Last active
December 3, 2015 03:42
-
-
Save qianduan/0b1196697ff1d56d03d0 to your computer and use it in GitHub Desktop.
nginx http2 ghost config used for https://www.qianduan.net , enabled nginx proxy_cache and maximum browser cache for static resources.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| server{ | |
| listen 443 ssl http2; | |
| server_name www.qianduan.net;// youdomain.com | |
| ssl on; | |
| keepalive_timeout 300; | |
| charset utf-8; | |
| ssl_certificate /path/to/youdomian.crt; | |
| ssl_certificate_key /path/to/youdomian.key; | |
| ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |
| ssl_session_cache shared:SSL:10m; | |
| ssl_session_timeout 24h; | |
| ssl_buffer_size 1400; | |
| ssl_stapling on; | |
| ssl_stapling_verify on; | |
| add_header X-Cache $upstream_cache_status; | |
| add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;"; | |
| #Disables all weak ciphers | |
| ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; | |
| ssl_prefer_server_ciphers on; | |
| location / { | |
| proxy_cache qdc; //cache name defined in nginx.conf | |
| proxy_cache_valid 200 30m; | |
| proxy_cache_valid 404 1m; | |
| proxy_set_header X-Real-IP $remote_addr; | |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| proxy_set_header Host $http_host; | |
| proxy_set_header X-Forwarded-Proto $scheme; | |
| proxy_pass http://127.0.0.1:port; | |
| proxy_ignore_headers X-Accel-Expires Expires Cache-Control; | |
| proxy_ignore_headers Set-Cookie; | |
| proxy_hide_header Set-Cookie; | |
| proxy_hide_header X-powerd-by; | |
| expires 10m; | |
| } | |
| location /content/images/ { | |
| alias /path/to/ghost/content/images/; | |
| access_log off; | |
| etag on; | |
| expires max; | |
| } | |
| location /assets { | |
| alias /path/to/ghost/content/themes/Next/assets/; | |
| access_log off; | |
| etag on; | |
| expires max; | |
| } | |
| location ~ ^/(?:ghost|signout) { | |
| proxy_set_header X-Real-IP $remote_addr; | |
| proxy_set_header Host $http_host; | |
| proxy_pass http://127.0.0.1:port; | |
| add_header Cache-Control "no-cache, private, no-store,must-revalidate, max-stale=0, post-check=0, pre-check=0"; | |
| proxy_set_header X-Forwarded-Proto https; | |
| } | |
| error_page 404 /404.html; | |
| error_page 500 502 503 504 /50x.html; | |
| location = /50x.html { | |
| root /path/to/50x.html; | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment