-15 Removals
+0 Additions
#x# HTTPS-DEFAULT#x# HTTPS-DEFAULT
server { server {
server_name $vhost www.$vhost; server_name $vhost www.$vhost;
return 302 https://$vhost$request_uri; return 302 https://$vhost$request_uri;
include /usr/local/nginx/conf/staticfiles.conf; include /usr/local/nginx/conf/staticfiles.conf;
} }
server {server {
listen 443 ssl http2; listen 443 ssl http2;
server_name $vhost www.$vhost; server_name $vhost www.$vhost;
include /usr/local/nginx/conf/ssl/$vhost/$vhost.crt.key.conf; include /usr/local/nginx/conf/ssl/$vhost/$vhost.crt.key.conf;
include /usr/local/nginx/conf/ssl_include.conf; include /usr/local/nginx/conf/ssl_include.conf;
# cloudflare authenticated origin pull cert community.centminmod.com/threads/13847/ # cloudflare authenticated origin pull cert community.centminmod.com/threads/13847/
#ssl_client_certificate /usr/local/nginx/conf/ssl/cloudflare/$vhost/origin.crt; #ssl_client_certificate /usr/local/nginx/conf/ssl/cloudflare/$vhost/origin.crt;
#ssl_verify_client on; #ssl_verify_client on;
http2_max_field_size 16k; http2_max_field_size 16k;
http2_max_header_size 32k; http2_max_header_size 32k;
# mozilla recommended # mozilla recommended
ssl_ciphers TLS13-AES-128-GCM-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS; ssl_ciphers TLS13-AES-128-GCM-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
ssl_prefer_server_ciphers on; ssl_prefer_server_ciphers on;
#add_header Alternate-Protocol 443:npn-spdy/3; #add_header Alternate-Protocol 443:npn-spdy/3;
# before enabling HSTS line below read centminmod.com/nginx_domain_dns_setup.html#hsts # before enabling HSTS line below read centminmod.com/nginx_domain_dns_setup.html#hsts
#add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;"; #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
#add_header X-Frame-Options SAMEORIGIN; #add_header X-Frame-Options SAMEORIGIN;
add_header X-Xss-Protection "1; mode=block" always; add_header X-Xss-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always; add_header X-Content-Type-Options "nosniff" always;
#add_header Referrer-Policy "strict-origin-when-cross-origin"; #add_header Referrer-Policy "strict-origin-when-cross-origin";
#spdy_headers_comp 5; #spdy_headers_comp 5;
ssl_buffer_size 1369; ssl_buffer_size 1369;
ssl_session_tickets on; ssl_session_tickets on;
# enable ocsp stapling # enable ocsp stapling
resolver 8.8.8.8 8.8.4.4 1.1.1.1 1.0.0.1 valid=10m; resolver 8.8.8.8 8.8.4.4 1.1.1.1 1.0.0.1 valid=10m;
resolver_timeout 10s; resolver_timeout 10s;
ssl_stapling on; ssl_stapling on;
ssl_stapling_verify on; ssl_stapling_verify on;
# ngx_pagespeed & ngx_pagespeed handler# ngx_pagespeed & ngx_pagespeed handler
#include /usr/local/nginx/conf/pagespeed.conf;#include /usr/local/nginx/conf/pagespeed.conf;
#include /usr/local/nginx/conf/pagespeedhandler.conf;#include /usr/local/nginx/conf/pagespeedhandler.conf;
#include /usr/local/nginx/conf/pagespeedstatslog.conf;#include /usr/local/nginx/conf/pagespeedstatslog.conf;
# limit_conn limit_per_ip 16; # limit_conn limit_per_ip 16;
# ssi on; # ssi on;
access_log /home/nginx/domains/$vhost/log/access.log combined buffer=256k flush=5m; access_log /home/nginx/domains/$vhost/log/access.log combined buffer=256k flush=5m;
error_log /home/nginx/domains/$vhost/log/error.log; error_log /home/nginx/domains/$vhost/log/error.log;
include /usr/local/nginx/conf/autoprotect/$vhost/autoprotect-$vhost.conf; include /usr/local/nginx/conf/autoprotect/$vhost/autoprotect-$vhost.conf;
root /home/nginx/domains/$vhost/public; root /home/nginx/domains/$vhost/public;
# uncomment cloudflare.conf include if using cloudflare for # uncomment cloudflare.conf include if using cloudflare for
# server and/or vhost site # server and/or vhost site
#include /usr/local/nginx/conf/cloudflare.conf; #include /usr/local/nginx/conf/cloudflare.conf;
include /usr/local/nginx/conf/503include-main.conf; include /usr/local/nginx/conf/503include-main.conf;
include /usr/local/nginx/conf/wpincludes/$vhost/wpcacheenabler_$vhost.conf; include /usr/local/nginx/conf/wpincludes/$vhost/wpcacheenabler_$vhost.conf;
#include /usr/local/nginx/conf/wpincludes/$vhost/wpsupercache_$vhost.conf; #include /usr/local/nginx/conf/wpincludes/$vhost/wpsupercache_$vhost.conf;
# https://community.centminmod.com/posts/18828/ # https://community.centminmod.com/posts/18828/
#include /usr/local/nginx/conf/wpincludes/$vhost/rediscache_$vhost.conf; #include /usr/local/nginx/conf/wpincludes/$vhost/rediscache_$vhost.conf;
# uncomment ddos.conf and blockbots.conf include # uncomment ddos.conf and blockbots.conf include
# if using the ultimate badbot blocker guide after testing # if using the ultimate badbot blocker guide after testing
# https://community.centminmod.com/threads/nginx-ultimate-bad-block-blocker.14413/ # https://community.centminmod.com/threads/nginx-ultimate-bad-block-blocker.14413/
include /usr/local/nginx/conf/ultimate-badbot-blocker/bots.d/ddos.conf; include /usr/local/nginx/conf/ultimate-badbot-blocker/bots.d/ddos.conf;
include /usr/local/nginx/conf/ultimate-badbot-blocker/bots.d/blockbots.conf; include /usr/local/nginx/conf/ultimate-badbot-blocker/bots.d/blockbots.conf;
location / { location / {
include /usr/local/nginx/conf/503include-only.conf; include /usr/local/nginx/conf/503include-only.conf;
# Enables directory listings when index file not found # Enables directory listings when index file not found
#autoindex on; #autoindex on;
# for wordpress super cache plugin # for wordpress super cache plugin
#try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php?q=$uri&$args; #try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php?q=$uri&$args;
# for wp cache enabler plugin # for wp cache enabler plugin
try_files $cache_enabler_uri $uri $uri/ $custom_subdir/index.php?$args; try_files $cache_enabler_uri $uri $uri/ $custom_subdir/index.php?$args;
# Wordpress Permalinks # Wordpress Permalinks
#try_files $uri $uri/ /index.php?q=$uri&$args; #try_files $uri $uri/ /index.php?q=$uri&$args;
# Nginx level redis Wordpress # Nginx level redis Wordpress
# https://community.centminmod.com/posts/18828/ # https://community.centminmod.com/posts/18828/
#try_files $uri $uri/ /index.php?$args; #try_files $uri $uri/ /index.php?$args;
} }
location ~* /(wp-login\.php) {location ~* /(wp-login\.php) {
limit_req zone=xwplogin burst=1 nodelay; limit_req zone=xwplogin burst=1 nodelay;
#limit_conn xwpconlimit 30; #limit_conn xwpconlimit 30;
auth_basic "Private"; auth_basic "Private";
auth_basic_user_file /home/nginx/domains/$vhost/htpasswd_wplogin; auth_basic_user_file /home/nginx/domains/$vhost/htpasswd_wplogin;
include /usr/local/nginx/conf/php-wpsc.conf; include /usr/local/nginx/conf/php-wpsc.conf;
# https://community.centminmod.com/posts/18828/ # https://community.centminmod.com/posts/18828/
#include /usr/local/nginx/conf/php-rediscache.conf; #include /usr/local/nginx/conf/php-rediscache.conf;
}}
location ~* /(xmlrpc\.php) {location ~* /(xmlrpc\.php) {
limit_req zone=xwprpc burst=45 nodelay; limit_req zone=xwprpc burst=45 nodelay;
#limit_conn xwpconlimit 30; #limit_conn xwpconlimit 30;
include /usr/local/nginx/conf/php-wpsc.conf; include /usr/local/nginx/conf/php-wpsc.conf;
# https://community.centminmod.com/posts/18828/ # https://community.centminmod.com/posts/18828/
#include /usr/local/nginx/conf/php-rediscache.conf; #include /usr/local/nginx/conf/php-rediscache.conf;
}}
location ~* /wp-admin/(load-scripts\.php) {location ~* /wp-admin/(load-scripts\.php) {
limit_req zone=xwprpc burst=5 nodelay; limit_req zone=xwprpc burst=5 nodelay;
#limit_conn xwpconlimit 30; #limit_conn xwpconlimit 30;
include /usr/local/nginx/conf/php-wpsc.conf; include /usr/local/nginx/conf/php-wpsc.conf;
# https://community.centminmod.com/posts/18828/ # https://community.centminmod.com/posts/18828/
#include /usr/local/nginx/conf/php-rediscache.conf; #include /usr/local/nginx/conf/php-rediscache.conf;
}}
location ~* /wp-admin/(load-styles\.php) {location ~* /wp-admin/(load-styles\.php) {
limit_req zone=xwprpc burst=5 nodelay; limit_req zone=xwprpc burst=5 nodelay;
#limit_conn xwpconlimit 30; #limit_conn xwpconlimit 30;
include /usr/local/nginx/conf/php-wpsc.conf; include /usr/local/nginx/conf/php-wpsc.conf;
# https://community.centminmod.com/posts/18828/ # https://community.centminmod.com/posts/18828/
#include /usr/local/nginx/conf/php-rediscache.conf; #include /usr/local/nginx/conf/php-rediscache.conf;
}}
location /webp {
#pagespeed off;
#pagespeed unplugged;
autoindex on;
add_header X-Robots-Tag "noindex, nofollow";
location ~* ^/webp/.+\.(png|jpe?g)$ {
expires 30d;
add_header Vary "Accept-Encoding";
add_header Cache-Control "public, no-transform";
try_files $uri$webp_extension $uri =404;
}
}
include /usr/local/nginx/conf/wpincludes/$vhost/wpsecure_$vhost.conf; include /usr/local/nginx/conf/wpincludes/$vhost/wpsecure_$vhost.conf;
include /usr/local/nginx/conf/php-wpsc.conf; include /usr/local/nginx/conf/php-wpsc.conf;
# https://community.centminmod.com/posts/18828/ # https://community.centminmod.com/posts/18828/
#include /usr/local/nginx/conf/php-rediscache.conf; #include /usr/local/nginx/conf/php-rediscache.conf;
include /usr/local/nginx/conf/pre-staticfiles-local-$vhost.conf; include /usr/local/nginx/conf/pre-staticfiles-local-$vhost.conf;
include /usr/local/nginx/conf/pre-staticfiles-global.conf; include /usr/local/nginx/conf/pre-staticfiles-global.conf;
include /usr/local/nginx/conf/staticfiles.conf; include /usr/local/nginx/conf/staticfiles.conf;
include /usr/local/nginx/conf/drop.conf; include /usr/local/nginx/conf/drop.conf;
#include /usr/local/nginx/conf/errorpage.conf; #include /usr/local/nginx/conf/errorpage.conf;
include /usr/local/nginx/conf/vts_server.conf; include /usr/local/nginx/conf/vts_server.conf;
Editor
Original Text
Changed Text