nailuoGG
6/14/2016 - 6:18 AM
nginx.conf
upstream ghost_upstream {
server 127.0.0.1:2368;
keepalive 64;
}
proxy_cache_path /var/run/cache levels=1:2 keys_zone=STATIC:75m inactive=24h max_size=512m;
server {
listen 80;
server_name nailuogg.me www.nailuogg.me;
server_tokens off;
return 301 https://$host$request_uri;
}
server {
server_name nailuogg.me www.nailuogg.me;
server_tokens off;
listen 443 ssl spdy;
spdy_headers_comp 6;
spdy_keepalive_timeout 300;
listen 443 ssl;
keepalive_timeout 300;
ssl_certificate_key /etc/letsencrypt/archive/nailuogg.me/privkey1.pem;
ssl_certificate /etc/letsencrypt/archive/nailuogg.me/fullchain1.pem;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 24h;
ssl_buffer_size 1400;
ssl_stapling on;
ssl_stapling_verify on;
#ssl_trusted_certificate /etc/nginx/ssl/trust.crt;
ssl_dhparam /etc/letsencrypt/archive/nailuogg.me/dhparams.pem;
resolver 8.8.8.8 8.8.4.4 valid=300s;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains';
add_header X-Cache $upstream_cache_status;
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options deny;
location / {
proxy_cache STATIC;
proxy_cache_valid 200 30m;
proxy_cache_valid 404 1m;
proxy_pass http://ghost_upstream;
proxy_ignore_headers X-Accel-Expires Expires Cache-Control;
proxy_ignore_headers Set-Cookie;
proxy_hide_header Set-Cookie;
proxy_hide_header X-powered-by;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Host $http_host;
expires 10m;
}
location /content/images {
alias /home/nailuoGG/ghost/content/images;
access_log off;
expires max;
}
location /assets {
alias /home/nailuoGG/ghost/content/themes/vno/assets;
access_log off;
expires max;
}
location /public {
alias /home/nailuoGG/ghost/built/public;
access_log off;
expires max;
}
location /ghost/scripts {
alias /home/nailuoGG/ghost/core/built/scripts;
access_log off;
expires max;
}
location ~ ^/(?:ghost|signout) {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_pass http://ghost_upstream;
add_header Cache-Control "no-cache, private, no-store,
must-revalidate, max-stale=0, post-check=0, pre-check=0";
proxy_set_header X-Forwarded-Proto https;
}
}