Created
January 28, 2012 19:25
-
-
Save perusio/1695505 to your computer and use it in GitHub Desktop.
Revisions
-
perusio revised this gist
Jan 28, 2012 . 1 changed file with 2 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -13,7 +13,7 @@ map $is_secure $not_secure { server { listen [::]:443 ssl; server_name ssl.example.com; limit_conn arbeit 32; if ($is_secure) { return 302 https://ssl.example.com$request_uri; @@ -43,7 +43,7 @@ server { server { listen [::]:443 ssl; server_name ssl.example.com; limit_conn arbeit 32; if ($not_secure) { -
Jan 28, 2012 . 1 changed file with 4 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -4,6 +4,10 @@ map $http_cookie $is_secure { ~SESS 1; # there's a session cookie (use SSL - authenticated user) } map $is_secure $not_secure { 1 0; 0 1; } ## In the non-SSL host server { -
Jan 28, 2012 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,79 @@ ## At the http level map $http_cookie $is_secure { default 0; ~SESS 1; # there's a session cookie (use SSL - authenticated user) } ## In the non-SSL host server { listen [::]:443 ssl; server_name ssl.example.com; limit_conn arbeit 10; if ($is_secure) { return 302 https://ssl.example.com$request_uri; } ## Access and error logs. access_log /var/log/nginx/example.com_access.log; error_log /var/log/nginx/example.com_error.log; ## Keep alive timeout set to a greater value for SSL/TLS. keepalive_timeout 10 10; root /var/www/sites/example.com; index index.php; ## If you're using a Nginx version greater or equal to 1.1.4 then ## you can use keep alive connections to the upstream be it ## FastCGI or Apache. If that's not the case comment out the line below. fastcgi_keep_conn on; # keep alive to the FCGI upstream #... more stuff ... } # HTTP server ## In the SSL host server { listen [::]:443 ssl; server_name ssl.example.com; limit_conn arbeit 10; if ($not_secure) { return 302 http://example.com$request_uri; } ## Get the 497 error (HTTP request on a HTTPS host). error_page 497 =302 https://ssl.example.com$request_uri; ## Access and error logs. access_log /var/log/nginx/ssl.example.com_access.log; error_log /var/log/nginx/ssl.example.com_error.log; ## Keep alive timeout set to a greater value for SSL/TLS. keepalive_timeout 75 75; ## See the keepalive_timeout directive in nginx.conf. ## Server certificate and key. ssl_certificate /etc/ssl/certs/example-cert.pem; ssl_certificate_key /etc/ssl/private/example.key; ## Strict Transport Security header for enhanced security. See ## http://www.chromium.org/sts. I've set it to 2 hours; set it to ## whichever age you want. add_header Strict-Transport-Security "max-age=7200"; root /var/www/sites/example.com; index index.php; ## If you're using a Nginx version greater or equal to 1.1.4 then ## you can use keep alive connections to the upstream be it ## FastCGI or Apache. If that's not the case comment out the line below. fastcgi_keep_conn on; # keep alive to the FCGI upstream #... more stuff ... } # HTTPS server