1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
| server {
listen 80;
listen 443 ssl http2;
ssl_certificate /usr/local/nginx/conf/ssl/www.guanlinwu.cn.crt;
ssl_certificate_key /usr/local/nginx/conf/ssl/www.guanlinwu.cn.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_timeout 10m;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_buffer_size 1400;
add_header Strict-Transport-Security max-age=15768000;
ssl_stapling on;
ssl_stapling_verify on;
server_name www.guanlinwu.cn;
access_log /data/wwwlogs/www.guanlinwu.cn_nginx.log combined;
index index.html index.htm index.php;
root /data/wwwroot/www.guanlinwu.cn;
if ($ssl_protocol = "") { return 301 https://$host$request_uri; }
location / {
try_files $uri @apache;
}
location @apache {
proxy_pass http://127.0.0.1:88;
include proxy.conf;
}
location ~ .*\.(php|php5|cgi|pl)?$ {
proxy_pass http://127.0.0.1:88;
include proxy.conf;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|mp4|ico)$ {
expires 30d;
access_log off;
}
location ~ .*\.(js|css)?$ {
expires 7d;
access_log off;
}
location ~ /\.ht {
deny all;
}
}
|