-
-
Save centminmod/5a69d472173fcf515e0bbaaa6278caa5 to your computer and use it in GitHub Desktop.
freescout.domain.com centminmod
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
`/usr/local/nginx/conf/conf.d/freescout.domain.com.ssl.conf` | |
``` | |
# Centmin Mod Getting Started Guide | |
# must read http://centminmod.com/getstarted.html | |
# For HTTP/2 SSL Setup | |
# read http://centminmod.com/nginx_configure_https_ssl_spdy.html | |
# redirect from www to non-www forced SSL | |
# uncomment, save file and restart Nginx to enable | |
# if unsure use return 302 before using return 301 | |
# server { | |
# listen 80; | |
# server_name freescout.domain.com www.freescout.domain.com; | |
# return 302 https://$server_name$request_uri; | |
# } | |
server { | |
listen 443 ssl http2 reuseport backlog=4095; | |
server_name freescout.domain.com www.freescout.domain.com; | |
ssl_dhparam /usr/local/nginx/conf/ssl/freescout.domain.com/dhparam.pem; | |
ssl_certificate /usr/local/nginx/conf/ssl/freescout.domain.com/freescout.domain.com.crt; | |
ssl_certificate_key /usr/local/nginx/conf/ssl/freescout.domain.com/freescout.domain.com.key; | |
include /usr/local/nginx/conf/ssl_include.conf; | |
# cloudflare authenticated origin pull cert community.centminmod.com/threads/13847/ | |
#ssl_client_certificate /usr/local/nginx/conf/ssl/cloudflare/freescout.domain.com/origin.crt; | |
#ssl_verify_client on; | |
http2_max_field_size 16k; | |
http2_max_header_size 32k; | |
# mozilla recommended | |
ssl_ciphers TLS13-AES-128-GCM-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS; | |
ssl_prefer_server_ciphers on; | |
#add_header Alternate-Protocol 443:npn-spdy/3; | |
# before enabling HSTS line below read centminmod.com/nginx_domain_dns_setup.html#hsts | |
#add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;"; | |
#add_header X-Frame-Options SAMEORIGIN; | |
add_header X-Xss-Protection "1; mode=block" always; | |
add_header X-Content-Type-Options "nosniff" always; | |
#add_header Referrer-Policy "strict-origin-when-cross-origin"; | |
#spdy_headers_comp 5; | |
ssl_buffer_size 1369; | |
ssl_session_tickets on; | |
# enable ocsp stapling | |
#resolver 8.8.8.8 8.8.4.4 valid=10m; | |
#resolver_timeout 10s; | |
#ssl_stapling on; | |
#ssl_stapling_verify on; | |
#ssl_trusted_certificate /usr/local/nginx/conf/ssl/freescout.domain.com/freescout.domain.com-trusted.crt; | |
# ngx_pagespeed & ngx_pagespeed handler | |
#include /usr/local/nginx/conf/pagespeed.conf; | |
#include /usr/local/nginx/conf/pagespeedhandler.conf; | |
#include /usr/local/nginx/conf/pagespeedstatslog.conf; | |
# limit_conn limit_per_ip 16; | |
# ssi on; | |
access_log /home/nginx/domains/freescout.domain.com/log/access.log combined buffer=256k flush=5m; | |
error_log /home/nginx/domains/freescout.domain.com/log/error.log; | |
include /usr/local/nginx/conf/autoprotect/freescout.domain.com/autoprotect-freescout.domain.com.conf; | |
root /home/nginx/domains/freescout.domain.com/public; | |
index index.php index.html; | |
# uncomment cloudflare.conf include if using cloudflare for | |
# server and/or vhost site | |
#include /usr/local/nginx/conf/cloudflare.conf; | |
include /usr/local/nginx/conf/503include-main.conf; | |
location / { | |
include /usr/local/nginx/conf/503include-only.conf; | |
# block common exploits, sql injections etc | |
#include /usr/local/nginx/conf/block.conf; | |
# Enables directory listings when index file not found | |
#autoindex on; | |
# Shows file listing times as local time | |
#autoindex_localtime on; | |
# Wordpress Permalinks example | |
#try_files $uri $uri/ /index.php?q=$uri&$args; | |
try_files $uri $uri/ /index.php?$query_string; | |
} | |
include /usr/local/nginx/conf/pre-staticfiles-local-freescout.domain.com.conf; | |
include /usr/local/nginx/conf/pre-staticfiles-global.conf; | |
include /usr/local/nginx/conf/staticfiles.conf; | |
include /usr/local/nginx/conf/php.conf; | |
# include /usr/local/nginx/conf/php-freescout.conf; | |
#include /usr/local/nginx/conf/drop.conf; | |
#include /usr/local/nginx/conf/errorpage.conf; | |
include /usr/local/nginx/conf/vts_server.conf; | |
} | |
``` |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment