diff options
Diffstat (limited to 'templates')
| -rw-r--r-- | templates/block_facebook.tmpl | 3 | ||||
| -rw-r--r-- | templates/cache_static.tmpl | 3 | ||||
| -rw-r--r-- | templates/pagespeed.tmpl | 13 | ||||
| -rw-r--r-- | templates/robots.tmpl | 7 | ||||
| -rw-r--r-- | templates/server.tmpl | 43 | ||||
| -rw-r--r-- | templates/ssl.tmpl | 8 |
6 files changed, 77 insertions, 0 deletions
diff --git a/templates/block_facebook.tmpl b/templates/block_facebook.tmpl new file mode 100644 index 0000000..c308cb2 --- /dev/null +++ b/templates/block_facebook.tmpl @@ -0,0 +1,3 @@ +if ($http_user_agent ~* facebook) { + return 403; + } diff --git a/templates/cache_static.tmpl b/templates/cache_static.tmpl new file mode 100644 index 0000000..e194ada --- /dev/null +++ b/templates/cache_static.tmpl @@ -0,0 +1,3 @@ +location ~* \.(jpe?g|png|gif|css|js|swf|txt|ico)$ { + expires 170h; + } diff --git a/templates/pagespeed.tmpl b/templates/pagespeed.tmpl new file mode 100644 index 0000000..e1afb8d --- /dev/null +++ b/templates/pagespeed.tmpl @@ -0,0 +1,13 @@ +pagespeed on; + pagespeed FileCachePath /var/cache/nginx/pagespeed; + location ~ "\.pagespeed\.([a-z]\.)?[a-z]{2}\.[^.]{10}\.[^.]+" { + add_header "" ""; + } + location ~ "^/pagespeed_static/" { } + location ~ "^/ngx_pagespeed_beacon$" { } + pagespeed FileCacheSizeKb 102400; + pagespeed FileCacheCleanIntervalMs 3600000; + pagespeed FileCacheInodeLimit 500000; + pagespeed Statistics on; + pagespeed StatisticsLogging on; + pagespeed LogDir /var/log/nginx/pagespeed; diff --git a/templates/robots.tmpl b/templates/robots.tmpl new file mode 100644 index 0000000..cea822a --- /dev/null +++ b/templates/robots.tmpl @@ -0,0 +1,7 @@ +location = /robots.txt { + return 200 "User-agent: * + {{if .RobotsDisallow}}{{range .RobotsDisallow}}Disallow: {{.}} + {{end}}{{end}} + {{if .RobotsAllow}}{{range .RobotsAllow}}Allow: {{.}} + {{end}}{{end}}"; + } diff --git a/templates/server.tmpl b/templates/server.tmpl new file mode 100644 index 0000000..38641b5 --- /dev/null +++ b/templates/server.tmpl @@ -0,0 +1,43 @@ +{{if .UpstreamName}}upstream {{.UpstreamName}} { + {{range .Upstream}}server {{.}}; + {{end}} +} +{{end}} +server { + listen {{.Port}}; + {{if .SSL}}listen {{.PortSSL}} ssl {{.SPDY}};{{end}} + root {{.Root}}; + + server_name {{range .ServerName}}{{.}} {{end}}; + index {{range .Index}}{{.}} {{end}}; + + {{if .AccessLog}}access_log {{.AccessLog}};{{end}} + {{if .ErrorLog}}error_log {{.ErrorLog}};{{end}} + + # Settings for TLS + {{if .SSL}}ssl_certificate {{.SSL_Cert}}; + ssl_certificate_key {{.SSL_Cert_Key}}; + {{template "ssl.tmpl" .}}{{else}}# Empty{{end}} + + # Basic PHP configuration + {{if .UsePHP}}location ~ \.php$ { + include snippets/fastcgi-php.conf; + {{if not .PHP_TCP}}fastcgi_pass unix:/var/run/php5-fpm.sock;{{end}} + }{{else}}# Empty{{end}} + + # Disallow crawlers + {{if .Robots}}{{template "robots.tmpl" .}}{{else}}# Empty{{end}} + + # Cache static content + {{if .Cache_Static}}{{template "cache_static.tmpl" .}}{{else}}# Empty{{end}} + + # Google Pagespeed settings + {{if .Pagespeed}}{{template "pagespeed.tmpl" .}}{{else}}# Empty{{end}} + + # Disallow Facebook to crawl your sites + {{if .Block_Facebook}}{{template "block_facebook.tmpl" .}}{{else}}# Empty{{end}} + + location / { + try_files $uri $uri/{{if .UsePHP}} /index.php?$args{{end}}; + } +} diff --git a/templates/ssl.tmpl b/templates/ssl.tmpl new file mode 100644 index 0000000..2729c09 --- /dev/null +++ b/templates/ssl.tmpl @@ -0,0 +1,8 @@ +ssl_prefer_server_ciphers On; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS; + add_header Strict-Transport-Security max-age=15768000; + ssl_session_cache shared:SSL:50m; + ssl_session_timeout 10m; + ssl_dhparam {{.DHParam}}; + ssl_buffer_size 1400; |