yungke/gtour_ssl_conf

## gtour_ssl_conf
server
    {
       listen         80;
       server_name    gtour.info www.gtour.info;
       return         301 https://$server_name$request_uri;
    }

server {
       listen 443 ssl http2;
       server_name gtour.info www.gtour.info;
       access_log off;
       index index.html index.htm index.php;

       pagespeed on;
       include /usr/local/nginx/conf/wordpress.conf;
       include /usr/local/nginx/conf/wpffpc.conf;
       include /usr/local/nginx/conf/pagespeed_passthrough_ssl.conf;
       include /usr/local/nginx/conf/yoast_seo.conf;

       root /data/wwwroot/gtour.info;

       ssl on;
       ssl_certificate gtour_info.crt;
       ssl_certificate_key jungehost.pem;
       ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
       ssl_session_cache    shared:SSL:20m;
       ssl_session_timeout  20m;
       ssl_prefer_server_ciphers On;
       ssl_stapling on;
       ssl_stapling_verify on;
       ssl_trusted_certificate /usr/local/nginx/conf/gtour_info.pem;
       resolver 8.8.8.8 8.8.4.4 valid=300s;
       resolver_timeout 10s;

       ssl_session_tickets on;

       add_header Strict-Transport-Security max-age=31536000;
       ssl_dhparam /usr/local/nginx/conf/dh2048.pem;
       ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";


location ~ [^/]\.php(/|$) {
       #fastcgi_pass remote_php_ip:9000;
       fastcgi_pass unix:/dev/shm/php-cgi.sock;
       fastcgi_index index.php;
       include fastcgi.conf;
    }
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|ico)$ {
       expires 30d;
       access_log off;
    }
location ~ .*\.(js|css)?$ {
       expires 7d;
       access_log off;
    }
}
	server
	{
	listen 80;
	server_name gtour.info www.gtour.info;
	return 301 https://$server_name$request_uri;
	}

	server {
	listen 443 ssl http2;
	server_name gtour.info www.gtour.info;
	access_log off;
	index index.html index.htm index.php;

	pagespeed on;
	include /usr/local/nginx/conf/wordpress.conf;
	include /usr/local/nginx/conf/wpffpc.conf;
	include /usr/local/nginx/conf/pagespeed_passthrough_ssl.conf;
	include /usr/local/nginx/conf/yoast_seo.conf;

	root /data/wwwroot/gtour.info;

	ssl on;
	ssl_certificate gtour_info.crt;
	ssl_certificate_key jungehost.pem;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_session_cache shared:SSL:20m;
	ssl_session_timeout 20m;
	ssl_prefer_server_ciphers On;
	ssl_stapling on;
	ssl_stapling_verify on;
	ssl_trusted_certificate /usr/local/nginx/conf/gtour_info.pem;
	resolver 8.8.8.8 8.8.4.4 valid=300s;
	resolver_timeout 10s;

	ssl_session_tickets on;

	add_header Strict-Transport-Security max-age=31536000;
	ssl_dhparam /usr/local/nginx/conf/dh2048.pem;
	ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";


	location ~ [^/]\.php(/\|$) {
	#fastcgi_pass remote_php_ip:9000;
	fastcgi_pass unix:/dev/shm/php-cgi.sock;
	fastcgi_index index.php;
	include fastcgi.conf;
	}
	location ~ .*\.(gif\|jpg\|jpeg\|png\|bmp\|swf\|flv\|ico)$ {
	expires 30d;
	access_log off;
	}
	location ~ .*\.(js\|css)?$ {
	expires 7d;
	access_log off;
	}
	}