# redirect from non-www to www
# uncomment, save file and restart Nginx to enable
#server {
# listen 80;
# server_name MyDomain.com;
# return 301 $scheme://www.MyDomain.com$request_uri;
# }
server {
listen 80;
server_name MyDomain.com www.MyDomain.com;
return 301 $scheme://www.MyDomain.com$request_uri;
}
server {
listen 443 ssl spdy;
server_name MyDomain.com;
ssl_certificate /usr/local/nginx/conf/ssl/MyDomain.com/MyDomain.com-unified.crt;
ssl_certificate_key /usr/local/nginx/conf/ssl/MyDomain.com/MyDomain_com.key;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:AES128:AES256:RC4-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!kEDH:!EDH:!CAMELLIA;
ssl_prefer_server_ciphers on;
add_header Alternate-Protocol 443:npn-spdy/3;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
#add_header X-Content-Type-Options "nosniff";
#add_header X-Frame-Options DENY;
# nginx 1.5.9+ or higher
# http://n...content-available-to-author-only...x.org/en/docs/http/ngx_http_spdy_module.html#spdy_headers_comp
# http://n...content-available-to-author-only...x.org/en/docs/http/ngx_http_ssl_module.html#ssl_buffer_size
# spdy_headers_comp 0;
# ssl_buffer_size 4k;
# enable ocsp stapling
resolver 8.8.8.8;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /usr/local/nginx/conf/ssl/MyDomain.com/MyDomain.com-trusted.crt;
# ngx_pagespeed & ngx_pagespeed handler
include /usr/local/nginx/conf/pagespeed.conf;
#include /usr/local/nginx/conf/pagespeedhandler.conf;
#include /usr/local/nginx/conf/pagespeedstatslog.conf;
# limit_conn limit_per_ip 16;
# ssi on;
access_log /home/nginx/domains/MyDomain.com/log/access.log combined buffer=32k;
error_log /home/nginx/domains/MyDomain.com/log/error.log;
root /home/nginx/domains/MyDomain.com/public;
location / {
# block common exploits, sql injections etc
include /usr/local/nginx/conf/block.conf;
# Enables directory listings when index file not found
#autoindex on;
# Shows file listing times as local time
#autoindex_localtime on;
# Enable for vBulletin usage WITHOUT vbSEO installed
#try_files $uri $uri/ /index.php;
try_files $uri $uri/ /index.php?q=$request_uri;
}
location ~ ^/(wp-login\.php){
auth_basic "Administrator Login";
auth_basic_user_file /usr/local/nginx/conf/wppasswd;
include /usr/local/nginx/conf/php.conf;
}
include /usr/local/nginx/conf/wpsecure.conf;
include /usr/local/nginx/conf/staticfiles.conf;
include /usr/local/nginx/conf/php.conf;
include /usr/local/nginx/conf/drop.conf;
#include /usr/local/nginx/conf/errorpage.conf;
}