Created
December 16, 2018 12:27
-
-
Save vulcan25/dc6525bd95f2d265ccb6232fd063f3e8 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# move this file to sites-available/ | |
server { | |
listen 443 ssl; | |
client_max_body_size 32M; | |
# set the correct host(s) for your site | |
server_name example.com; | |
keepalive_timeout 5; | |
ssl_certificate /srv/ssl/chained.pem; | |
ssl_certificate_key /srv/ssl/private.key; | |
location / { | |
alias /var/www/html/; | |
} | |
} | |
server { | |
listen 80 default_server; | |
server_name _; | |
return 301 https://$host$request_uri; | |
} | |
server { | |
listen 443 ssl default_server; | |
# ssl_certificate /srv/self-ssl/cert.pem; | |
# ssl_certificate_key /srv/self-ssl/key.pem; | |
server_name _; | |
return 444; | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
worker_processes 1; | |
user nobody nogroup; | |
error_log /var/log/nginx/error.log info; | |
pid /var/run/nginx.pid; | |
events { | |
worker_connections 1024; # increase if you have lots of clients | |
accept_mutex off; # set to 'on' if nginx worker_processes > 1 | |
} | |
http { | |
server_tokens off; | |
include mime.types; | |
# fallback in case we can't determine a type | |
default_type application/octet-stream; | |
access_log /var/log/nginx/access.log combined; | |
sendfile on; | |
ssl_protocols TLSv1.2; | |
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; | |
ssl_prefer_server_ciphers on; | |
ssl_session_cache shared:SSL:10m; | |
ssl_session_timeout 10m; | |
add_header X-Frame-Options "SAMEORIGIN" always; | |
add_header X-Xss-Protection "1; mode=block" always; | |
add_header X-Content-Type-Options "nosniff" always; | |
include /etc/nginx/sites-enabled/*.conf; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment