Last active
December 7, 2021 17:00
-
-
Save david-littlefield/bc62610d50b162b474c3f2fdcf3f8b06 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# sets user to default user for web server | |
user www-data; | |
# sets number of cpu cores to use | |
worker_processes auto; | |
# customizes how to handle connections | |
events { | |
# sets number of connections to use per cpu core | |
worker_connections 1024; | |
# uses efficient connection processing method | |
use epoll; | |
# sets worker processes to accept all connections | |
multi_accept on; | |
} | |
# customizes how to handle incoming http and https connections | |
http { | |
# sends data without first buffering it | |
sendfile on; | |
# sends data as soon as its available | |
tcp_nodelay on; | |
# sends optimal amounts of data at once | |
tcp_nopush on; | |
# sets time limitfor keep-alive connections | |
keepalive_timeout 300s; | |
# disables logging who accesses web server | |
access_log off; | |
# sets paths to ssl certificate, private key, and ca certificate | |
ssl_certificate /etc/letsencrypt/live/squidproquo.io/fullchain.pem; | |
ssl_certificate_key /etc/letsencrypt/live/squidproquo.io/privkey.pem; | |
ssl_trusted_certificate /etc/letsencrypt/live/squidproquo.io/chain.pem; | |
# sets ssl validation method to faster protocol | |
ssl_stapling on; | |
ssl_stapling_verify on; | |
# customizes ssl | |
ssl_dhparam /etc/nginx/dhparam.pem; | |
ssl_protocols TLSv1.2 TLSv1.3; | |
ssl_prefer_server_ciphers off; | |
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; | |
ssl_session_cache shared:ssl_cache:20m; | |
ssl_session_timeout 1d; | |
# distributes secure connections between specified web servers | |
upstream web_servers { | |
# sets ip address and port of web servers | |
server 173.255.209.233:80; | |
server 45.33.13.41:80; | |
} | |
# customizes how to handle insecure connections | |
server { | |
# specifies port | |
listen 80; | |
# sets server name to subdomain and domain | |
server_name www.squidproquo.io squidproquo.io; | |
# customizes how to handle insecure connections to letsencrypt-related directory | |
location /.well-known { | |
# sets path to root directory | |
root /var/www/html; | |
} | |
# customizes how to handle insecure connects to root directory | |
location / { | |
# sends insecure connections to domain | |
return 301 https://www.squidproquo.io$request_uri; | |
} | |
} | |
# customizes how to handle secure connections to domain | |
server { | |
# specifies port | |
listen 443 ssl http2; | |
# sets server name to domain | |
server_name squidproquo.io; | |
# sends secure connections to subdomain | |
return 301 https://www.squidproquo.io$request_uri; | |
} | |
# customizes how to handle secure connections to subdomain | |
server { | |
# specifies port, enables ssl, and enables http2 | |
listen 443 ssl http2; | |
# sets server name to subdomain | |
server_name www.squidproquo.io; | |
# customizes how to handle secure connects to root directory | |
location / { | |
# loads files with initial https request | |
http2_push /index.php; | |
http2_push /assets/css/bootstrap.css; | |
http2_push /assets/css/style.css; | |
http2_push /media/555/1.webp; | |
http2_push /media/555/2.webp; | |
http2_push /media/555/3.webp; | |
http2_push /media/555/4.webp; | |
http2_push /media/555/5.webp; | |
http2_push /media/555/6.webp; | |
# sends secure connections to upstream directive | |
proxy_pass http://web_servers/; | |
# customizes porxy | |
proxy_redirect off; | |
proxy_http_version 1.1; | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header Host $http_host; | |
proxy_set_header Upgrade $http_upgrade; | |
proxy_set_header Connection "upgrade"; | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment