david-littlefield/nginx_http.conf

## nginx_http.conf
# sets user to default user for web server
user www-data;

# sets number of cpu cores to use
worker_processes auto;

# customizes how to handle connections
events {

    # sets number of connections to use per cpu core
    worker_connections 1024;

    # uses efficient connection processing method
    use epoll;

    # sets worker processes to accept all connections
    multi_accept on;

}

# customizes how to handle incoming http and https connections
http {

    # sends data without first buffering it
    sendfile on;

    # sends data as soon as its available
    tcp_nodelay on;

    # sends optimal amounts of data at once
    tcp_nopush on;

    # sets time limitfor keep-alive connections
    keepalive_timeout 300s;

    # disables logging who accesses web server
    access_log off;

    # sets paths to ssl certificate, private key, and ca certificate
    ssl_certificate /etc/letsencrypt/live/squidproquo.io/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/squidproquo.io/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/squidproquo.io/chain.pem;

    # sets ssl validation method to faster protocol
    ssl_stapling on;
    ssl_stapling_verify on;

    # customizes ssl
    ssl_dhparam /etc/nginx/dhparam.pem;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers off;
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
    ssl_session_cache shared:ssl_cache:20m;
    ssl_session_timeout 1d;

    # distributes secure connections between specified web servers
    upstream web_servers {

        # sets ip address and port of web servers
        server 173.255.209.233:80;
        server 45.33.13.41:80;

    }

    # customizes how to handle insecure connections
    server {

        # specifies port
        listen 80;

        # sets server name to subdomain and domain
        server_name www.squidproquo.io squidproquo.io;

        # customizes how to handle insecure connections to letsencrypt-related directory
        location /.well-known {

            # sets path to root directory
            root /var/www/html;

        }

        # customizes how to handle insecure connects to root directory
        location / {

            # sends insecure connections to domain
            return 301 https://www.squidproquo.io$request_uri;

        }

    }

    # customizes how to handle secure connections to domain
    server {

        # specifies port
        listen 443 ssl http2;

        # sets server name to domain
        server_name squidproquo.io;

        # sends secure connections to subdomain
        return 301 https://www.squidproquo.io$request_uri;

    }

    # customizes how to handle secure connections to subdomain
    server {

        # specifies port, enables ssl, and enables http2
        listen 443 ssl http2;

        # sets server name to subdomain
        server_name www.squidproquo.io;

        # customizes how to handle secure connects to root directory
        location / {

            # loads files with initial https request
            http2_push /index.php;
            http2_push /assets/css/bootstrap.css;
            http2_push /assets/css/style.css;
            http2_push /media/555/1.webp;
            http2_push /media/555/2.webp;
            http2_push /media/555/3.webp;
            http2_push /media/555/4.webp;
            http2_push /media/555/5.webp;
            http2_push /media/555/6.webp;

            # sends secure connections to upstream directive
            proxy_pass http://web_servers/;

            # customizes porxy
            proxy_redirect off;
            proxy_http_version 1.1;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Host $http_host;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";

        }

    }

}
	# sets user to default user for web server
	user www-data;

	# sets number of cpu cores to use
	worker_processes auto;

	# customizes how to handle connections
	events {

	# sets number of connections to use per cpu core
	worker_connections 1024;

	# uses efficient connection processing method
	use epoll;

	# sets worker processes to accept all connections
	multi_accept on;

	}

	# customizes how to handle incoming http and https connections
	http {

	# sends data without first buffering it
	sendfile on;

	# sends data as soon as its available
	tcp_nodelay on;

	# sends optimal amounts of data at once
	tcp_nopush on;

	# sets time limitfor keep-alive connections
	keepalive_timeout 300s;

	# disables logging who accesses web server
	access_log off;

	# sets paths to ssl certificate, private key, and ca certificate
	ssl_certificate /etc/letsencrypt/live/squidproquo.io/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/squidproquo.io/privkey.pem;
	ssl_trusted_certificate /etc/letsencrypt/live/squidproquo.io/chain.pem;

	# sets ssl validation method to faster protocol
	ssl_stapling on;
	ssl_stapling_verify on;

	# customizes ssl
	ssl_dhparam /etc/nginx/dhparam.pem;
	ssl_protocols TLSv1.2 TLSv1.3;
	ssl_prefer_server_ciphers off;
	ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
	ssl_session_cache shared:ssl_cache:20m;
	ssl_session_timeout 1d;

	# distributes secure connections between specified web servers
	upstream web_servers {

	# sets ip address and port of web servers
	server 173.255.209.233:80;
	server 45.33.13.41:80;

	}

	# customizes how to handle insecure connections
	server {

	# specifies port
	listen 80;

	# sets server name to subdomain and domain
	server_name www.squidproquo.io squidproquo.io;

	# customizes how to handle insecure connections to letsencrypt-related directory
	location /.well-known {

	# sets path to root directory
	root /var/www/html;

	}

	# customizes how to handle insecure connects to root directory
	location / {

	# sends insecure connections to domain
	return 301 https://www.squidproquo.io$request_uri;

	}

	}

	# customizes how to handle secure connections to domain
	server {

	# specifies port
	listen 443 ssl http2;

	# sets server name to domain
	server_name squidproquo.io;

	# sends secure connections to subdomain
	return 301 https://www.squidproquo.io$request_uri;

	}

	# customizes how to handle secure connections to subdomain
	server {

	# specifies port, enables ssl, and enables http2
	listen 443 ssl http2;

	# sets server name to subdomain
	server_name www.squidproquo.io;

	# customizes how to handle secure connects to root directory
	location / {

	# loads files with initial https request
	http2_push /index.php;
	http2_push /assets/css/bootstrap.css;
	http2_push /assets/css/style.css;
	http2_push /media/555/1.webp;
	http2_push /media/555/2.webp;
	http2_push /media/555/3.webp;
	http2_push /media/555/4.webp;
	http2_push /media/555/5.webp;
	http2_push /media/555/6.webp;

	# sends secure connections to upstream directive
	proxy_pass http://web_servers/;

	# customizes porxy
	proxy_redirect off;
	proxy_http_version 1.1;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header Host $http_host;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection "upgrade";

	}

	}

	}