Last active
February 12, 2017 22:08
-
-
Save Lewiscowles1986/813de34b617bc9e5f5ac5114634e7b04 to your computer and use it in GitHub Desktop.
Nginx 1.4.6 SSL Setup for SOSLUG
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| server { | |
| listen 443 ssl spdy; | |
| server_name soslug.org www.soslug.org; | |
| ssl on; | |
| ssl_certificate /etc/letsencrypt/live/soslug.org/fullchain.pem; | |
| ssl_certificate_key /etc/letsencrypt/live/soslug.org/privkey.pem | |
| ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |
| ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; | |
| ssl_session_cache shared:SSL:20m; | |
| ssl_stapling on; | |
| ssl_stapling_verify on; | |
| resolver 8.8.4.4 8.8.8.8 valid=300s; | |
| resolver_timeout 10s; | |
| ssl_prefer_server_ciphers on; | |
| ssl_dhparam /etc/ssl/dhparams.pem; | |
| add_header Strict-Transport-Security max-age=63072000; | |
| add_header X-Frame-Options GOFORIT; | |
| add_header X-Content-Type-Options nosniff; | |
| # X-XSS | |
| add_header X-Xss-Protection "1; mode=block"; | |
| root /var/www/vhosts/soslug.org/public; | |
| index index.html index.htm index.php; | |
| access_log /dev/null; | |
| error_log /dev/null; | |
| gzip on; | |
| gzip_min_length 1000; | |
| gzip_proxied any; | |
| gzip_types text/plain text/xml text/css application/x-javascript text/javascript application/xml+rss; | |
| gzip_vary on; | |
| gzip_disable "MSIE [1-6]\.(?!.*SV1)"; | |
| index index.htm index.html index.php; | |
| location / { | |
| try_files $uri $uri/ /index.php$is_args$args; | |
| } | |
| rewrite /wp-admin$ $scheme://$host$uri/ permanent; | |
| # cache rules client-side ;) | |
| location ~* .(jpg|jpeg|png|gif|ico|svg|ttf|eot|woff|otf)$ { | |
| expires 365d; | |
| } | |
| location ~* .(css|js)$ { | |
| expires 1d; | |
| } | |
| # pass the PHP scripts to FastCGI server | |
| location ~ [^/]\.php(/|$) { | |
| fastcgi_split_path_info ^(.+?\.php)(/.*)$; | |
| if (!-f $document_root$fastcgi_script_name) { | |
| return 404; | |
| } | |
| fastcgi_send_timeout 1200s; | |
| fastcgi_read_timeout 1200s; | |
| fastcgi_pass 127.0.0.1:9000; | |
| fastcgi_index index.php; | |
| include fastcgi_params; | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
difference between 1.4.6 and latest should just be spdy becoming https
https://www.nginx.com/blog/nginx-1-10-1-11-released/ should be consulted if ever in-doubt