Created
December 10, 2017 04:48
-
-
Save shayes19/4fd09605b8ae72e13dc4d86f847df0c1 to your computer and use it in GitHub Desktop.
domains.com.ssl.conf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Centmin Mod Getting Started Guide | |
# must read http://centminmod.com/getstarted.html | |
# For HTTP/2 SSL Setup | |
# read http://centminmod.com/nginx_configure_https_ssl_spdy.html | |
# redirect from www to non-www forced SSL | |
# uncomment, save file and restart Nginx to enable | |
# if unsure use return 302 before using return 301 | |
server { | |
server_name mydomain.com www.mydomain.com; | |
return 302 https://mydomain.com$request_uri; | |
# define error page | |
error_page 404 = @notfound; | |
# error page location redirect 301 | |
location @notfound { | |
return 301 /; | |
} | |
} | |
server { | |
listen 443 ssl http2; | |
server_name mydomain.com www.mydomain.com; | |
## redirect https www to https non-www | |
if ($host = 'www.mydomain.com' ) { | |
return 302 https://mydomain.com$request_uri; | |
} | |
ssl_dhparam /usr/local/nginx/conf/ssl/mydomain.com/dhparam.pem; | |
ssl_certificate /usr/local/nginx/conf/ssl/mydomain.com/ssl-unified.crt; | |
ssl_certificate_key /usr/local/nginx/conf/ssl/mydomain.com/mydomain.com.key; | |
include /usr/local/nginx/conf/ssl_include.conf; | |
http2_max_field_size 16k; | |
http2_max_header_size 32k; | |
# dual cert supported ssl ciphers | |
ssl_ciphers EECDH+CHACHA20-draft:EECDH+CHACHA20:EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+ECDSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+SHA384:EECDH+AES128:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!CAMELLIA; | |
ssl_prefer_server_ciphers on; | |
#add_header Alternate-Protocol 443:npn-spdy/3; | |
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;"; | |
#add_header X-Frame-Options SAMEORIGIN; | |
#add_header X-Xss-Protection "1; mode=block" always; | |
#add_header X-Content-Type-Options "nosniff" always; | |
#spdy_headers_comp 5; | |
ssl_buffer_size 1369; | |
ssl_session_tickets on; | |
# enable ocsp stapling | |
resolver 8.8.8.8 8.8.4.4 valid=10m; | |
resolver_timeout 10s; | |
ssl_stapling on; | |
ssl_stapling_verify on; | |
ssl_trusted_certificate /usr/local/nginx/conf/ssl/mydomain.com/ssl-trusted.crt; | |
# ngx_pagespeed & ngx_pagespeed handler | |
#include /usr/local/nginx/conf/pagespeed.conf; | |
#include /usr/local/nginx/conf/pagespeedhandler.conf; | |
#include /usr/local/nginx/conf/pagespeedstatslog.conf; | |
# limit_conn limit_per_ip 16; | |
# ssi on; | |
access_log /home/nginx/domains/mydomain.com/log/access.log combined buffer=256k flush=5m; | |
error_log /home/nginx/domains/mydomain.com/log/error.log; | |
root /home/nginx/domains/mydomain.com/public; | |
location / { | |
# Wordpress Permalinks | |
try_files $uri $uri/ /index.php?q=$request_uri; | |
include /usr/local/nginx/conf/wpsecure.conf; | |
include /usr/local/nginx/conf/wpnocache.conf; | |
} | |
include /usr/local/nginx/conf/staticfiles.conf; | |
include /usr/local/nginx/conf/php.conf; | |
#include /usr/local/nginx/conf/drop.conf; | |
#include /usr/local/nginx/conf/errorpage.conf; | |
include /usr/local/nginx/conf/vts_server.conf; | |
include /usr/local/nginx/conf/sitemap-config.conf; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment