commit
e8f1c4ffdc
1 changed files with 83 additions and 0 deletions
@ -0,0 +1,83 @@ |
|||||
|
# Redirect www http traffic to www https |
||||
|
|
||||
|
server{ |
||||
|
listen 80; |
||||
|
server_name www.yeetpc.com; |
||||
|
return 301 https://www.YOURSITEDOMAIN.com$request_uri; |
||||
|
} |
||||
|
|
||||
|
# Redirect non-www http traffic to www https |
||||
|
|
||||
|
server { |
||||
|
listen 80; |
||||
|
server_name yeetpc.com; |
||||
|
return 301 https://www.YOURSITEDOMAIN.com$request_uri; |
||||
|
} |
||||
|
|
||||
|
# Redirect non-www https traffic to www https |
||||
|
|
||||
|
server { |
||||
|
listen 443; |
||||
|
server_name yeetpc.com; |
||||
|
return 301 https://www.YOURSITEDOMAIN.com$request_uri; |
||||
|
|
||||
|
# SSL configuration |
||||
|
|
||||
|
ssl_certificate /etc/letsencrypt/live/YOURSITEDOMAIN.com/fullchain.pem; |
||||
|
ssl_certificate_key /etc/letsencrypt/live/YOURSITEDOMAIN.com/privkey.pem; |
||||
|
ssl on; |
||||
|
ssl_session_cache builtin:1000 shared:SSL:10m; |
||||
|
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; |
||||
|
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4; |
||||
|
ssl_prefer_server_ciphers on; |
||||
|
} |
||||
|
|
||||
|
# Main server block for www https |
||||
|
|
||||
|
server { |
||||
|
|
||||
|
listen 443; |
||||
|
server_name www.YOURSITEDOMAIN.com; |
||||
|
|
||||
|
# SSL configuration |
||||
|
|
||||
|
ssl_certificate /etc/letsencrypt/live/YOURSITEDOMAIN.com/fullchain.pem; |
||||
|
ssl_certificate_key /etc/letsencrypt/live/YOURSITEDOMAIN.com/privkey.pem; |
||||
|
ssl on; |
||||
|
ssl_session_cache builtin:1000 shared:SSL:10m; |
||||
|
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; |
||||
|
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4; |
||||
|
ssl_prefer_server_ciphers on; |
||||
|
|
||||
|
# Set the access log location |
||||
|
|
||||
|
access_log /var/log/nginx/YOURSITEDOMAIN.access.log; |
||||
|
|
||||
|
location / { |
||||
|
|
||||
|
# Set the proxy headers |
||||
|
|
||||
|
proxy_set_header Host $host; |
||||
|
proxy_set_header X-Real-IP $remote_addr; |
||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; |
||||
|
proxy_set_header X-Forwarded-Proto $scheme; |
||||
|
|
||||
|
# Configure which address the request is proxied to |
||||
|
|
||||
|
proxy_pass http://YOURSERVER:YOURPORT; |
||||
|
proxy_read_timeout 90; |
||||
|
proxy_redirect http://YOURSERVER:YOURPORT https://www.YOURSITEDOMAIN.com; |
||||
|
|
||||
|
# Set the security headers |
||||
|
|
||||
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"; #HSTS |
||||
|
add_header X-Frame-Options DENY; #Prevents clickjacking |
||||
|
add_header X-Content-Type-Options nosniff; #Prevents mime sniffing |
||||
|
add_header X-XSS-Protection "1; mode=block"; #Prevents cross-site scripting attacks |
||||
|
add_header Referrer-Policy "origin"; #Idk what this actually does |
||||
|
|
||||
|
# Rewrite all URI's so they have a trailing slash |
||||
|
|
||||
|
rewrite ^([^.]*[^/])$ $1/ permanent; |
||||
|
} |
||||
|
} |
||||
Write
Preview
Loading…
Cancel
Save
Reference in new issue