Last active
December 25, 2015 04:29
-
-
Save robertz/6917656 to your computer and use it in GitHub Desktop.
Nginx server configuration for SSL-enabled site
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| server { | |
| listen 80; | |
| server_name domain.com; | |
| rewrite ^(.*) https://$server_name$1 permanent; | |
| } | |
| server { | |
| listen 443 ssl; | |
| server_name domain.com; | |
| client_max_body_size 50M; | |
| access_log /var/logs/domain.com_access.log buffer=32k; | |
| error_log /var/logs/domain.com_errors.log; | |
| root /var/www/domain.com; | |
| index index.cfm; | |
| ssl_certificate /etc/ssl/certs/secure_cert_nginx.crt; | |
| ssl_certificate_key /etc/ssl/private/secure_cert_nginx.key; | |
| # https://www.owasp.org/index.php/HTTP_Strict_Transport_Security | |
| add_header Strict-Transport-Security "max-age=2592000; includeSubdomains"; | |
| # This block will catch static file requests, such as images, css, js | |
| # The ?: prefix is a 'non-capturing' mark, meaning we do not require | |
| # the pattern to be captured into $1 which should help improve performance | |
| location ~* \.(?:ico|css|js|gif|jpe?g|png)$ { | |
| # Some basic cache-control for static files to be sent to the browser | |
| expires max; | |
| add_header Pragma public; | |
| add_header Cache-Control "public, must-revalidate, proxy-revalidate"; | |
| } | |
| include drop.conf; | |
| include railo.conf; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment