Skip to content

Instantly share code, notes, and snippets.

@mrzlodey

mrzlodey/domain.conf

Created August 20, 2015 08:19
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save mrzlodey/1871b8cbc978fa481ba8 to your computer and use it in GitHub Desktop.
Save mrzlodey/1871b8cbc978fa481ba8 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
domain.conf
server {
ssl_certificate /etc/nginx/ssl/domain.pem;
ssl_certificate_key /etc/nginx/ssl/domain.key;
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
keepalive_timeout 70;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DES";
resolver 8.8.8.8 [2001:4860:4860::8888];
ssl_stapling on;
ssl_trusted_certificate /etc/nginx/ssl/ca.pem;
listen 443 deferred spdy ssl;
listen [::]:443 deferred spdy ssl ipv6only=on;
server_name domain.net;
root /www/public;
index index.html;
add_header Strict-Transport-Security max-age=31536000 always;
add_header X-Frame-Options DENY;
add_header Public-Key-Pins 'pin-sha256="base64+info1="; max-age=31536000' always;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
location ~ /{favicon.ico|favicon.png|robots.txt}$ {
access_log off;
log_not_found off;
expires 1y;
add_header Cache-Control public,max-age=259200;
}
location ~* \.(jpg|jpeg|png|gif|ico|css|js|mp3)$ {
expires 30d;
add_header Cache-Control public,max-age=259200;
}
}
server {
listen 80 deferred;
listen [::]:80 ipv6only=on;
server_name domain.net;
if ($scheme = http) {
return 301 https://$server_name$request_uri;
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment