Skip to content

Instantly share code, notes, and snippets.

@centminmod
Created May 17, 2014 08:46
Show Gist options
  • Save centminmod/9b96b0f8d114d8ca94be to your computer and use it in GitHub Desktop.
Save centminmod/9b96b0f8d114d8ca94be to your computer and use it in GitHub Desktop.
current https://blog.centminmod.com Nginx vhost with Wordpress fastcgi_cache http://centminmod.com/nginx_configure_wordpress.html and SSL/Google SPDY http://centminmod.com/nginx_configure_https_ssl_spdy.html from centminmod.com
server {
server_name blog.centminmod.com www.blog.centminmod.com;
return 301 https://$server_name$request_uri;
}
# https SSL SPDY vhost
server {
listen 443 ssl spdy;
server_name blog.centminmod.com;
ssl_certificate /usr/local/nginx/conf/ssl/centminmod.comwild/centminmod-unified.crt;
ssl_certificate_key /usr/local/nginx/conf/ssl/centminmod.comwild/centminmod.com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_session_cache shared:SSL:40m;
ssl_session_timeout 10m;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!kEDH:!DSS:!CAMELLIA:!EXPORT:!SEED:!RC4;
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
add_header Alternate-Protocol 443:npn-spdy/3;
# nginx 1.5.9+ or higher
# http://nginx.org/en/docs/http/ngx_http_spdy_module.html#spdy_headers_comp
# http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_buffer_size
spdy_headers_comp 5;
ssl_buffer_size 4000;
ssl_session_tickets on;
# enable ocsp stapling
resolver 8.8.8.8 8.8.4.4 valid=10m;
resolver_timeout 10s;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /usr/local/nginx/conf/ssl/centminmod.comwild/centminmod-trusted2.crt;
access_log /home/nginx/domains/blog.centminmod.com/log/access.log time_combined buffer=32k;
error_log /home/nginx/domains/blog.centminmod.com/log/error.log;
root /home/nginx/domains/blog.centminmod.com/public;
# ngx_pagespeed & ngx_pagespeed handler
include /usr/local/nginx/conf/pagespeed.conf;
include /usr/local/nginx/conf/pagespeedhandler.conf;
include /usr/local/nginx/conf/pagespeedstatslog.conf;
location / {
include /usr/local/nginx/conf/wpsecure.conf;
include /usr/local/nginx/conf/wpcache.conf;
try_files $uri $uri/ /index.php?q=$request_uri;
}
# nocached admin with own ip restricted access
location /wp-admin {
allow myip;
deny all;
include /usr/local/nginx/conf/php.conf;
}
include /usr/local/nginx/conf/staticfiles.conf;
include /usr/local/nginx/conf/phpwpcache.conf;
include /usr/local/nginx/conf/drop.conf;
include /usr/local/nginx/conf/errorpage.conf;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment