shayes19/gist:4fd09605b8ae72e13dc4d86f847df0c1 Secret

## gistfile1.txt
# Centmin Mod Getting Started Guide
# must read http://centminmod.com/getstarted.html
# For HTTP/2 SSL Setup
# read http://centminmod.com/nginx_configure_https_ssl_spdy.html

# redirect from www to non-www  forced SSL
# uncomment, save file and restart Nginx to enable
# if unsure use return 302 before using return 301
 server {
   server_name mydomain.com www.mydomain.com;
    return 302 https://mydomain.com$request_uri;
# define error page
error_page 404 = @notfound;

# error page location redirect 301
location @notfound {
    return 301 /;
}
 }

server {
  listen 443 ssl http2;
  server_name mydomain.com www.mydomain.com;
 ##  redirect https www to https non-www
      if ($host = 'www.mydomain.com' ) {
         return 302 https://mydomain.com$request_uri;
      }
  ssl_dhparam /usr/local/nginx/conf/ssl/mydomain.com/dhparam.pem;
  ssl_certificate      /usr/local/nginx/conf/ssl/mydomain.com/ssl-unified.crt;
  ssl_certificate_key  /usr/local/nginx/conf/ssl/mydomain.com/mydomain.com.key;
  include /usr/local/nginx/conf/ssl_include.conf;

  http2_max_field_size 16k;
  http2_max_header_size 32k;
  # dual cert supported ssl ciphers
  ssl_ciphers     EECDH+CHACHA20-draft:EECDH+CHACHA20:EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+ECDSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+SHA384:EECDH+AES128:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!CAMELLIA;
  ssl_prefer_server_ciphers   on;
  #add_header Alternate-Protocol  443:npn-spdy/3;
  add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
  #add_header X-Frame-Options SAMEORIGIN;
  #add_header X-Xss-Protection "1; mode=block" always;
  #add_header X-Content-Type-Options "nosniff" always;
  #spdy_headers_comp 5;
  ssl_buffer_size 1369;
  ssl_session_tickets on;

 #  enable ocsp stapling
  resolver 8.8.8.8 8.8.4.4 valid=10m;
 resolver_timeout 10s;
  ssl_stapling on;
  ssl_stapling_verify on;
 ssl_trusted_certificate /usr/local/nginx/conf/ssl/mydomain.com/ssl-trusted.crt;

# ngx_pagespeed & ngx_pagespeed handler
#include /usr/local/nginx/conf/pagespeed.conf;
#include /usr/local/nginx/conf/pagespeedhandler.conf;
#include /usr/local/nginx/conf/pagespeedstatslog.conf;

  # limit_conn limit_per_ip 16;
  # ssi  on;

  access_log /home/nginx/domains/mydomain.com/log/access.log combined buffer=256k flush=5m;
  error_log /home/nginx/domains/mydomain.com/log/error.log;

  root /home/nginx/domains/mydomain.com/public;

  location / {
    # Wordpress Permalinks
    try_files $uri $uri/ /index.php?q=$request_uri;

    include /usr/local/nginx/conf/wpsecure.conf;
    include /usr/local/nginx/conf/wpnocache.conf;

  }

  include /usr/local/nginx/conf/staticfiles.conf;
  include /usr/local/nginx/conf/php.conf;
  #include /usr/local/nginx/conf/drop.conf;
  #include /usr/local/nginx/conf/errorpage.conf;
  include /usr/local/nginx/conf/vts_server.conf;
include /usr/local/nginx/conf/sitemap-config.conf;
}
	# Centmin Mod Getting Started Guide
	# must read http://centminmod.com/getstarted.html
	# For HTTP/2 SSL Setup
	# read http://centminmod.com/nginx_configure_https_ssl_spdy.html

	# redirect from www to non-www forced SSL
	# uncomment, save file and restart Nginx to enable
	# if unsure use return 302 before using return 301
	server {
	server_name mydomain.com www.mydomain.com;
	return 302 https://mydomain.com$request_uri;
	# define error page
	error_page 404 = @notfound;

	# error page location redirect 301
	location @notfound {
	return 301 /;
	}
	}

	server {
	listen 443 ssl http2;
	server_name mydomain.com www.mydomain.com;
	## redirect https www to https non-www
	if ($host = 'www.mydomain.com' ) {
	return 302 https://mydomain.com$request_uri;
	}
	ssl_dhparam /usr/local/nginx/conf/ssl/mydomain.com/dhparam.pem;
	ssl_certificate /usr/local/nginx/conf/ssl/mydomain.com/ssl-unified.crt;
	ssl_certificate_key /usr/local/nginx/conf/ssl/mydomain.com/mydomain.com.key;
	include /usr/local/nginx/conf/ssl_include.conf;

	http2_max_field_size 16k;
	http2_max_header_size 32k;
	# dual cert supported ssl ciphers
	ssl_ciphers EECDH+CHACHA20-draft:EECDH+CHACHA20:EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+ECDSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+SHA384:EECDH+AES128:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!CAMELLIA;
	ssl_prefer_server_ciphers on;
	#add_header Alternate-Protocol 443:npn-spdy/3;
	add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
	#add_header X-Frame-Options SAMEORIGIN;
	#add_header X-Xss-Protection "1; mode=block" always;
	#add_header X-Content-Type-Options "nosniff" always;
	#spdy_headers_comp 5;
	ssl_buffer_size 1369;
	ssl_session_tickets on;

	# enable ocsp stapling
	resolver 8.8.8.8 8.8.4.4 valid=10m;
	resolver_timeout 10s;
	ssl_stapling on;
	ssl_stapling_verify on;
	ssl_trusted_certificate /usr/local/nginx/conf/ssl/mydomain.com/ssl-trusted.crt;

	# ngx_pagespeed & ngx_pagespeed handler
	#include /usr/local/nginx/conf/pagespeed.conf;
	#include /usr/local/nginx/conf/pagespeedhandler.conf;
	#include /usr/local/nginx/conf/pagespeedstatslog.conf;

	# limit_conn limit_per_ip 16;
	# ssi on;

	access_log /home/nginx/domains/mydomain.com/log/access.log combined buffer=256k flush=5m;
	error_log /home/nginx/domains/mydomain.com/log/error.log;

	root /home/nginx/domains/mydomain.com/public;

	location / {
	# Wordpress Permalinks
	try_files $uri $uri/ /index.php?q=$request_uri;

	include /usr/local/nginx/conf/wpsecure.conf;
	include /usr/local/nginx/conf/wpnocache.conf;

	}

	include /usr/local/nginx/conf/staticfiles.conf;
	include /usr/local/nginx/conf/php.conf;
	#include /usr/local/nginx/conf/drop.conf;
	#include /usr/local/nginx/conf/errorpage.conf;
	include /usr/local/nginx/conf/vts_server.conf;
	include /usr/local/nginx/conf/sitemap-config.conf;
	}