Пруфы https://habrahabr.ru/post/252821/
Конфиг
server {
server_name site.ru www.site.ru;
charset UTF-8;
index index.html index.php;
disable_symlinks if_not_owner from=$root_path;
include /etc/nginx/vhosts-includes/*.conf;
include /etc/nginx/vhosts-resources/site.ru/*.conf;
access_log /var/www/httpd-logs/site.ru.access.log;
error_log /var/www/httpd-logs/site.ru.error.log notice;
ssi on;
set $root_path /var/www/seaberia/data/www/site.ru;
root $root_path;
location / {
location ~ [^/]\.ph(p\d*|tml)$ {
try_files /does_not_exists @fallback;
}
location ~* ^.+\.(jpg|jpeg|gif|png|svg|js|css|mp3|ogg|mpe?g|avi|zip|gz|bz2?|rar|swf|eot|svg|ttf|woff|otf|woff2|map|svg|docx?|xlsx?|rtf|txt|rar|ico|pdf|djvu|mp4|map)$ {
try_files $uri $uri/ @fallback;
expires 1M;
}
location / {
try_files /does_not_exists @fallback;
}
}
location @fallback {
proxy_pass http://127.0.0.1:8080;
proxy_redirect http://127.0.0.1:8080 /;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
access_log off;
}
listen 188.138.111.122:80;
listen 85.25.226.197:80;
}
server {
server_name site.ru www.site.ru;
resolver 127.0.0.1;
ssl on;
ssl_stapling on;
ssl_certificate "/var/www/httpd-cert/seaberia/site.ru_5.crtca";
ssl_certificate_key "/var/www/httpd-cert/seaberia/site.ru_5.key";
ssl_dhparam "/var/www/httpd-cert/seaberia/dhparam.pem";
ssl_session_timeout 6h;
ssl_session_cache shared:SSL:10m;
#ssl_ciphers EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH;
ssl_ciphers kEECDH+AES128:kEECDH:kEDH:-3DES:kRSA+AES128:kEDH+3DES:DES-CBC3-SHA:!RC4:!aNULL:!eNULL:!MD5:!EXPORT:!LOW:!SEED:!CAMELLIA:!IDEA:!PSK:!SRP:!SSLv2;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
add_header Strict-Transport-Security "max-age=31536000;";
#add_header Content-Security-Policy-Report-Only "default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report";
charset UTF-8;
index index.html index.php;
disable_symlinks if_not_owner from=$root_path;
include /etc/nginx/vhosts-includes/*.conf;
include /etc/nginx/vhosts-resources/site.ru/*.conf;
access_log /var/www/httpd-logs/site.ru.access.log;
error_log /var/www/httpd-logs/site.ru.error.log notice;
ssi on;
set $root_path /var/www/seaberia/data/www/site.ru;
root $root_path;
listen 388.136.151.112:443 ssl http2;
listen 45.55.126.127:443 ssl http2;
location / {
location ~ [^/]\.ph(p\d*|tml)$ {
try_files /does_not_exists @fallback;
}
location ~* ^.+\.(jpg|jpeg|gif|png|svg|js|css|mp3|ogg|mpe?g|avi|zip|gz|bz2?|rar|swf|eot|svg|ttf|woff|otf|woff2|map|svg|docx?|xlsx?|rtf|txt|rar|ico|pdf|djvu|mp4|map)$ {
try_files $uri $uri/ @fallback;
expires 1M;
}
location / {
try_files /does_not_exists @fallback;
}
}
location @fallback {
proxy_pass http://127.0.0.1:8080;
proxy_redirect http://127.0.0.1:8080 /;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
access_log off;
}
}