Last active
December 3, 2015 03:42
-
-
Save qianduan/0b1196697ff1d56d03d0 to your computer and use it in GitHub Desktop.
Revisions
-
qianduan renamed this gist
Dec 3, 2015 . 1 changed file with 0 additions and 0 deletions.There are no files selected for viewing
File renamed without changes. -
Dec 3, 2015 . 1 changed file with 0 additions and 0 deletions.There are no files selected for viewing
File renamed without changes. -
Dec 3, 2015 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,6 +1,6 @@ server{ listen 443 ssl http2; server_name www.qianduan.net;// youdomain.com ssl on; -
Dec 3, 2015 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,79 @@ server{ listen 443 ssl http2; server_name www.qianduan.net; ssl on; keepalive_timeout 300; charset utf-8; ssl_certificate /path/to/youdomian.crt; ssl_certificate_key /path/to/youdomian.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_session_cache shared:SSL:10m; ssl_session_timeout 24h; ssl_buffer_size 1400; ssl_stapling on; ssl_stapling_verify on; add_header X-Cache $upstream_cache_status; add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;"; #Disables all weak ciphers ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; ssl_prefer_server_ciphers on; location / { proxy_cache qdc; //cache name defined in nginx.conf proxy_cache_valid 200 30m; proxy_cache_valid 404 1m; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://127.0.0.1:port; proxy_ignore_headers X-Accel-Expires Expires Cache-Control; proxy_ignore_headers Set-Cookie; proxy_hide_header Set-Cookie; proxy_hide_header X-powerd-by; expires 10m; } location /content/images/ { alias /path/to/ghost/content/images/; access_log off; etag on; expires max; } location /assets { alias /path/to/ghost/content/themes/Next/assets/; access_log off; etag on; expires max; } location ~ ^/(?:ghost|signout) { proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $http_host; proxy_pass http://127.0.0.1:port; add_header Cache-Control "no-cache, private, no-store,must-revalidate, max-stale=0, post-check=0, pre-check=0"; proxy_set_header X-Forwarded-Proto https; } error_page 404 /404.html; error_page 500 502 503 504 /50x.html; location = /50x.html { root /path/to/50x.html; } }