mingshun · August 29, 2015 14:07
diff --git a/nginx.conf b/nginx.conf
 user  nobody;
 
 worker_processes  2;
 
 #error_log   /dev/null crit;
 
 events {
    worker_connections  1024;
 }
 
 http {
    include       mime.types;
    default_type  application/octet-stream;
 
    sendfile        on;
    #tcp_nopush     on;
 
    keepalive_timeout  65;
 
    gzip  on;
 
    expires off;
 
    server_tokens off;
 
    server {
        listen                     80;
        listen                     443 ssl;
        listen                     [::]:80;
        listen                     [::]:443 ssl;
        server_name                example.com;
 
        ssl                        on;
        ssl_certificate            path/to/cert;
        ssl_certificate_key        path/to/key;
 
        ssl_session_cache          shared:SSL:1m;
        ssl_session_timeout        5m;
 
        ssl_protocols              TLSv1.2;
        ssl_ciphers                ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:AES256+EECDH;
        ssl_prefer_server_ciphers  on;
        ssl_ecdh_curve             secp384r1;
 
        ssl_stapling               on;
        ssl_stapling_verify        on;
        resolver                   8.8.8.8 8.8.4.4 valid=300s;
        resolver_timeout           5s;
 
        add_header                 Strict-Transport-Security  max-age=31536000;
 
        error_page 497 @https;
        location @https {
            rewrite ^(.*)$ https://$host$1 permanent;
        }
    }
    
    server {
        listen                     80;
        listen                     443 ssl;
        listen                     [::]:80;
        listen                     [::]:443 ssl;
        server_name                ~^(www\.)(?<domain>.+)$;
        rewrite                    ^(.*)$ https://$domain$1 permanent;
        
        error_page 497 @https;
        location @https {
            rewrite ^(.*)$ https://$host$1 permanent;
        }
    }
 }
	user nobody;

	worker_processes 2;

	#error_log /dev/null crit;

	events {
	worker_connections 1024;
	}

	http {
	include mime.types;
	default_type application/octet-stream;

	sendfile on;
	#tcp_nopush on;

	keepalive_timeout 65;

	gzip on;

	expires off;

	server_tokens off;

	server {
	listen 80;
	listen 443 ssl;
	listen [::]:80;
	listen [::]:443 ssl;
	server_name example.com;

	ssl on;
	ssl_certificate path/to/cert;
	ssl_certificate_key path/to/key;

	ssl_session_cache shared:SSL:1m;
	ssl_session_timeout 5m;

	ssl_protocols TLSv1.2;
	ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:AES256+EECDH;
	ssl_prefer_server_ciphers on;
	ssl_ecdh_curve secp384r1;

	ssl_stapling on;
	ssl_stapling_verify on;
	resolver 8.8.8.8 8.8.4.4 valid=300s;
	resolver_timeout 5s;

	add_header Strict-Transport-Security max-age=31536000;

	error_page 497 @https;
	location @https {
	rewrite ^(.*)$ https://$host$1 permanent;
	}
	}

	server {
	listen 80;
	listen 443 ssl;
	listen [::]:80;
	listen [::]:443 ssl;
	server_name ~^(www\.)(?<domain>.+)$;
	rewrite ^(.*)$ https://$domain$1 permanent;

	error_page 497 @https;
	location @https {
	rewrite ^(.*)$ https://$host$1 permanent;
	}
	}
	}