Perbedaan

Ini menunjukkan perbedaan antara versi yang terpilih dengan versi yang sedang aktif.

Tautan ke tampilan pembanding ini

linux:nginx.conf [2018/07/28 10:29] (sekarang)
Samsul Maarif dibuat
Baris 1: Baris 1:
 +<file situsku.conf>​
 +server {
 +   ​listen 80;
 +   ​server_name www.websiteku.id websiteku.id;​
 +   ​rewrite ^ https://​websiteku.id/​$1 permanent;
 +   #root /​home/​situs/​websiteku;​
 +   ​location / {
 +           ​try_files $uri $uri/ =404;
 +   }
 +}
  
 +server {
 +    listen 443 ssl http2;
 +
 +    root /​home/​situs/​websiteku;​
 +
 +    index index.php index.html index.htm index.nginx-debian.html;​
 +
 +    server_name www.websiteku.id websiteku.id;​
 +    error_page 401 403 404 /404.html;
 +    access_log /​var/​log/​nginx/​websiteku.id-access.log;​
 +    error_log /​var/​log/​nginx/​websiteku.id-error.log;​
 +    ssl on;
 +
 +    #### Certificate ####
 +    ssl_certificate /​home/​situs/​ssl/​fullchain.cer;​
 +    ssl_certificate_key /​home/​situs/​ssl/​websiteku.id.key;​
 +    ssl_trusted_certificate /​home/​situs/​ssl/​ca.cer;​
 +    ssl_dhparam /​home/​situs/​ssl/​dhparam/​dhparam.pem;​
 +    #### Certificate ####
 +
 +    ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
 +    ssl_prefer_server_ciphers on;
 +
 +    ssl_session_cache shared:​SSL:​10m;​
 +    add_header Strict-Transport-Security "​max-age=63072000;​ includeSubdomains;​ preload;";​
 +    add_header X-Frame-Options SAMEORIGIN;
 +    add_header X-Content-Type-Options nosniff;
 +    add_header X-XSS-Protection "1; mode=block";​
 +    ssl_session_tickets off;
 +    ssl_stapling on;
 +    ssl_stapling_verify on;
 +    resolver 8.8.8.8 8.8.4.4 valid=300s;
 +    resolver_timeout 5s;
 +
 +    ssl_ciphers '​ECDHE-RSA-AES128-GCM-SHA256:​ECDHE-ECDSA-AES128-GCM-SHA256:​ECDHE-RSA-AES256-GCM-SHA384:​ECDHE-ECDSA-AES256-GCM-SHA384:​DHE-RSA-AES128-GCM-SHA256:​DHE-DSS-AES128-GCM-SHA256:​kEDH+AESGCM:​ECDHE-RSA-AES128-SHA256:​ECDHE-ECDSA-AES128-SHA256:​ECDHE-RSA-AES128-SHA:​ECDHE-ECDSA-AES128-SHA:​ECDHE-RSA-AES256-SHA384:​ECDHE-ECDSA-AES256-SHA384:​ECDHE-RSA-AES256-SHA:​ECDHE-ECDSA-AES256-SHA:​DHE-RSA-AES128-SHA256:​DHE-RSA-AES128-SHA:​DHE-DSS-AES128-SHA256:​DHE-RSA-AES256-SHA256:​DHE-DSS-AES256-SHA:​DHE-RSA-AES256-SHA:​AES128-GCM-SHA256:​AES256-GCM-SHA384:​AES128-SHA256:​AES256-SHA256:​AES128-SHA:​AES256-SHA:​AES:​CAMELLIA:​DES-CBC3-SHA:​!aNULL:​!eNULL:​!EXPORT:​!DES:​!RC4:​!MD5:​!PSK:​!aECDH:​!EDH-DSS-DES-CBC3-SHA:​!EDH-RSA-DES-CBC3-SHA:​!KRB5-DES-CBC3-SHA';​
 +
 +    location / {
 +        try_files $uri $uri/ /​index.php?​$args;​
 +    }
 +
 +    location ~ \.php$ {
 +            include snippets/​fastcgi-php.conf;​
 +            include fastcgi.conf;​
 +            include proxy_params;​
 +            fastcgi_intercept_errors on;
 +            fastcgi_pass 127.0.0.1:​9001;​
 +            fastcgi_param ​ SCRIPT_FILENAME $document_root$fastcgi_script_name;​
 +            fastcgi_param ​ QUERY_STRING ​    ​$query_string;​
 +            fastcgi_param ​ REQUEST_METHOD ​  ​$request_method;​
 +            fastcgi_param ​ CONTENT_TYPE ​    ​$content_type;​
 +            fastcgi_param ​ CONTENT_LENGTH ​  ​$content_length;​
 +            #​fastcgi_intercept_errors ​       on;
 +            fastcgi_ignore_client_abort ​    off;
 +            fastcgi_connect_timeout 600;
 +            fastcgi_send_timeout 300;
 +            fastcgi_read_timeout 900;
 +            fastcgi_buffer_size 512000k;
 +            fastcgi_buffers 4 256000k;
 +            fastcgi_busy_buffers_size 512000k;
 +            fastcgi_temp_file_write_size ​ 1024000k;
 +            #​client_max_body_size 50M;
 +    }
 +
 +    location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
 +            expires max;
 +    #        log_not_found off;
 +    }
 +
 +
 +    location ~ /\.ht {
 +            deny all;
 +    }
 +
 +    if ($request_method !~ ^(GET|HEAD|POST)$) {
 +            return 444;
 +    }
 +    if ($blockedagent = 1) {
 +            return 403;
 +    }
 +}
 +
 +</​file>​
  • linux/nginx.conf
  • Terakhir diubah: 3 minggu yang lalu
  • oleh Samsul Maarif