soediro · September 27, 2019 00:21
diff --git a/nginx.conf b/nginx.conf
 user   www  www;
 worker_processes  1;

 events {
    # After increasing this value You probably should increase limit
    # of file descriptors (for example in start_precmd in startup script)
    worker_connections  1024;
 }


 http {
    include       /opt/local/etc/nginx/mime.types;
    default_type  application/octet-stream;
 	sendfile        on; 
 	keepalive_timeout  65;
 	
    server {
        listen       80;
        server_name  nms.mdazone.club;
        return 301 https://nms.mdazone.club$request_uri;
        ## As reverse proxy
        #location / {
        #  proxy_pass http://localhost:1337;
        #  proxy_read_timeout 7s;
        #}
    }

    server {
    listen 443 ssl;
    server_name nms.mdazone.club;
    root /var/www/html;
    ## As reverse proxy
    #location / {
    #  proxy_pass http://localhost:1337;
    #  proxy_read_timeout 7s;
    #}
    error_page  403 /error/404.html;
    error_page  404 /error/404.html;
    error_page  500 502 503 504 /error/50x.html;

    ssl_certificate /opt/local/etc/acme/fullchain.pem;
    ssl_certificate_key /opt/local/etc/acme/domain.key;
 	ssl_dhparam dhparam.pem;
 	add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
 	ssl_session_cache shared:SSL:10m;
 	ssl_session_timeout 10m;
 	ssl_session_tickets off;
 	ssl_stapling on;
 	ssl_stapling_verify on;
 	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 	ssl_prefer_server_ciphers on;
 	ssl_ciphers 'ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5';
    }
 }
	user www www;
	worker_processes 1;

	events {
	# After increasing this value You probably should increase limit
	# of file descriptors (for example in start_precmd in startup script)
	worker_connections 1024;
	}


	http {
	include /opt/local/etc/nginx/mime.types;
	default_type application/octet-stream;
	sendfile on;
	keepalive_timeout 65;

	server {
	listen 80;
	server_name nms.mdazone.club;
	return 301 https://nms.mdazone.club$request_uri;
	## As reverse proxy
	#location / {
	# proxy_pass http://localhost:1337;
	# proxy_read_timeout 7s;
	#}
	}

	server {
	listen 443 ssl;
	server_name nms.mdazone.club;
	root /var/www/html;
	## As reverse proxy
	#location / {
	# proxy_pass http://localhost:1337;
	# proxy_read_timeout 7s;
	#}
	error_page 403 /error/404.html;
	error_page 404 /error/404.html;
	error_page 500 502 503 504 /error/50x.html;

	ssl_certificate /opt/local/etc/acme/fullchain.pem;
	ssl_certificate_key /opt/local/etc/acme/domain.key;
	ssl_dhparam dhparam.pem;
	add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
	ssl_session_cache shared:SSL:10m;
	ssl_session_timeout 10m;
	ssl_session_tickets off;
	ssl_stapling on;
	ssl_stapling_verify on;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_prefer_server_ciphers on;
	ssl_ciphers 'ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5';
	}
	}