Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Jamroom 6+ Nginx vhost configuration file for use with Centmin mod.
# Jamroom 6+ CMS Working NGINX site conf file for use with Centminmod.
# Jamroom: https://jamroom.net https://www.jamroom.net/the-jamroom-network/forum/off-topic/35854/jamroom-and-nginx-centmin-mod-lemp-stack
# Centminmod: https://centminmod.com https://community.centminmod.com/threads/jamroom.5051/
# This file is for a FORCED SSL site. Non-SSL requests will be directed to SSL.
# 10.0.0.123 is a demo IP. Replace with your domain. Example: yourdomain.com
# Thanks to @brian from Jamroom for all your help!
# Thanks to @eva2000 from Centminmod for all your help!
# Redirect to HTTPS from port 80
# Redirect from www to non-www with forced SSL
server {
listen 80;
# listen []:80 ipv6only=off;
server_name 10.0.0.123 www.10.0.0.123;
return 301 https://10.0.0.123$request_uri;
# Error Logs via 80
access_log /home/nginx/domains/10.0.0.123/log/access_via80_123.log combined buffer=256k flush=5m;
error_log /home/nginx/domains/10.0.0.123/log/error_via80_123.log;
}
server {
listen 10.0.0.123:443 ssl http2;
# listen []:443 ssl http2 ipv6only=off;
server_name 10.0.0.123;
# Will re-direct any SSL requests for www to non-www
# https://centminmod.com/nginx_domain_dns_setup.html#httpsredirect
if ($host = 'www.10.0.0.123' ) {
return 301 https://10.0.0.123$request_uri;
}
ssl_dhparam /usr/local/nginx/conf/ssl/10.0.0.123/dhparam.pem;
ssl_certificate /usr/local/nginx/conf/ssl/10.0.0.123/10.0.0.123.crt;
ssl_certificate_key /usr/local/nginx/conf/ssl/10.0.0.123/10.0.0.123.key;
include /usr/local/nginx/conf/ssl_include.conf;
# Cloudflare authenticated origin pull cert community.centminmod.com/threads/13847/
# ssl_client_certificate /usr/local/nginx/conf/ssl/cloudflare/blockchaintalk.org/origin.crt;
# ssl_verify_client on;
http2_max_field_size 16k;
http2_max_header_size 32k;
# Dual Cert Supported SSL Ciphers
ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
ssl_prefer_server_ciphers on;
# add_header Alternate-Protocol 443:npn-spdy/3;
# HTTP Public Key Pinning Header uncomment only one that applies include or exclude domains.
# You'd want to include subdomains if you're using SSL wildcard certificates
# include subdomain
# add_header Public-Key-Pins 'pin-sha256="kUtRfCe0JWOz1gw4DOGvf15QCfSLkIrlu+eOpf/PFOg="; pin-sha256="7nF+BczNEgtaZKE9fU80QwigQ+9Ip5S4AhR8CYM/U70="; max-age=86400; includeSubDomains';
# exclude subdomains
# add_header Public-Key-Pins 'pin-sha256="kUtRfCe0JWOz1gw4DOGvf15QCfSLkIrlu+eOpf/PFOg="; pin-sha256="7nF+BczNEgtaZKE9fU80QwigQ+9Ip5S4AhR8CYM/U70="; max-age=86400';
# before enabling HSTS line below read centminmod.com/nginx_domain_dns_setup.html#hsts
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
add_header X-Frame-Options SAMEORIGIN;
add_header X-Xss-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "strict-origin-when-cross-origin";
# spdy_headers_comp 5;
ssl_buffer_size 1369;
ssl_session_tickets on;
# OCSP Stapling
# resolver 8.8.8.8 8.8.4.4 valid=10m;
# resolver_timeout 10s;
# ssl_stapling on;
# ssl_stapling_verify on;
# ssl_trusted_certificate /usr/local/nginx/conf/ssl/10.0.0.121/10.0.0.121-trusted.crt;
# ngx_pagespeed & ngx_pagespeed handler
# include /usr/local/nginx/conf/pagespeed.conf;
# include /usr/local/nginx/conf/pagespeedhandler.conf;
# include /usr/local/nginx/conf/pagespeedstatslog.conf;
# Limit Connections Per IP Address
# Modified from default to allow Admin directory to have more connections
# Modified in nginx.conf
# limit_conn_zone $limitconn_map zone=limit_per_ip:16m;
# ssi on;
# Error Logs via 443
access_log /home/nginx/domains/10.0.0.123/log/access_via443_123.log combined buffer=256k flush=60m;
error_log /home/nginx/domains/10.0.0.123/log/error_via443_123.log;
# CMM Autoprotect
include /usr/local/nginx/conf/autoprotect/10.0.0.123/autoprotect-10.0.0.123.conf;
# Root folder of project
root /home/nginx/domains/10.0.0.123/public;
# Cloudflare
# uncomment cloudflare.conf include if using cloudflare for server and/or vhost site
# include /usr/local/nginx/conf/cloudflare.conf;
# Centmin Mod Maintenance Pages
include /usr/local/nginx/conf/503include-main.conf;
# location ~ ^/ {
# auth_basic "Private";
# auth_basic_user_file /usr/local/nginx/conf/htpasswd_site;
# include /usr/local/nginx/conf/php.conf;
# try_files $uri $uri/ /index.php;
# }
# Prevent access to ./directories and files
location ~ (?:^|/)\. {
deny all;
}
location ~* ^/data/media/0/0/ {
allow all;
}
location ~* ^/data/(config|logs|media)/ {
allow 127.0.0.1;
deny all;
try_files $uri $uri/ @rewrite;
}
location ~* ^/data/media/vault/ {
allow 127.0.0.1;
deny all;
try_files $uri $uri/ @rewrite;
}
location ~* ^/modules/jrCore/root/data/config/ {
allow 127.0.0.1;
deny all;
try_files $uri $uri/ @rewrite;
}
location ~* ^/modules/jrCore/root/data/logs/ {
allow 127.0.0.1;
deny all;
try_files $uri $uri/ @rewrite;
}
location / {
include /usr/local/nginx/conf/503include-only.conf;
# block common exploits, sql injections etc
include /usr/local/nginx/conf/block.conf;
# Enables directory listings when index file not found
# autoindex on;
# Shows file listing times as local time
autoindex_localtime on;
index index.html index.php sitemap.xml /modules/jrCore/router.php;
try_files $uri $uri/ @rewrite;
}
location @rewrite {
rewrite ^(.*)$ /modules/jrCore/router.php?_uri=$request_uri last;
}
# Profile Domains Module Config
# include /data/media/0/0/apache_server_alias_*.conf;
include /usr/local/nginx/conf/staticfiles_jr.conf;
include /usr/local/nginx/conf/php.conf;
include /usr/local/nginx/conf/drop.conf;
include /usr/local/nginx/conf/errorpage_jr.conf;
include /usr/local/nginx/conf/vts_server.conf;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.