server { listen 80; # this is for SSL enable listen 443 ssl; ssl_certificate /etc/nginx/ssl/cert.pem; ssl_certificate_key /etc/nginx/ssl/cert.pem; ssl_dhparam /etc/nginx/ssl/dhparam.pem; ssl_prefer_server_ciphers on; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers kEECDH+AES128:kEECDH:kEDH:-3DES:kRSA+AES128:kEDH+3DES:DES-CBC3-SHA:!RC4:!aNULL:!eNULL:!MD5:!EXPORT:!LOW:!SEED:!CAMELLIA:!IDEA:!PSK:!SRP:!SSLv2; ssl_session_cache shared:SSL:64m; ssl_session_timeout 28h; #add_header Strict-Transport-Security "max-age=31536000; always"; # EO SSL # next location needed to pass letsencrypt validation location /.well-known/acme-challenge/ { root /var/www/letsencrypt; } # EO letsencrypt server_name example.com dev.example.com ; disable_symlinks if_not_owner from=$root_path; set $root_path /home/example_com/data/www/example_com; index index.html index.php index.htm; location / { proxy_pass http://127.0.0.1:81; proxy_redirect http://127.0.0.1:81/ /; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Real-IP $remote_addr; } location @apache { proxy_pass http://127.0.0.1:81; proxy_redirect http://127.0.0.1:81/ /; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Real-IP $remote_addr; } location ~* ^.+\.(jpg|jpeg|gif|png|rar|txt|tar|wav|bz2|exe|pdf|doc|xls|ppt|bmp|rtf|js|ico|css|zip|tgz|gz)$ { root $root_path; expires 30d; error_page 404 = @apache; } location ~* ^/(webstat|awstats|webmail|myadmin|pgadmin|phpmyadmin)/ { error_page 404 = @apache; return 404; } location ~ /\.ht { return 404; } }