Discover Centmin Mod today
Register Now

Master Branch add /usr/local/nginx/conf/ss-include.conf template

Discussion in 'Centmin Mod Github Commits' started by eva2000, Jun 25, 2015.

Tags:
  1. eva2000

    eva2000 Administrator Staff Member

    36,055
    7,910
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,192
    Local Time:
    8:14 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
  2. rdan

    rdan Premium Member Premium Member

    4,255
    1,034
    113
    May 25, 2014
    Ratings:
    +1,486
    Local Time:
    6:14 PM
    Mainline
    10.2
    I'm doing something like this long time ago :D
    Easier to mange vhost file :)
     
  3. eva2000

    eva2000 Administrator Staff Member

    36,055
    7,910
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,192
    Local Time:
    8:14 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    yes less confusing for some folks to have them separate for http and https and have include file for commonly required set values across multiple https/SSL sites :)
     
  4. rdan

    rdan Premium Member Premium Member

    4,255
    1,034
    113
    May 25, 2014
    Ratings:
    +1,486
    Local Time:
    6:14 PM
    Mainline
    10.2
    You may include:
    Code:
    keepalive_timeout 300;
    add_header Strict-Transport-Security "max-age=15552000; includeSubdomains;";
    add_header X-Content-Type-Options "nosniff";
    add_header Alternate-Protocol 443:npn-spdy/3;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:50m;
    ssl_session_timeout 24h;
    spdy_headers_comp 6;
    spdy_keepalive_timeout 300;
    ssl_buffer_size 1400;
    ssl_session_tickets on;
    resolver 8.8.4.4 8.8.8.8 valid=300s;
    resolver_timeout 10s;
    ssl_stapling on;
    ssl_stapling_verify on;
    
     
  5. eva2000

    eva2000 Administrator Staff Member

    36,055
    7,910
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,192
    Local Time:
    8:14 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    some can't be included like HSTS if you want separate access to http and https for self-signed certificates etc but others can be added

    and some need to be added and auto generated with the nginx vhost creation routine so go into the vhost .conf file itself
     
    Last edited: Jun 26, 2015
..