nailuoGG/nginx.conf

## nginx.conf
upstream ghost_upstream {
    server 127.0.0.1:2368;
    keepalive 64;
}

proxy_cache_path /var/run/cache levels=1:2 keys_zone=STATIC:75m inactive=24h max_size=512m;
server {
    listen 80;
    server_name nailuogg.me www.nailuogg.me;
    server_tokens   off;
    return 301 https://$host$request_uri;
}
server {
  server_name nailuogg.me www.nailuogg.me;
  server_tokens   off;
   listen 443 ssl spdy;
   spdy_headers_comp 6;
   spdy_keepalive_timeout 300;
   listen 443 ssl;
   keepalive_timeout 300;
   ssl_certificate_key /etc/letsencrypt/archive/nailuogg.me/privkey1.pem;
   ssl_certificate /etc/letsencrypt/archive/nailuogg.me/fullchain1.pem;
   ssl_session_cache shared:SSL:10m;
   ssl_session_timeout 24h;
   ssl_buffer_size 1400;
   ssl_stapling on;
   ssl_stapling_verify on;
   #ssl_trusted_certificate /etc/nginx/ssl/trust.crt;
   ssl_dhparam /etc/letsencrypt/archive/nailuogg.me/dhparams.pem;
   resolver 8.8.8.8 8.8.4.4 valid=300s;

   ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
    ssl_prefer_server_ciphers on;

   add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains';
   add_header X-Cache $upstream_cache_status;
   add_header  X-Content-Type-Options  nosniff;
   add_header  X-Frame-Options  deny;

   location / {
        proxy_cache STATIC;
        proxy_cache_valid 200 30m;
        proxy_cache_valid 404 1m;
        proxy_pass http://ghost_upstream;
        proxy_ignore_headers X-Accel-Expires Expires Cache-Control;
        proxy_ignore_headers Set-Cookie;
        proxy_hide_header Set-Cookie;
        proxy_hide_header X-powered-by;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto https;
        proxy_set_header Host $http_host;
        expires 10m;
    }
    location /content/images {
        alias /home/nailuoGG/ghost/content/images;
        access_log off;
        expires max;
    }
    location /assets {
        alias /home/nailuoGG/ghost/content/themes/vno/assets;
        access_log off;
        expires max;
    }
    location /public {
        alias /home/nailuoGG/ghost/built/public;
        access_log off;
        expires max;
    }
    location /ghost/scripts {
        alias /home/nailuoGG/ghost/core/built/scripts;
        access_log off;
        expires max;
    }
    location ~ ^/(?:ghost|signout) {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $http_host;
        proxy_pass http://ghost_upstream;
        add_header Cache-Control "no-cache, private, no-store,
        must-revalidate, max-stale=0, post-check=0, pre-check=0";
        proxy_set_header X-Forwarded-Proto https;
    }
}
	upstream ghost_upstream {
	server 127.0.0.1:2368;
	keepalive 64;
	}

	proxy_cache_path /var/run/cache levels=1:2 keys_zone=STATIC:75m inactive=24h max_size=512m;
	server {
	listen 80;
	server_name nailuogg.me www.nailuogg.me;
	server_tokens off;
	return 301 https://$host$request_uri;
	}
	server {
	server_name nailuogg.me www.nailuogg.me;
	server_tokens off;
	listen 443 ssl spdy;
	spdy_headers_comp 6;
	spdy_keepalive_timeout 300;
	listen 443 ssl;
	keepalive_timeout 300;
	ssl_certificate_key /etc/letsencrypt/archive/nailuogg.me/privkey1.pem;
	ssl_certificate /etc/letsencrypt/archive/nailuogg.me/fullchain1.pem;
	ssl_session_cache shared:SSL:10m;
	ssl_session_timeout 24h;
	ssl_buffer_size 1400;
	ssl_stapling on;
	ssl_stapling_verify on;
	#ssl_trusted_certificate /etc/nginx/ssl/trust.crt;
	ssl_dhparam /etc/letsencrypt/archive/nailuogg.me/dhparams.pem;
	resolver 8.8.8.8 8.8.4.4 valid=300s;

	ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
	ssl_prefer_server_ciphers on;

	add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains';
	add_header X-Cache $upstream_cache_status;
	add_header X-Content-Type-Options nosniff;
	add_header X-Frame-Options deny;

	location / {
	proxy_cache STATIC;
	proxy_cache_valid 200 30m;
	proxy_cache_valid 404 1m;
	proxy_pass http://ghost_upstream;
	proxy_ignore_headers X-Accel-Expires Expires Cache-Control;
	proxy_ignore_headers Set-Cookie;
	proxy_hide_header Set-Cookie;
	proxy_hide_header X-powered-by;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto https;
	proxy_set_header Host $http_host;
	expires 10m;
	}
	location /content/images {
	alias /home/nailuoGG/ghost/content/images;
	access_log off;
	expires max;
	}
	location /assets {
	alias /home/nailuoGG/ghost/content/themes/vno/assets;
	access_log off;
	expires max;
	}
	location /public {
	alias /home/nailuoGG/ghost/built/public;
	access_log off;
	expires max;
	}
	location /ghost/scripts {
	alias /home/nailuoGG/ghost/core/built/scripts;
	access_log off;
	expires max;
	}
	location ~ ^/(?:ghost\|signout) {
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header Host $http_host;
	proxy_pass http://ghost_upstream;
	add_header Cache-Control "no-cache, private, no-store,
	must-revalidate, max-stale=0, post-check=0, pre-check=0";
	proxy_set_header X-Forwarded-Proto https;
	}
	}