bhargavmehta/Nginx conf Secret

## Nginx conf
server {
    # Listen on port 80 as well as post 443 for SSL connections.
    listen 80 default;
    listen 443  ssl;

    server_name cabletiesupply.com www.cabletiesupply.com;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
    # Specify path to your SSL certificates.
    # ssl_certificate /etc/nginx/ssl/cabletiesupply.crt;
    # ssl_certificate_key /etc/nginx/ssl/cabletiesupply.key;
    ssl_certificate /etc/ssl/certs/cabletiesupply.crt;
    ssl_certificate_key /etc/ssl/certs/cabletiesupply.key;


    # Path to the files in which you wish to
    # store your access and error logs.
    access_log /var/log/nginx/access_log;
    error_log /var/log/nginx/error_log;

    # If the site is accessed via mydomain.com
    # automatically redirect to www.mydomain.com.
    #if ($host = 'local.cabletiesupply.com' ) {
    #    rewrite ^/(.*)$ http://www.local.cabletiesupply.com/$1permanent;
    #}

    root /var/www/cabletiesupply.com/current;
    error_page 404 403 500 502 503 504 /index.php;

    location / {
if ($http_referer ~* "semalt\.com"){
    return 403;
    }
    if ($http_referer ~* "100dollars\-seo\.com"){
    return 403;
    }
    if ($http_referer ~* "best\-seo\-solution\.com"){
    return 403;
    }
    if ($http_referer ~* "buttons\-for\-your\-website\.com"){
    return 403;
    }
    if ($http_referer ~* "forum69\.info"){
    return 403;
    }
    if ($http_referer ~* "buttons\-for\-website\.com"){
    return 403;
    }
    if ($http_referer ~* "ranksonic\.com"){
    return 403;
    }
    if ($http_referer ~* "7makemoneyonline\.com"){
    return 403;
    }
    if ($http_referer ~* "sharebutton\.net"){
    return 403;
    }
    if ($http_referer ~* "sitevaluation\.org"){
    return 403;
    }
    if ($http_referer ~* "dailyrank\.net"){
    return 403;
    }
    if ($http_referer ~* "videos\-for\-your\-business\.com"){
    return 403;
    }
    if ($http_referer ~* "semaltmedia\.com"){
    return 403;
    }
    if ($http_referer ~* "best\-seo\-offer\.com"){
    return 403;
    }
        index index.html index.php;
        try_files $uri $uri/ @handler;
    }
  location ~* ^.+\.(css|js)$ {
        rewrite ^(.+)\.(\d+)\.(css|js)$ $1.$3 last;
        expires 31536000s;
        access_log off;
        log_not_found off;
        add_header Pragma public;
        add_header Cache-Control "max-age=31536000, public";
    }
    ##
    # Aggressive caching for static files
    # If you alter static files often, please use
    # add_header Cache-Control "max-age=31536000, public, must-revalidate, proxy-revalidate";
    ##
    location ~* \.(asf|asx|wax|wmv|wmx|avi|bmp|class|divx|doc|docx|eot|exe|gif|gz|gzip|ico|jpg|jpeg|jpe|mdb|mid|midi|mov|qt|mp3|m4a|mp4|m4v|mpeg|mpg|mpe|mpp|odb|odc|odf|odg|odp|ods|odt|ogg|ogv|otf|pdf|png|pot|pps|ppt|pptx|ra|ram|svg|svgz|swf|tar|t?gz|tif|tiff|ttf|wav|webm|wma|woff|wri|xla|xls|xlsx|xlt|xlw|zip)$ {
        expires 31536000s;
        access_log off;
        log_not_found off;
        add_header Pragma public;
        add_header Cache-Control "max-age=31536000, public";
    }

    location = /favicon.ico { log_not_found off; access_log off; allow all; }
    location = /robots.txt  { access_log off; log_not_found off; allow all; }
    # Deny access to specific directories no one
    # in particular needs access to anyways.
    location /app/ { deny all; }
    location /includes/ { deny all; }
    location /lib/ { deny all; }
    location /media/downloadable/ { deny all; }
    location /pkginfo/ { deny all; }
    location /report/config.xml { deny all; }
    location /var/ { deny all; }
   location /api {
    rewrite ^/api/rest /api.php?type=rest last;
    rewrite ^/api/v2_soap /api.php?type=v2_soap last;
    rewrite ^/api/soap /api.php?type=soap last;
    rewrite ^/api/xmlrpc /api.php?type=xmlrpc last;
  }
    # Allow only those who have a login name and password
    # to view the export folder. Refer to /etc/nginx/htpassword.
    #location /var/export/ {
    #    auth_basic "Restricted";
    #    auth_basic_user_file htpasswd;
    #    autoindex on;
    #}

    # Deny all attempts to access hidden files
    # such as .htaccess, .htpasswd, etc...
    location ~ /\. {
         deny all;
         access_log off;
         log_not_found off;
    }

    # This redirect is added so to use Magentos
    # common front handler when handling incoming URLs.
    location @handler {
        rewrite / /index.php;
    }

    # Forward paths such as /js/index.php/x.js
    # to their relevant handler.
    location ~ .php/ {
        rewrite ^(.*.php)/ $1 last;
    }

    # Handle the exectution of .php files.
    location ~ .php$ {
        if (!-e $request_filename) {
            rewrite / /index.php last;
        }
	expires off;
        fastcgi_read_timeout 600;
        try_files $uri =404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        fastcgi_pass unix:/var/run/php5-fpm.sock;
        fastcgi_index index.php;

 	fastcgi_buffer_size 128k;
        fastcgi_buffers 256 16k;
        fastcgi_busy_buffers_size 256k;
        fastcgi_temp_file_write_size 256k;


        include fastcgi_params;
       # expires off;
       # fastcgi_pass 127.0.0.1:9000;
       # fastcgi_param HTTPS $fastcgi_https;
       # fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
       # fastcgi_param MAGE_RUN_CODE default;
       # fastcgi_param MAGE_RUN_TYPE store;
       # include fastcgi_params;
    }
	gzip on;
	gzip_disable "msie6";

	gzip_comp_level 6;
	gzip_min_length 1100;
	gzip_buffers 16 8k;
	gzip_proxied any;
	gzip_types
	    text/plain
	    text/css
	    text/js
	    text/xml
	    text/javascript
	    application/javascript
	    application/x-javascript
	    application/json
	    application/xml
	    application/xml+rss;
}
	server {
	# Listen on port 80 as well as post 443 for SSL connections.
	listen 80 default;
	listen 443 ssl;

	server_name cabletiesupply.com www.cabletiesupply.com;

	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_prefer_server_ciphers on;
	ssl_session_cache shared:SSL:10m;
	ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
	# Specify path to your SSL certificates.
	# ssl_certificate /etc/nginx/ssl/cabletiesupply.crt;
	# ssl_certificate_key /etc/nginx/ssl/cabletiesupply.key;
	ssl_certificate /etc/ssl/certs/cabletiesupply.crt;
	ssl_certificate_key /etc/ssl/certs/cabletiesupply.key;


	# Path to the files in which you wish to
	# store your access and error logs.
	access_log /var/log/nginx/access_log;
	error_log /var/log/nginx/error_log;

	# If the site is accessed via mydomain.com
	# automatically redirect to www.mydomain.com.
	#if ($host = 'local.cabletiesupply.com' ) {
	# rewrite ^/(.*)$ http://www.local.cabletiesupply.com/$1permanent;
	#}

	root /var/www/cabletiesupply.com/current;
	error_page 404 403 500 502 503 504 /index.php;

	location / {
	if ($http_referer ~* "semalt\.com"){
	return 403;
	}
	if ($http_referer ~* "100dollars\-seo\.com"){
	return 403;
	}
	if ($http_referer ~* "best\-seo\-solution\.com"){
	return 403;
	}
	if ($http_referer ~* "buttons\-for\-your\-website\.com"){
	return 403;
	}
	if ($http_referer ~* "forum69\.info"){
	return 403;
	}
	if ($http_referer ~* "buttons\-for\-website\.com"){
	return 403;
	}
	if ($http_referer ~* "ranksonic\.com"){
	return 403;
	}
	if ($http_referer ~* "7makemoneyonline\.com"){
	return 403;
	}
	if ($http_referer ~* "sharebutton\.net"){
	return 403;
	}
	if ($http_referer ~* "sitevaluation\.org"){
	return 403;
	}
	if ($http_referer ~* "dailyrank\.net"){
	return 403;
	}
	if ($http_referer ~* "videos\-for\-your\-business\.com"){
	return 403;
	}
	if ($http_referer ~* "semaltmedia\.com"){
	return 403;
	}
	if ($http_referer ~* "best\-seo\-offer\.com"){
	return 403;
	}
	index index.html index.php;
	try_files $uri $uri/ @handler;
	}
	location ~* ^.+\.(css\|js)$ {
	rewrite ^(.+)\.(\d+)\.(css\|js)$ $1.$3 last;
	expires 31536000s;
	access_log off;
	log_not_found off;
	add_header Pragma public;
	add_header Cache-Control "max-age=31536000, public";
	}
	##
	# Aggressive caching for static files
	# If you alter static files often, please use
	# add_header Cache-Control "max-age=31536000, public, must-revalidate, proxy-revalidate";
	##
	location ~* \.(asf\|asx\|wax\|wmv\|wmx\|avi\|bmp\|class\|divx\|doc\|docx\|eot\|exe\|gif\|gz\|gzip\|ico\|jpg\|jpeg\|jpe\|mdb\|mid\|midi\|mov\|qt\|mp3\|m4a\|mp4\|m4v\|mpeg\|mpg\|mpe\|mpp\|odb\|odc\|odf\|odg\|odp\|ods\|odt\|ogg\|ogv\|otf\|pdf\|png\|pot\|pps\|ppt\|pptx\|ra\|ram\|svg\|svgz\|swf\|tar\|t?gz\|tif\|tiff\|ttf\|wav\|webm\|wma\|woff\|wri\|xla\|xls\|xlsx\|xlt\|xlw\|zip)$ {
	expires 31536000s;
	access_log off;
	log_not_found off;
	add_header Pragma public;
	add_header Cache-Control "max-age=31536000, public";
	}

	location = /favicon.ico { log_not_found off; access_log off; allow all; }
	location = /robots.txt { access_log off; log_not_found off; allow all; }
	# Deny access to specific directories no one
	# in particular needs access to anyways.
	location /app/ { deny all; }
	location /includes/ { deny all; }
	location /lib/ { deny all; }
	location /media/downloadable/ { deny all; }
	location /pkginfo/ { deny all; }
	location /report/config.xml { deny all; }
	location /var/ { deny all; }
	location /api {
	rewrite ^/api/rest /api.php?type=rest last;
	rewrite ^/api/v2_soap /api.php?type=v2_soap last;
	rewrite ^/api/soap /api.php?type=soap last;
	rewrite ^/api/xmlrpc /api.php?type=xmlrpc last;
	}
	# Allow only those who have a login name and password
	# to view the export folder. Refer to /etc/nginx/htpassword.
	#location /var/export/ {
	# auth_basic "Restricted";
	# auth_basic_user_file htpasswd;
	# autoindex on;
	#}

	# Deny all attempts to access hidden files
	# such as .htaccess, .htpasswd, etc...
	location ~ /\. {
	deny all;
	access_log off;
	log_not_found off;
	}

	# This redirect is added so to use Magentos
	# common front handler when handling incoming URLs.
	location @handler {
	rewrite / /index.php;
	}

	# Forward paths such as /js/index.php/x.js
	# to their relevant handler.
	location ~ .php/ {
	rewrite ^(.*.php)/ $1 last;
	}

	# Handle the exectution of .php files.
	location ~ .php$ {
	if (!-e $request_filename) {
	rewrite / /index.php last;
	}
	expires off;
	fastcgi_read_timeout 600;
	try_files $uri =404;
	fastcgi_split_path_info ^(.+\.php)(/.+)$;
	fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
	fastcgi_pass unix:/var/run/php5-fpm.sock;
	fastcgi_index index.php;

	fastcgi_buffer_size 128k;
	fastcgi_buffers 256 16k;
	fastcgi_busy_buffers_size 256k;
	fastcgi_temp_file_write_size 256k;


	include fastcgi_params;
	# expires off;
	# fastcgi_pass 127.0.0.1:9000;
	# fastcgi_param HTTPS $fastcgi_https;
	# fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
	# fastcgi_param MAGE_RUN_CODE default;
	# fastcgi_param MAGE_RUN_TYPE store;
	# include fastcgi_params;
	}
	gzip on;
	gzip_disable "msie6";

	gzip_comp_level 6;
	gzip_min_length 1100;
	gzip_buffers 16 8k;
	gzip_proxied any;
	gzip_types
	text/plain
	text/css
	text/js
	text/xml
	text/javascript
	application/javascript
	application/x-javascript
	application/json
	application/xml
	application/xml+rss;
	}