nginx

Nginx global config

Nginx global config for you sites-enabled in Ubuntu / Debian.

Every time when you have the same config per vhost then it is better to work with global settings.

Here is an example with the SSL config in Nginx. When you have one global config it is easy to don’t forget something.

/etc/nginx/global/ssl.conf

	ssl on;

	ssl_trusted_certificate /etc/nginx/ssl/ca.pem;
	ssl_session_timeout 5m;
	ssl_session_cache shared:SSL:10m;

	ssl_stapling on;
	ssl_stapling_verify on;
	resolver 8.8.4.4 8.8.8.8 valid=300s;
	resolver_timeout 10s;

	add_header Strict-Transport-Security max-age=63072000;
	add_header X-Frame-Options DENY;
	add_header X-Content-Type-Options nosniff;

	ssl_prefer_server_ciphers on;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # not possible to do exclusive
	ssl_ciphers 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA';
	add_header Strict-Transport-Security max-age=15768000; # six months
	# use this only if all subdomains support HTTPS!
	add_header Strict-Transport-Security "max-age=15768000; includeSubDomains";

/etc/nginx/sites-enabled/www_safematix_com

server {
	listen [2a01:4f8:210:3101::12]:443 ssl spdy;
	listen 443 ssl spdy;
	spdy_headers_comp 5;

	server_name www.safematix.com safematix.com;

	root /srv/www/www_safematix_com/htdocs;
	index index.php index.html index.htm;

	access_log   /srv/www/www_safematix_com/log/www.safematix.com_ssl.access.log;
        error_log    /srv/www/www_safematix_com/log/www.safematix.com_ssl.error.log;

        ssl_certificate /etc/nginx/ssl/safematix/www.safematix.com.crt;
        ssl_certificate_key /etc/nginx/ssl/safematix/www.safematix.com.key;

        ssl_dhparam /etc/nginx/ssl/safematix/www.safematix.com-dhparam.pem;

	set $siteport 9001;

	include global/ssl.conf;
	include global/restrictions.conf;
	include global/wordpress.conf;
	include global/php.conf;
}

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.