Last active
August 29, 2015 14:13
-
-
Save Abundnce10/bdeed7ecf881fbe489e6 to your computer and use it in GitHub Desktop.
/etc/nginx/sites-enabled/default
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #--- ssl.conf --- | |
| ssl_prefer_server_ciphers on; | |
| ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |
| #ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; | |
| ssl_ciphers 'HIGH+EECDH +TLSv1 +3DES HIGH+EDH +HIGH+TLSv1+EDH +HIGH+3DES+EDH HIGH+kRSA +kRSA+TLSv1 +3DES+kRSA !SRP !PSK !DSS !MD5 !LOW !MEDIUM !aNULL'; | |
| #--- default.conf --- | |
| server { | |
| listen 80 default_server; | |
| server_name _default80_; # example.com www.example.com; | |
| return 301 https://www.example.com$request_uri; | |
| } | |
| server { | |
| listen 443 default_server ssl; | |
| listen [::]:443 default_server ssl; | |
| server_name _default443_; # also handles example.com | |
| # these certs won't be valid, and anyone visiting a domain over ssl, other than example.com, will get an ssl error before the redirect. | |
| ssl_certificate ssl/bundle.cer; | |
| ssl_certificate_key ssl/key.pem; | |
| return 301 https://www.example.com$request_uri; | |
| } | |
| #--- example.com.conf --- | |
| server { | |
| listen 443 ssl; | |
| listen [::]:443 ssl; | |
| server_name www.example.com; | |
| ssl_certificate ssl/bundle.cer; | |
| ssl_certificate_key ssl/key.pem; | |
| add_header Strict-Transport-Security "max-age=31536000; includeSubdomains"; | |
| passenger_enabled on; | |
| rails_env production; | |
| root /home/deploy/example/current/public; | |
| error_page 500 502 503 504 /50x.html; | |
| location = /50x.html { | |
| root html; | |
| } | |
| } |
Author
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This will redirect traffic from http://www.example.com, http://example.com, and https://example.com to https://www.example.com