Skip to content

Instantly share code, notes, and snippets.

@andrefsp

andrefsp/gist:5198848

Forked from perusio/gist:1695505
Created March 19, 2013 18:36
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save andrefsp/5198848 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save andrefsp/5198848 to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. @perusio perusio revised this gist Jan 28, 2012. 1 changed file with 2 additions and 2 deletions.
    4 changes: 2 additions & 2 deletions gistfile1.txt
    View file
    Original file line number Diff line number Diff line change
    @@ -13,7 +13,7 @@ map $is_secure $not_secure {
    server {
    listen [::]:443 ssl;
    server_name ssl.example.com;
    limit_conn arbeit 10;
    limit_conn arbeit 32;

    if ($is_secure) {
    return 302 https://ssl.example.com$request_uri;
    @@ -43,7 +43,7 @@ server {
    server {
    listen [::]:443 ssl;
    server_name ssl.example.com;
    limit_conn arbeit 10;
    limit_conn arbeit 32;


    if ($not_secure) {
  2. @perusio perusio revised this gist Jan 28, 2012. 1 changed file with 4 additions and 0 deletions.
    4 changes: 4 additions & 0 deletions gistfile1.txt
    View file
    Original file line number Diff line number Diff line change
    @@ -4,6 +4,10 @@ map $http_cookie $is_secure {
    ~SESS 1; # there's a session cookie (use SSL - authenticated user)
    }

    map $is_secure $not_secure {
    1 0;
    0 1;
    }

    ## In the non-SSL host
    server {
  3. @perusio perusio created this gist Jan 28, 2012.
    79 changes: 79 additions & 0 deletions gistfile1.txt
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,79 @@
    ## At the http level
    map $http_cookie $is_secure {
    default 0;
    ~SESS 1; # there's a session cookie (use SSL - authenticated user)
    }


    ## In the non-SSL host
    server {
    listen [::]:443 ssl;
    server_name ssl.example.com;
    limit_conn arbeit 10;

    if ($is_secure) {
    return 302 https://ssl.example.com$request_uri;
    }

    ## Access and error logs.
    access_log /var/log/nginx/example.com_access.log;
    error_log /var/log/nginx/example.com_error.log;

    ## Keep alive timeout set to a greater value for SSL/TLS.
    keepalive_timeout 10 10;

    root /var/www/sites/example.com;
    index index.php;

    ## If you're using a Nginx version greater or equal to 1.1.4 then
    ## you can use keep alive connections to the upstream be it
    ## FastCGI or Apache. If that's not the case comment out the line below.
    fastcgi_keep_conn on; # keep alive to the FCGI upstream

    #... more stuff ...

    } # HTTP server


    ## In the SSL host
    server {
    listen [::]:443 ssl;
    server_name ssl.example.com;
    limit_conn arbeit 10;


    if ($not_secure) {
    return 302 http://example.com$request_uri;
    }

    ## Get the 497 error (HTTP request on a HTTPS host).
    error_page 497 =302 https://ssl.example.com$request_uri;

    ## Access and error logs.
    access_log /var/log/nginx/ssl.example.com_access.log;
    error_log /var/log/nginx/ssl.example.com_error.log;

    ## Keep alive timeout set to a greater value for SSL/TLS.
    keepalive_timeout 75 75;

    ## See the keepalive_timeout directive in nginx.conf.
    ## Server certificate and key.
    ssl_certificate /etc/ssl/certs/example-cert.pem;
    ssl_certificate_key /etc/ssl/private/example.key;

    ## Strict Transport Security header for enhanced security. See
    ## http://www.chromium.org/sts. I've set it to 2 hours; set it to
    ## whichever age you want.
    add_header Strict-Transport-Security "max-age=7200";

    root /var/www/sites/example.com;
    index index.php;

    ## If you're using a Nginx version greater or equal to 1.1.4 then
    ## you can use keep alive connections to the upstream be it
    ## FastCGI or Apache. If that's not the case comment out the line below.
    fastcgi_keep_conn on; # keep alive to the FCGI upstream

    #... more stuff ...

    } # HTTPS server