Created
June 8, 2017 23:35
-
-
Save jgriessen/ab0a8b08aa6281812276e35c041a4e42 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| upstream ghost2_upstream { | |
| server 127.0.0.1:2369; | |
| keepalive 64; | |
| } | |
| server { | |
| listen 80; | |
| listen [::]:80; | |
| listen 443 ssl http2; | |
| server_name blog.example.com; | |
| access_log /var/log/blog.example.com.access.log; | |
| error_log /var/log/blog.example.com.error.log; | |
| ssl_certificate /etc/ssl/certs/example.fullchain.crt; | |
| ssl_certificate_key /etc/ssl/private/example.key; | |
| ssl_prefer_server_ciphers on; | |
| ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; | |
| ssl_session_tickets off; # Requires nginx >= 1.5.9 | |
| ssl_stapling on; # Requires nginx >= 1.3.7 | |
| ssl_stapling_verify on; # Requires nginx => 1.3.7 | |
| if ($scheme = http) { return 301 https://blog.example.com$request_uri; } | |
| if ($request_method !~ ^(GET|HEAD|POST|PUT|DELETE)$ ) { return 444; } | |
| if ($host != $server_name) { return 301 https://blog.example.com$request_uri; } | |
| location ~* \.(db|hbs|conf)$ { deny all; } | |
| location ~ /\. { deny all; } | |
| location ~ ~$ { deny all; } | |
| # Comment out if you wish to use files generated by Ghost blog | |
| location ~ ^/(sitemap\.xml|robots\.txt|favicon\.ico)$ { | |
| root /var/www/blog.example.com/public; | |
| access_log off; | |
| log_not_found off; | |
| } | |
| # Static files served directly by Nginx | |
| location ~ ^/assets/(img|js|css|fonts)/ { | |
| root /var/www/blog.example.com/content/themes/casper; | |
| expires 30d; | |
| access_log off; | |
| } | |
| location ~ ^/(img/|css/|lib/|vendor/|fonts/) { | |
| root /var/www/blog.example.com/core/client/assets; | |
| expires 30d; | |
| access_log off; | |
| } | |
| location ~ ^/content/images/ { | |
| root /var/www/blog.example.com; | |
| expires 30d; | |
| access_log off; | |
| } | |
| location ~ ^/(shared/|built/) { | |
| root /var/www/blog.example.com/core; | |
| expires 30d; | |
| access_log off; | |
| } | |
| location / { | |
| proxy_pass http://ghost2_upstream; | |
| proxy_redirect off; | |
| proxy_read_timeout 180s; | |
| proxy_set_header X-Real-IP $remote_addr; | |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| proxy_set_header X-Forwarded-Proto $scheme; | |
| proxy_set_header Host $http_host; | |
| proxy_set_header X-NginX-Proxy true; | |
| proxy_set_header Connection ""; | |
| proxy_pass_header X-CSRF-TOKEN; | |
| proxy_http_version 1.1; | |
| proxy_cache_key "$scheme$host$request_uri"; | |
| proxy_cache_valid 200 302 10m; | |
| proxy_cache_valid 404 1m; | |
| proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504; | |
| proxy_intercept_errors on; | |
| proxy_hide_header X-Powered-By; | |
| } | |
| location = /index.html { root html; internal; } | |
| error_page 500 502 503 504 /50x.html; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment