Public
Snippet $46 authored by Boris Kocherov

/etc/nginx/sites-enabled/d1.erp5.ru.conf

Edited
d1.erp5.ru.conf
server {
        listen       :80;
        listen       [::]:80;
        server_name  d1.erp5.ru;
        location / {
                client_max_body_size       192m;
                client_body_buffer_size    128k;

                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header Host $http_host;
                proxy_redirect off;
                proxy_buffering off;

                proxy_pass  http://127.0.0.1:80/;
        }
}

server {
        listen       :52152 ssl spdy;
        listen       [::]:52152 ssl spdy;
        server_name  d1.erp5.ru;

        ssl_certificate      /etc/nginx/ssl/d1.erp5.ru.pem;
        ssl_certificate_key  /etc/nginx/ssl/d1.erp5.ru.key;
        ssl_session_timeout 24h;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
        ssl_prefer_server_ciphers on;
        add_header Strict-Transport-Security "max-age=31536000;";
        add_header Content-Security-Policy-Report-Only "default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report";
        add_header Alternate-Protocol  443:npn-spdy/2;
        ## Specifies a file with DH parameters for EDH ciphers
        ## Run "openssl dhparam -out /path/to/ssl/dhparam.pem 2048" in
        ## terminal to generate it
        ssl_dhparam /etc/nginx/ssl/dhparam.pem;

        ssl_stapling on;
        resolver 8.8.8.8;
        ssl_stapling_verify on;

        # output compression saves bandwidth
        gzip  on;
        gzip_min_length  300;
        gzip_http_version 1.1;
        gzip_vary on;
        gzip_comp_level 6;
        gzip_proxied any;
        gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript;

        # make sure gzip does not lose large gzipped js or css files
        # see http://blog.leetsoft.com/2007/7/25/nginx-gzip-ssl
        gzip_buffers 16 8k;

        # Disable gzip for certain browsers.
        gzip_disable <93>MSIE [1-6].(?!.*SV1)<94>;

        keepalive_timeout  75 20;

        access_log /var/log/nginx/access_log main;
        error_log /var/log/nginx/error_log info;

        root /var/www-static/;

        location ~ ^/~(.+?)(/.*)?$ {
            alias /home/$1/public_html$2;
            index  index.html index.htm;
            autoindex on;
        }


        location / {
                client_max_body_size       192m;
                client_body_buffer_size    128k;

                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header Host $http_host;
                proxy_redirect off;
                proxy_buffering off;

                proxy_pass  http://10.0.38.184:2200/VirtualHostBase/https/d1.erp5.ru:52152/;
        }
}