Skip to content

Instantly share code, notes, and snippets.

@sanguis
Forked from anonymous/nginx.conf
Last active August 29, 2015 13:58
Show Gist options
  • Save sanguis/2f031eb58bd28ce4ac7e to your computer and use it in GitHub Desktop.
Save sanguis/2f031eb58bd28ce4ac7e to your computer and use it in GitHub Desktop.
nginx redirecting all non ssl/www traffic to https://www...
server {
listen 443 spdy;
listen 80;
server_name foo.org www.foo.org;
root /home/site/public;
#if ($request_method !~ "^(GET|HEAD|POST)$" ) { return 444; }
if ($https != 'on') { return 301 https://www.foo.org$request_uri; }
if ($host = "foo.org") { return 301 https://www.foo.org$request_uri; }
# ANTI CSRF HACK
valid_referers none blocked foo.org www.foo.org;
set $possible_csrf "";
if ($invalid_referer) { set $possible_csrf 1; }
if ($request_method = POST) { set $possible_csrf "${possible_csrf}2"; }
if ($possible_csrf = 12) { return 403; }
# Strict Transport Security
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains";
ssl_certificate /sites-data/nginx/foo.org.crt;
ssl_certificate_key /sites-data/nginx/foo.org.key;
set $private_dir sites/default/files/_private;
include /etc/nginx/apps/drupal.conf;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment