server { listen 80; # listen [::]:80; server_name www.yourdomain.com ; index index.html index.htm index.php default.html default.htm default.php; root /usr/share/nginx/html/www.yourdomain.com; # return 301 https://www.yourdomain.com$request_uri; # error_page 404 /404.html; # Deny access to PHP files in specific directory # location ~ /(wp-content|uploads|wp-includes|images)/.*\.php$ { deny all; } location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ { expires 30d; } location ~ .*\.(js|css)?$ { expires 12h; } location ~ /.well-known { allow all; } location ~ /\. { deny all; } access_log off; } server { listen 443 ssl http2; # listen [::]:443 ssl http2; server_name www.yourdomain.com ; index index.html index.htm index.php default.html default.htm default.php; root /usr/share/nginx/html/www.yourdomain.com; # if ($host = 'yourdomain.com') { # return 301 https://www.yourdomain.com$request_uri; # } ssl_certificate /etc/nginx/ssl/none.cer; ssl_certificate_key /etc/nginx/ssl/none.key; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on; ssl_ciphers "TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5"; ssl_session_cache builtin:1000 shared:SSL:10m; # openssl dhparam -out /usr/local/nginx/conf/ssl/dhparam.pem 2048 # ssl_dhparam /usr/local/nginx/conf/ssl/dhparam.pem; # ssl_stapling on; # ssl_stapling_verify on; # ssl_trusted_certificate /etc/nginx/ssl/none.cer; # resolver 8.8.8.8 8.8.4.4 valid=60s ipv6=off; # resolver_timeout 5s; #error_page 404 /404.html; # Deny access to PHP files in specific directory #location ~ /(wp-content|uploads|wp-includes|images)/.*\.php$ { deny all; } location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ { expires 30d; } location ~ .*\.(js|css)?$ { expires 12h; } location ~ /.well-known { allow all; } location ~ /\. { deny all; } access_log off; }