MGovier · June 13, 2016 23:42
diff --git a/nginx.conf b/nginx.conf
 user www-data;
 worker_processes auto;
 pid /run/nginx.pid;

 events {
    worker_connections 8000;
    # multi_accept on;
 }

 http {

    ##
    # Basic Settings
    ##

    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 65;
    types_hash_max_size 2048;
    server_tokens off;

    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    ##
    # Logging Settings
    ##

    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;

    ##
    # Gzip Settings
    ##

    gzip on;
    gzip_disable "msie6";
    gzip_comp_level    5;
    gzip_min_length    256;
    gzip_proxied       any;
    gzip_types
        application/atom+xml
        application/javascript
        application/json
        application/ld+json
        application/manifest+json
        application/rss+xml
        application/vnd.geo+json
        application/vnd.ms-fontobject
        application/x-font-ttf
        application/x-web-app-manifest+json
        application/xhtml+xml
        application/xml
        font/opentype
        image/bmp
        image/svg+xml
        image/x-icon
        text/cache-manifest
        text/css
        text/plain
        text/vcard
        text/vnd.rim.location.xloc
        text/vtt
        text/x-component
        text/x-cross-domain-policy;

    server {
        
        listen [::]:80;
        listen 80;
        server_name example.me www.example.me;

        return 301 https://example.me$request_uri;

    }

    server {

        listen [::]:443 ssl http2;
        listen 443 ssl http2;

        # listen on the wrong host
        server_name www.example.me;

        ssl_certificate           /etc/ssl/example_me.crt;
        ssl_certificate_key       /etc/ssl/exampleserver.key;

        ssl_protocols  TLSv1.1 TLSv1.2;
        ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
        ssl_prefer_server_ciphers on;
        ssl_session_timeout 1d;
        ssl_session_cache shared:SSL:50m;
        ssl_session_tickets off;

        ssl_stapling on;
        ssl_stapling_verify on;

        ssl_dhparam /etc/ssl/dhparam.pem;
        
        ssl_trusted_certificate /etc/ssl/example_me.ca-bundle;

        # and redirect to the non-www host (declared below)
        return 301 https://example.me$request_uri;

    }

    server {

        listen [::]:443 ssl http2;
        listen 443 ssl http2;
        
        server_name example.me;

        charset utf-8;

        ##
        # SSL Settings
        ##

        ssl_certificate           /etc/ssl/example_me.crt;
        ssl_certificate_key       /etc/ssl/exampleserver.key;

        ssl_protocols  TLSv1.1 TLSv1.2;
        ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
        ssl_prefer_server_ciphers on;
        ssl_session_timeout 1d;
        ssl_session_cache shared:SSL:50m;
        ssl_session_tickets off;

        ssl_stapling on;
        ssl_stapling_verify on;

        ssl_dhparam /etc/ssl/dhparam.pem;

        ssl_trusted_certificate /etc/ssl/example_me.ca-bundle;

        resolver 8.8.8.8 8.8.4.4 216.146.35.35 216.146.36.36 valid=60s;
        resolver_timeout 2s;

        # Headers
        add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";

        # Adjust connection keepalive for HTTP2 clients:
        http2_idle_timeout 300; # up from 180 secs default
    
        location / { 
            proxy_pass http://localhost:3000;
            proxy_set_header X-Real-IP $remote_addr;  # http://wiki.nginx.org/HttpProxyModule
            proxy_set_header Host $host;  # pass the host header - http://wiki.nginx.org/HttpProxyModule#proxy_pass
            proxy_http_version 1.1;  # recommended with keepalive connections - http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_http_version
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            # WebSocket proxying - from http://nginx.org/en/docs/http/websocket.html
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection 'upgrade';
        }
    }
 }
	user www-data;
	worker_processes auto;
	pid /run/nginx.pid;

	events {
	worker_connections 8000;
	# multi_accept on;
	}

	http {

	##
	# Basic Settings
	##

	sendfile on;
	tcp_nopush on;
	tcp_nodelay on;
	keepalive_timeout 65;
	types_hash_max_size 2048;
	server_tokens off;

	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	##
	# Logging Settings
	##

	access_log /var/log/nginx/access.log;
	error_log /var/log/nginx/error.log;

	##
	# Gzip Settings
	##

	gzip on;
	gzip_disable "msie6";
	gzip_comp_level 5;
	gzip_min_length 256;
	gzip_proxied any;
	gzip_types
	application/atom+xml
	application/javascript
	application/json
	application/ld+json
	application/manifest+json
	application/rss+xml
	application/vnd.geo+json
	application/vnd.ms-fontobject
	application/x-font-ttf
	application/x-web-app-manifest+json
	application/xhtml+xml
	application/xml
	font/opentype
	image/bmp
	image/svg+xml
	image/x-icon
	text/cache-manifest
	text/css
	text/plain
	text/vcard
	text/vnd.rim.location.xloc
	text/vtt
	text/x-component
	text/x-cross-domain-policy;

	server {

	listen [::]:80;
	listen 80;
	server_name example.me www.example.me;

	return 301 https://example.me$request_uri;

	}

	server {

	listen [::]:443 ssl http2;
	listen 443 ssl http2;

	# listen on the wrong host
	server_name www.example.me;

	ssl_certificate /etc/ssl/example_me.crt;
	ssl_certificate_key /etc/ssl/exampleserver.key;

	ssl_protocols TLSv1.1 TLSv1.2;
	ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
	ssl_prefer_server_ciphers on;
	ssl_session_timeout 1d;
	ssl_session_cache shared:SSL:50m;
	ssl_session_tickets off;

	ssl_stapling on;
	ssl_stapling_verify on;

	ssl_dhparam /etc/ssl/dhparam.pem;

	ssl_trusted_certificate /etc/ssl/example_me.ca-bundle;

	# and redirect to the non-www host (declared below)
	return 301 https://example.me$request_uri;

	}

	server {

	listen [::]:443 ssl http2;
	listen 443 ssl http2;

	server_name example.me;

	charset utf-8;

	##
	# SSL Settings
	##

	ssl_certificate /etc/ssl/example_me.crt;
	ssl_certificate_key /etc/ssl/exampleserver.key;

	ssl_protocols TLSv1.1 TLSv1.2;
	ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
	ssl_prefer_server_ciphers on;
	ssl_session_timeout 1d;
	ssl_session_cache shared:SSL:50m;
	ssl_session_tickets off;

	ssl_stapling on;
	ssl_stapling_verify on;

	ssl_dhparam /etc/ssl/dhparam.pem;

	ssl_trusted_certificate /etc/ssl/example_me.ca-bundle;

	resolver 8.8.8.8 8.8.4.4 216.146.35.35 216.146.36.36 valid=60s;
	resolver_timeout 2s;

	# Headers
	add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";

	# Adjust connection keepalive for HTTP2 clients:
	http2_idle_timeout 300; # up from 180 secs default

	location / {
	proxy_pass http://localhost:3000;
	proxy_set_header X-Real-IP $remote_addr; # http://wiki.nginx.org/HttpProxyModule
	proxy_set_header Host $host; # pass the host header - http://wiki.nginx.org/HttpProxyModule#proxy_pass
	proxy_http_version 1.1; # recommended with keepalive connections - http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_http_version
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	# WebSocket proxying - from http://nginx.org/en/docs/http/websocket.html
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection 'upgrade';
	}
	}
	}
No results found