melvinsh/melvin.sh.conf

## melvin.sh.conf
server {
    listen 80;
    listen [::]:80;

    server_name melvin.sh www.melvin.sh melvinlammerts.nl www.melvinlammerts.nl;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    root /srv/melvin.sh/public_html;

    index index.html;

    server_name melvin.sh www.melvin.sh;

    location / {
        try_files $uri $uri/ =404;
    }
    ssl_certificate      /etc/letsencrypt/live/melvin.sh/fullchain.pem;
    ssl_certificate_key  /etc/letsencrypt/live/melvin.sh/privkey.pem;

    gzip off;

    ssl_dhparam /etc/ssl/dhparam.pem;

    ssl_protocols TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256;
    ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
    ssl_session_cache shared:SSL:10m;
    ssl_session_tickets off; # Requires nginx >= 1.5.9
    ssl_stapling on; # Requires nginx >= 1.3.7
    ssl_stapling_verify on; # Requires nginx => 1.3.7
    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
    add_header X-Frame-Options DENY;
    add_header X-Content-Type-Options nosniff;
    add_header X-Xss-Protection "1; mode=block" always;
    #add_header Content-Security-Policy "default-src 'none'; style-src fonts.googleapis.com 'unsafe-inline'; font-src fonts.gstatic.com";
    add_header X-Mission "To boldly go where no man has gone before!";
    add_header X-XSS-Everything "'>\"><img src=x onerror=alert('Hello from melvin.sh')>";
}
	server {
	listen 80;
	listen [::]:80;

	server_name melvin.sh www.melvin.sh melvinlammerts.nl www.melvinlammerts.nl;
	return 301 https://$host$request_uri;
	}

	server {
	listen 443 ssl http2;
	listen [::]:443 ssl http2;

	root /srv/melvin.sh/public_html;

	index index.html;

	server_name melvin.sh www.melvin.sh;

	location / {
	try_files $uri $uri/ =404;
	}
	ssl_certificate /etc/letsencrypt/live/melvin.sh/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/melvin.sh/privkey.pem;

	gzip off;

	ssl_dhparam /etc/ssl/dhparam.pem;

	ssl_protocols TLSv1.2;
	ssl_prefer_server_ciphers on;
	ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256;
	ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
	ssl_session_cache shared:SSL:10m;
	ssl_session_tickets off; # Requires nginx >= 1.5.9
	ssl_stapling on; # Requires nginx >= 1.3.7
	ssl_stapling_verify on; # Requires nginx => 1.3.7
	add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
	add_header X-Frame-Options DENY;
	add_header X-Content-Type-Options nosniff;
	add_header X-Xss-Protection "1; mode=block" always;
	#add_header Content-Security-Policy "default-src 'none'; style-src fonts.googleapis.com 'unsafe-inline'; font-src fonts.gstatic.com";
	add_header X-Mission "To boldly go where no man has gone before!";
	add_header X-XSS-Everything "'>\"><img src=x onerror=alert('Hello from melvin.sh')>";
	}