| Current File : //etc/nginx/conf.d/hostname-ssl.conf |
server {
listen 154.53.59.215:443 ssl ;
server_name host.nkapu.co.ke ;
access_log /usr/local/apache/domlogs/host.nkapu.co.ke.bytes bytes;
access_log /usr/local/apache/domlogs/host.nkapu.co.ke.log combined;
error_log /usr/local/apache/domlogs/host.nkapu.co.ke.error.log error;
ssl_certificate /etc/pki/tls/certs/hostname.bundle;
ssl_certificate_key /etc/pki/tls/private/hostname.key;
ssl_protocols TLSv1.2;
ssl_ciphers EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA!RC4:EECDH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 60m;
location / {
location ~.*\.(3gp|gif|jpg|jpeg|png|ico|wmv|avi|asf|asx|mpg|mpeg|mp4|pls|mp3|mid|wav|swf|flv|html|htm|txt|js|css|exe|zip|tar|rar|gz|tgz|bz2|uha|7z|doc|docx|xls|xlsx|pdf|iso|woff|ttf|svg|eot|sh|webp)$ {
root /usr/local/apache/htdocs/;
expires max;
try_files $uri $uri/ @backend;
}
error_page 405 = @backend;
error_page 500 = @custom;
add_header X-Cache "HIT from Backend";
add_header Strict-Transport-Security "max-age=31536000";
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
proxy_pass http://154.53.59.215:8181;
include proxy.inc;
}
location @backend {
internal;
proxy_pass http://154.53.59.215:8181;
include proxy.inc;
}
location @custom {
internal;
proxy_pass http://154.53.59.215:8181;
include proxy.inc;
}
location ~ .*\.(php|jsp|cgi|pl|py)?$ {
proxy_pass http://154.53.59.215:8181;
include proxy.inc;
}
location ~ /\.ht {deny all;}
location ~ /\.svn/ {deny all;}
location ~ /\.git/ {deny all;}
location ~ /\.hg/ {deny all;}
location ~ /\.bzr/ {deny all;}
disable_symlinks if_not_owner from=/usr/local/apache/htdocs/;
location /.well-known/acme-challenge {
default_type "text/plain";
alias /usr/local/apache/autossl_tmp/.well-known/acme-challenge;
}
location /.well-known/pki-validation {
default_type "text/plain";
alias /usr/local/apache/autossl_tmp/.well-known/acme-challenge;
}
}
server {
listen 154.53.59.215:443 ssl ;
server_name webmail.host.nkapu.co.ke;
access_log /usr/local/apache/domlogs/host.nkapu.co.ke.bytes bytes;
access_log /usr/local/apache/domlogs/host.nkapu.co.ke.log combined;
error_log /usr/local/apache/domlogs/host.nkapu.co.ke.error.log error;
ssl_certificate /etc/pki/tls/certs/hostname.bundle;
ssl_certificate_key /etc/pki/tls/private/hostname.key;
ssl_protocols TLSv1.2;
ssl_ciphers EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA!RC4:EECDH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 60m;
location / {
proxy_pass http://127.0.0.1:2095;
include proxy.inc;
}
location ~ /\.ht {deny all;}
location ~ /\.svn/ {deny all;}
location ~ /\.git/ {deny all;}
location ~ /\.hg/ {deny all;}
location ~ /\.bzr/ {deny all;}
disable_symlinks if_not_owner from=/usr/local/apache/htdocs/;
location /.well-known/acme-challenge {
default_type "text/plain";
alias /usr/local/apache/autossl_tmp/.well-known/acme-challenge;
}
location /.well-known/pki-validation {
default_type "text/plain";
alias /usr/local/apache/autossl_tmp/.well-known/acme-challenge;
}
}
server {
listen 154.53.59.215:443 ssl ;
server_name mail.host.nkapu.co.ke;
access_log /usr/local/apache/domlogs/host.nkapu.co.ke.bytes bytes;
access_log /usr/local/apache/domlogs/host.nkapu.co.ke.log combined;
error_log /usr/local/apache/domlogs/host.nkapu.co.ke.error.log error;
ssl_certificate /etc/pki/tls/certs/hostname.bundle;
ssl_certificate_key /etc/pki/tls/private/hostname.key;
ssl_protocols TLSv1.2;
ssl_ciphers EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA!RC4:EECDH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 60m;
location / {
proxy_pass http://127.0.0.1:2095;
include proxy.inc;
}
location ~ /\.ht {deny all;}
location ~ /\.svn/ {deny all;}
location ~ /\.git/ {deny all;}
location ~ /\.hg/ {deny all;}
location ~ /\.bzr/ {deny all;}
disable_symlinks if_not_owner from=/usr/local/apache/htdocs/;
location /.well-known/acme-challenge {
default_type "text/plain";
alias /usr/local/apache/autossl_tmp/.well-known/acme-challenge;
}
location /.well-known/pki-validation {
default_type "text/plain";
alias /usr/local/apache/autossl_tmp/.well-known/acme-challenge;
}
}
server {
listen 154.53.59.215:443 ssl ;
server_name cpanel.host.nkapu.co.ke;
access_log /usr/local/apache/domlogs/host.nkapu.co.ke.bytes bytes;
access_log /usr/local/apache/domlogs/host.nkapu.co.ke.log combined;
error_log /usr/local/apache/domlogs/host.nkapu.co.ke.error.log error;
ssl_certificate /etc/pki/tls/certs/hostname.bundle;
ssl_certificate_key /etc/pki/tls/private/hostname.key;
ssl_protocols TLSv1.2;
ssl_ciphers EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA!RC4:EECDH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 60m;
location / {
proxy_pass https://127.0.0.1:2083;
include proxy.inc;
}
location /pma {
proxy_pass https://127.0.0.1:2031;
include proxy.inc;
}
location /roundcube {
proxy_pass https://127.0.0.1:2031;
include proxy.inc;
}
location ~ /\.ht {deny all;}
location ~ /\.svn/ {deny all;}
location ~ /\.git/ {deny all;}
location ~ /\.hg/ {deny all;}
location ~ /\.bzr/ {deny all;}
disable_symlinks if_not_owner from=/usr/local/apache/htdocs/;
location /.well-known/acme-challenge {
default_type "text/plain";
alias /usr/local/apache/autossl_tmp/.well-known/acme-challenge;
}
location /.well-known/pki-validation {
default_type "text/plain";
alias /usr/local/apache/autossl_tmp/.well-known/acme-challenge;
}
}