nginx default site config

default.conf

##
# /etc/nginx/conf.d/default.conf
##

server {
    listen       80;
    server_name  localhost 1.2.3.4;

    location / {
        root   /var/www/default/html;
        index  index.html index.htm;
    }

    error_page  404              /404.html;

    # redirect server error pages to the static page /50x.html
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /var/www/default/html;
    }
}

server {
    listen 443 ssl http2;
    server_name localhost 1.2.3.4;
    
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
    #ssl_dhparam /etc/ssl/dhparam.pem;
    #ssl_stapling on;
    #ssl_stapling_verify on;
    
    # Only strong ciphers in PFS mode
    ssl_ciphers ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

    root   /var/www/default/html;
    index  index.html index.htm;
    
    location / {
        try_files $uri $uri/ =404;
    
        # 31536000 == 1 year 
        add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
        add_header X-Frame-Options DENY;
        proxy_cache global;
        proxy_cache_valid  any 1h; 
        proxy_cache_use_stale updating;
    }   
}