/usr/local/nginx/conf/conf.d/yourdomain.com.ssl.conf
# Centmin Mod Getting Started Guide
# must read http://centminmod.com/getstarted.html
# For HTTP/2 SSL Setup
# read http://centminmod.com/nginx_configure_https_ssl_spdy.html
# redirect from www to non-www forced SSL
# uncomment, save file and restart Nginx to enable
# if unsure use return 302 before using return 301
# server {
# server_name yourdomain.com www.yourdomain.com;
# return 302 https://$server_name$request_uri;
# }
server {
listen 443 ssl http2;
server_name yourdomain.com www.yourdomain.com;
ssl_dhparam /usr/local/nginx/conf/ssl/yourdomain.com/dhparam.pem;
ssl_certificate /usr/local/nginx/conf/ssl/yourdomain.com/yourdomain.com.crt;
ssl_certificate_key /usr/local/nginx/conf/ssl/yourdomain.com/yourdomain.com.key;
include /usr/local/nginx/conf/ssl_include.conf;
# cloudflare authenticated origin pull cert community.centminmod.com/threads/13847/
#ssl_client_certificate /usr/local/nginx/conf/ssl/cloudflare/yourdomain.com/origin.crt;
#ssl_verify_client on;
# mozilla recommended
ssl_ciphers TLS13-AES-128-GCM-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
ssl_prefer_server_ciphers on;
#add_header Alternate-Protocol 443:npn-spdy/3;
# before enabling HSTS line below read centminmod.com/nginx_domain_dns_setup.html#hsts
#add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
#add_header X-Frame-Options SAMEORIGIN;
add_header X-Xss-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
#add_header Referrer-Policy "strict-origin-when-cross-origin";
#add_header Permissions-Policy "accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()";
#spdy_headers_comp 5;
ssl_buffer_size 1369;
ssl_session_tickets on;
# enable ocsp stapling
#resolver 8.8.8.8 8.8.4.4 1.1.1.1 1.0.0.1 valid=10m;
#resolver_timeout 10s;
#ssl_stapling on;
#ssl_stapling_verify on;
#ssl_trusted_certificate /usr/local/nginx/conf/ssl/yourdomain.com/yourdomain.com-trusted.crt;
# ngx_pagespeed & ngx_pagespeed handler
#include /usr/local/nginx/conf/pagespeed.conf;
#include /usr/local/nginx/conf/pagespeedhandler.conf;
#include /usr/local/nginx/conf/pagespeedstatslog.conf;
# limit_conn limit_per_ip 16;
# ssi on;
access_log /home/nginx/domains/yourdomain.com/log/access.log combined buffer=256k flush=5m;
error_log /home/nginx/domains/yourdomain.com/log/error.log;
include /usr/local/nginx/conf/autoprotect/yourdomain.com/autoprotect-yourdomain.com.conf;
root /home/nginx/domains/yourdomain.com/public;
# uncomment cloudflare.conf include if using cloudflare for
# server and/or vhost site
#include /usr/local/nginx/conf/cloudflare.conf;
include /usr/local/nginx/conf/503include-main.conf;
include /usr/local/nginx/conf/wpincludes/yourdomain.com/wpcacheenabler_yourdomain.com.conf;
#include /usr/local/nginx/conf/wpincludes/yourdomain.com/wpsupercache_yourdomain.com.conf;
# https://community.centminmod.com/posts/18828/
#include /usr/local/nginx/conf/wpincludes/yourdomain.com/rediscache_yourdomain.com.conf;
location / {
include /usr/local/nginx/conf/503include-only.conf;
# Enables directory listings when index file not found
#autoindex on;
# for wordpress super cache plugin
#try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php?q=$uri&$args;
# for wp cache enabler plugin
try_files $cache_enabler_uri_webp $cache_enabler_uri $uri $uri/ $custom_subdir/index.php?$args;
# Wordpress Permalinks
#try_files $uri $uri/ /index.php?q=$uri&$args;
# Nginx level redis Wordpress
# https://community.centminmod.com/posts/18828/
#try_files $uri $uri/ /index.php?$args;
}
location ~* /(wp-login\.php) {
limit_req zone=xwplogin burst=1 nodelay;
#limit_conn xwpconlimit 30;
#auth_basic "Private";
#auth_basic_user_file /home/nginx/domains/yourdomain.com/htpasswd_wplogin;
include /usr/local/nginx/conf/php-wpsc.conf;
# https://community.centminmod.com/posts/18828/
#include /usr/local/nginx/conf/php-rediscache.conf;
}
location ~* /(xmlrpc\.php) {
limit_req zone=xwprpc burst=45 nodelay;
#limit_conn xwpconlimit 30;
include /usr/local/nginx/conf/php-wpsc.conf;
# https://jetpack.com/support/hosting-faq/
include /usr/local/nginx/conf/jetpack_whitelist_ip.conf;
# https://community.centminmod.com/posts/18828/
#include /usr/local/nginx/conf/php-rediscache.conf;
}
location ~* /wp-admin/(load-scripts\.php) {
limit_req zone=xwprpc burst=5 nodelay;
#limit_conn xwpconlimit 30;
include /usr/local/nginx/conf/php-wpsc.conf;
# https://community.centminmod.com/posts/18828/
#include /usr/local/nginx/conf/php-rediscache.conf;
}
location ~* /wp-admin/(load-styles\.php) {
limit_req zone=xwprpc burst=5 nodelay;
#limit_conn xwpconlimit 30;
include /usr/local/nginx/conf/php-wpsc.conf;
# https://community.centminmod.com/posts/18828/
#include /usr/local/nginx/conf/php-rediscache.conf;
}
include /usr/local/nginx/conf/wpincludes/yourdomain.com/wpsecure_yourdomain.com.conf;
include /usr/local/nginx/conf/php-wpsc.conf;
# https://community.centminmod.com/posts/18828/
#include /usr/local/nginx/conf/php-rediscache.conf;
include /usr/local/nginx/conf/pre-staticfiles-local-yourdomain.com.conf;
include /usr/local/nginx/conf/pre-staticfiles-global.conf;
include /usr/local/nginx/conf/staticfiles.conf;
include /usr/local/nginx/conf/drop.conf;
#include /usr/local/nginx/conf/errorpage.conf;
include /usr/local/nginx/conf/vts_server.conf;
}