|
# /usr/local/nginx/conf/conf.d/nginxbench.domain.com.ssl.conf |
|
#x# HTTPS-DEFAULT |
|
server { |
|
|
|
server_name nginxbench.domain.com www.nginxbench.domain.com; |
|
return 302 https://$server_name$request_uri; |
|
include /usr/local/nginx/conf/staticfiles.conf; |
|
} |
|
|
|
# server_name nginxbench.domain.com www.nginxbench.domain.com; |
|
|
|
server { |
|
listen 443 ssl http2; |
|
server_name nginxbench.domain.com www.nginxbench.domain.com; |
|
|
|
include /usr/local/nginx/conf/ssl/nginxbench.domain.com/nginxbench.domain.com.crt.key.conf; |
|
include /usr/local/nginx/conf/ssl_include.conf; |
|
|
|
http2_max_field_size 16k; |
|
http2_max_header_size 32k; |
|
# mozilla recommended |
|
#ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS; |
|
|
|
ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS; |
|
ssl_prefer_server_ciphers on; |
|
#add_header Alternate-Protocol 443:npn-spdy/3; |
|
|
|
# before enabling HSTS line below read centminmod.com/nginx_domain_dns_setup.html#hsts |
|
#add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;"; |
|
add_header X-Frame-Options SAMEORIGIN; |
|
add_header X-Xss-Protection "1; mode=block" always; |
|
add_header X-Content-Type-Options "nosniff" always; |
|
#spdy_headers_comp 5; |
|
ssl_buffer_size 1369; |
|
ssl_session_tickets on; |
|
|
|
# enable ocsp stapling |
|
resolver 8.8.8.8 8.8.4.4 valid=10m; |
|
resolver_timeout 10s; |
|
ssl_stapling on; |
|
ssl_stapling_verify on; |
|
|
|
# ngx_pagespeed & ngx_pagespeed handler |
|
#include /usr/local/nginx/conf/pagespeed.conf; |
|
#include /usr/local/nginx/conf/pagespeedhandler.conf; |
|
#include /usr/local/nginx/conf/pagespeedstatslog.conf; |
|
|
|
# limit_conn limit_per_ip 16; |
|
# ssi on; |
|
|
|
access_log /home/nginx/domains/nginxbench.domain.com/log/access.log combined buffer=256k flush=5m; |
|
error_log /home/nginx/domains/nginxbench.domain.com/log/error.log; |
|
|
|
include /usr/local/nginx/conf/autoprotect/nginxbench.domain.com/autoprotect-nginxbench.domain.com.conf; |
|
root /home/nginx/domains/nginxbench.domain.com/public; |
|
# uncomment cloudflare.conf include if using cloudflare for |
|
# server and/or vhost site |
|
#include /usr/local/nginx/conf/cloudflare.conf; |
|
include /usr/local/nginx/conf/503include-main.conf; |
|
|
|
location / { |
|
include /usr/local/nginx/conf/503include-only.conf; |
|
|
|
# block common exploits, sql injections etc |
|
#include /usr/local/nginx/conf/block.conf; |
|
|
|
# Enables directory listings when index file not found |
|
#autoindex on; |
|
|
|
# Shows file listing times as local time |
|
#autoindex_localtime on; |
|
|
|
# Wordpress Permalinks example |
|
#try_files $uri $uri/ /index.php?q=$uri&$args; |
|
|
|
} |
|
|
|
include /usr/local/nginx/conf/pre-staticfiles-local-nginxbench.domain.com.conf; |
|
include /usr/local/nginx/conf/pre-staticfiles-global.conf; |
|
include /usr/local/nginx/conf/staticfiles.conf; |
|
include /usr/local/nginx/conf/php.conf; |
|
|
|
include /usr/local/nginx/conf/drop.conf; |
|
#include /usr/local/nginx/conf/errorpage.conf; |
|
include /usr/local/nginx/conf/vts_server.conf; |
|
} |