Skip to content

Instantly share code, notes, and snippets.

@vulcan25
Created December 16, 2018 12:27
Show Gist options
  • Save vulcan25/dc6525bd95f2d265ccb6232fd063f3e8 to your computer and use it in GitHub Desktop.
Save vulcan25/dc6525bd95f2d265ccb6232fd063f3e8 to your computer and use it in GitHub Desktop.
# move this file to sites-available/
server {
listen 443 ssl;
client_max_body_size 32M;
# set the correct host(s) for your site
server_name example.com;
keepalive_timeout 5;
ssl_certificate /srv/ssl/chained.pem;
ssl_certificate_key /srv/ssl/private.key;
location / {
alias /var/www/html/;
}
}
server {
listen 80 default_server;
server_name _;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl default_server;
# ssl_certificate /srv/self-ssl/cert.pem;
# ssl_certificate_key /srv/self-ssl/key.pem;
server_name _;
return 444;
}
worker_processes 1;
user nobody nogroup;
error_log /var/log/nginx/error.log info;
pid /var/run/nginx.pid;
events {
worker_connections 1024; # increase if you have lots of clients
accept_mutex off; # set to 'on' if nginx worker_processes > 1
}
http {
server_tokens off;
include mime.types;
# fallback in case we can't determine a type
default_type application/octet-stream;
access_log /var/log/nginx/access.log combined;
sendfile on;
ssl_protocols TLSv1.2;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Xss-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
include /etc/nginx/sites-enabled/*.conf;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment