Skip to content

Commit

Permalink
Update nginx-sites-enabled.config
Browse files Browse the repository at this point in the history
  • Loading branch information
@AndreiD
AndreiD authored Sep 19, 2016
1 parent 3f74b67 commit e9944fc
Showing 1 changed file with 125 additions and 7 deletions.
132 changes: 125 additions & 7 deletions goodies/nginx-sites-enabled.config
View file
Original file line number Diff line number Diff line change
@@ -1,17 +1,53 @@
Nginx config:

server {
listen 80 default;
server_name domain.com;
server_name www.domain.com;
listen 80;
listen [::]:80;


root /home/cleverbots;

# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;

server_name domain.com www.domain.com



# SSL configuration
#
listen 443 ssl http2;
listen [::]:443 ssl http2;

ssl_certificate /etc/letsencrypt/live/... chain;
ssl_certificate_key /etc/letsencrypt/live/... priv key;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_ecdh_curve secp384r1;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
# Disable preloading HSTS for now. You can use the commented out header line that includes
# the "preload" directive if you understand the implications.
#add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;

ssl_dhparam /etc/ssl/certs/dhparam.pem;

access_log /var/log/nginx/domain.com.access.log;

root /home/your_flask_project;


location /static/ {
expires max;
expires 30d;
add_header Last-Modified $sent_http_Expires;
alias /home/your_flask_project/app/static/;
alias /home/cleverbots/application/static/;
}


Expand All @@ -25,4 +61,86 @@ server {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:1337;
}



}

server {
listen 80;
listen [::]:80;


root /home/cleverbots/resume_bot;

# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;

server_name subdomain.domain.com;



# SSL configuration
#
listen 443 ssl http2;
listen [::]:443 ssl http2;

ssl_certificate /etc/letsencrypt/live/... chain;
ssl_certificate_key /etc/letsencrypt/live/... priv key;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_ecdh_curve secp384r1;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
# Disable preloading HSTS for now. You can use the commented out header line that includes
# the "preload" directive if you understand the implications.
#add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;

ssl_dhparam /etc/ssl/certs/dhparam.pem;




location /static/ {
expires 30d;
add_header Last-Modified $sent_http_Expires;
alias /home/cleverbots/resume_bot/static/;
}


location / {
try_files $uri @tornado2;

}

location @tornado2 {


proxy_pass http://localhost:1338;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;



proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}

}





0 comments on commit e9944fc

Please sign in to comment.