Ask scottlinux.com: What is your nginx config?

By | 2014/06/02

I am often asked for the nginx config for my blog. I am using nginx 1.6.x. Config is below! Thanks,


Site operates on WordPress with php5-fpm behind nginx. No caching plugins are used.
spdy check
SSL Labs Report
Note: ocsp stapling is not working due to other domains using self-signed certs on this host. This is believed to be an openssl bug. The ocsp stapling config below is however valid.

server {
        listen 80; 
        listen [::]:80;
        server_name scottlinux.com www.scottlinux.com;
        access_log  /var/log/nginx/scottlinux.com.access.log;
        root /var/www/scottlinux.com;

        location / {
        return 301 https://scottlinux.com$request_uri?;
      }

}

server {
        listen 443 ssl spdy; 
        listen [::]:443 ssl spdy;
    server_name scottlinux.com;                                                            
    root /var/www/scottlinux.com; 
        access_log  /var/log/nginx/scottlinux.com.ssl-access.log;                                                 
   index index.php;                                                        
                                                                                           
   rewrite ^/sitemap(-+([a-zA-Z0-9_-]+))?\.xml$ "/index.php?xml_sitemap=params=$2" last;
   rewrite ^/sitemap(-+([a-zA-Z0-9_-]+))?\.xml\.gz$ "/index.php?xml_sitemap=params=$2;zip=true" last;                                                                                 
   rewrite ^/sitemap(-+([a-zA-Z0-9_-]+))?\.html$ "/index.php?xml_sitemap=params=$2;html=true" last;                                                                                   
   rewrite ^/sitemap(-+([a-zA-Z0-9_-]+))?\.html.gz$ "/index.php?xml_sitemap=params=$2;html=true;zip=true" last;                                                                       
                                                                                           
   ssl on;                                          
   ssl_certificate /etc/ssl/certs/scottlinux.com-2014.pem;
   ssl_certificate_key /etc/ssl/private/scottlinux.com-2014.key;
   ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
   ssl_prefer_server_ciphers on;
   ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";

   ssl_stapling_verify on;
   resolver 8.8.8.8 8.8.4.4 valid=300s;
   resolver_timeout 5s;
   
   ssl_session_cache shared:SSL:10m;
   ssl_session_timeout 10m;
   add_header Strict-Transport-Security max-age=31536000;

        location ~* \.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt)$ {
            access_log        off;
            expires           1y;
        }
 

        location / {
                try_files $uri $uri/ /index.php?$args;


        }

        location ~ \.php$ {
                try_files $uri =404;
                fastcgi_pass unix:/var/run/scottlinux.com.sock;
                fastcgi_index index.php;
                include /etc/nginx/fastcgi_params;
                fastcgi_buffering on;
                fastcgi_buffer_size 128k;
                fastcgi_buffers 256 16k;
                fastcgi_busy_buffers_size 256k;
                fastcgi_temp_file_write_size 256k;
        }

        location /nginx_status {
                stub_status on;
                access_log   off;
        }

}

Rock on,

Leave a Reply

Your email address will not be published. Required fields are marked *

Notify me of followup comments via e-mail. You can also subscribe without commenting.