index index.php;
# index $uri $uri/ /index.php?$query_string;
#}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
root html/blog/public;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $fastcgi_script_name;
include fastcgi.conf;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
server {
listen 80;
server_name xn--julian-204eg.xn--cnqxyh92cdj7al4gr4w.hk;
index fsafx.html;
root html\test;
return 301 https://$server_name$request_uri;
location / {
root html\blog\public;
index index.php;
}
location ~ \.php$ {
root html\blog\public;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
include fastcgi.conf;
}
}
# HTTPS server
#
server {
#GZIP Config
gzip on;
gzip_min_length 100;
gzip_comp_level 6;
gzip_proxied any;
#return 301 https://$server_name$request_uri;
listen 443 ssl http2 default_server;
server_name xn--julian-204eg.xn--cnqxyh92cdj7al4gr4w.hk;
##REDIRECTS TO SITE
#rewrite ^/(.*)$ http://xn--julian-204eg.xn--cnqxyh92cdj7al4gr4w.hk/$1 permanent;
index index.php;
root html\dvwa;
if ($host = "julian.fufufu.moe") {
return 301 https://xn--julian-204eg.xn--cnqxyh92cdj7al4gr4w.hk$request_uri?;
}
ssl_dhparam dhparam-4096.pem;
ssl_certificate domain.crt;
ssl_certificate_key domain.key;
ssl_trusted_certificate isrg-root-ocsp-x1.pem;
ssl_prefer_server_ciphers on;
#ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
#ssl_ciphers TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:EECDH+AESGCM+256:EDH+AESGCM:AES256+EECDH:AES256+EDH:!CBC:!AES128;
##TEST CIPHERS
ssl_ciphers ECDH+AESGCM256:DH+AESGCM256:ECDH+AES256:DH+AES256:!aNULL:!MD5:!DSS:!eNULL:!ADH:!EXP:!LOW:!PSK:!SRP:!RC4;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_protocols TLSv1.2;
#ssl_protocols TLSv1.3;
ssl_stapling on;
ssl_stapling_verify on;
ssl_ecdh_curve secp521r1:secp384r1:prime256v1;
resolver 1.1.1.1 1.0.0.1 valid=300s;
resolver_timeout 5s;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Public-Key-Pins 'pin-sha256="//A4EzlGuBjTz75dGk8hPAPCYa6T++LzWAQX/sK0gaA="; pin-sha256="YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg="; pin-sha256="Vjs8r4z+80wjNcr1YKepWQboSIRi63WsWXhIMN+eWys="; pin-sha256="jOkxvTvaEElm/XzISE21rSkLyOKzrDs5+ojzYFnNsTA="; max-age=5184000; includeSubDomains' always;
add_header 'Referrer-Policy' 'origin';
add_header Content-Security-Policy "default-src * 'unsafe-inline' ; script-src * 'unsafe-inline' ; style-src * 'unsafe-inline' ; img-src * ; font-src * ; media-src * ; object-src * ; child-src * ; frame-src * ; worker-src *" ;
location /animes {
alias D:/movies;
autoindex on;
mp4;
sendfile on;
tcp_nopush on;
autoindex_exact_size off;
autoindex_format html;
}
location /animes2 {
alias G:/movies;
autoindex on;
mp4;
sendfile on;
tcp_nopush on;
autoindex_exact_size off;
autoindex_format html;
}
location /ICT-1-1N {
alias html\ICT-1-1N;
index index.html;
}
location ~ \.php$ {
root html\dvwa;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
include fastcgi.conf;
}
location ~ \.php$ {
root html\ICT-1-1N;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
include fastcgi.conf;
}
#location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ {
# expires 2d;
# access_log off;
# add_header Cache-Control "public";
#}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment