Last active
December 24, 2015 16:58
-
-
Save philcryer/6831441 to your computer and use it in GitHub Desktop.
Current production nginx configuration for fak3r.com, including headers, SSL config and other settings.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # /etc/nginx/sites-enabled/fak3r.com | |
| server { | |
| server_name fak3r.com; | |
| listen 88; | |
| server_name_in_redirect off; | |
| index index.html; | |
| root /usr/share/nginx/www/fak3r.com/; | |
| location ~* \.(?:ico|css|js|gif|jpe?g|png)$ { | |
| expires max; | |
| add_header Pragma public; | |
| add_header Cache-Control "public, must-revalidate, proxy-revalidate"; | |
| } | |
| include drop.conf; | |
| rewrite ^(.*)$ https://site.com$1 permanent; | |
| } | |
| server { | |
| server_name fak3r.com; | |
| listen 127.0.0.1:443 ssl; | |
| ssl_session_cache shared:SSL:10m; | |
| ssl_session_timeout 10m; | |
| keepalive_timeout 70; | |
| access_log /var/log/nginx/fak3r.com.access.log; | |
| error_log /var/log/nginx/fak3r.com.error.log; | |
| add_header Cache-Control "public"; | |
| add_header X-Content-Type-Options "nosniff"; | |
| add_header X-Frame-Options "DENY"; | |
| add_header X-Frame-Options SAMEORIGIN; | |
| add_header Strict-Transport-Security "max-age=315360000; includeSubdomains"; | |
| expires max; | |
| index index.html; | |
| root /usr/share/nginx/www/fak3r.com; | |
| ssl on; | |
| ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:RC4-SHA; | |
| ssl_prefer_server_ciphers on; | |
| ssl_certificate /etc/nginx/ssl/fak3r.com/ssl-unified.crt; | |
| ssl_certificate_key /etc/nginx/ssl/fak3r.com/ssl.key; | |
| ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; | |
| location ~* \.(?:ico|css|js|gif|jpe?g|png)$ { | |
| expires max; | |
| add_header Pragma public; | |
| add_header Cache-Control "public, must-revalidate, proxy-revalidate"; | |
| } | |
| error_page 404 /error/404.html; | |
| include drop.conf; | |
| } | |
| # /etc/nginx/drop.conf | |
| location = /robots.txt { access_log off; log_not_found off; } | |
| location = /favicon.ico { access_log off; log_not_found off; } | |
| location ~ /\. { access_log off; log_not_found off; deny all; } | |
| location ~ ~$ { access_log off; log_not_found off; deny all; } | |
| location ~ /(\.|wp-config.php|readme.html|licence.txt) { | |
| return 404; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment