-
Notifications
You must be signed in to change notification settings - Fork 1
/
nginx_conf.txt
156 lines (137 loc) · 4.6 KB
/
nginx_conf.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
#youreauc.win http www + without www -> https without www
server{
listen 80;
server_name www.youreauc.win youreauc.win;
return 301 https://youreauc.win$request_uri;
}
#youreauc.win https www -> https without www
server{
listen 443 ssl http2;
ssl_certificate /etc/letsencrypt/live/youreauc.win/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/youreauc.win/privkey.pem;
ssl_dhparam /etc/letsencrypt/live/youreauc.win/dhparams.pem;
#ssl_session_timeout 10m;
add_header Strict-Transport-Security "max-age=31536000;";
server_name www.youreauc.win;
return 301 https://youreauc.win$request_uri;
}
#main block youreauc.win - https without www
server{
listen 443 ssl http2;
root /var/www/youreauc;
index index.php;
server_name youreauc.win;
ssl_certificate /etc/letsencrypt/live/youreauc.win/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/youreauc.win/privkey.pem;
ssl_dhparam /etc/letsencrypt/live/youreauc.win/dhparams.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
ssl_session_timeout 10m;
add_header Strict-Transport-Security "max-age=31536000;";
charset utf-8;
underscores_in_headers on;
access_log /var/www/access_youreauc.log;
error_log /var/www/error_youreauc.log;
gzip on;
gzip_vary on;
gzip_comp_level 6;
gzip_min_length 1024;
gzip_proxied any;
gzip_types text/plain text/css image/svg+xml image/svg application/json application/javascript application/x-javascript text/*;
gzip_buffers 16 8k;
add_header X-Frame-Options "DENY";
error_page 403 @notphp;
error_page 404 /404.html;
location = /404.html {
root /var/www/youreauc/html;
internal;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /var/www/youreauc/html;
#add_header Content-Type "application/json; charset=utf-8" always;
#add_header Pragma "no-cache" always;
internal;
}
#location ~* \.tpl$ { access_log off; error_log off; log_not_found off; return 404; }
#location ~* \.sql$ { access_log off; error_log off; log_not_found off; return 404; }
#location ~* \.conf$ { access_log off; error_log off; log_not_found off; return 404; }
#location /view/ { access_log off; error_log off; log_not_found off; return 404; }
location /css/ {
root /var/www/youreauc/stc;
try_files $uri $uri/ =404;
expires max;
access_log off;
error_log off;
}
location /js/ {
root /var/www/youreauc/stc;
try_files $uri $uri/ =404;
expires max;
access_log off;
error_log off;
}
location /fonts/ {
root /var/www/youreauc/stc;
try_files $uri $uri/ =404;
expires max;
access_log off;
error_log off;
}
location /html/ {
root /var/www/youreauc/stc;
try_files $uri $uri/ =404;
access_log off;
error_log off;
}
location /img/ {
root /var/www/youreauc/stc;
try_files $uri $uri/ =404;
expires max;
access_log off;
error_log off;
}
#n2o ws
location /ws {
access_log off;
proxy_pass http://127.0.0.1:4025;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 86400s;
proxy_send_timeout 86400s;
proxy_set_header HOST $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
}
location / {
##try_files $uri $uri/ @php;
#try_files $uri $uri/ /index.php?$request_uri;
##try_files @php @php;
try_files $uri @notphp @notphp;
}
location = /index.php {
#try_files @php @php;
try_files @notphp @notphp;
}
#location @php {
##proxy_set_header HOST $host;
##proxy_set_header X-Real-IP $remote_addr;
##proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
##proxy_set_header Host $http_host;
##proxy_pass http://127.0.0.1:4099;
#fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
#fastcgi_pass unix:/run/php/php7.0-fpm.sock;
#fastcgi_index index.php;
#include fastcgi_params;
#}
location @notphp {
proxy_set_header HOST $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_pass http://127.0.0.1:4025;
}
}