исправлено Работа сайте через https

Dr_Brown · 23 Янв 2017

сделаю отпишусь.

zxc · 23 Янв 2017

Вот что нарыл

"Google планирует прекратить поддержку SPDY в начале 2016 года. Компания рекомендует всем ресурсам, которые используют SPDY, переходить на HTTP/2 или ALPN-протоколы." - нужно решить вопрос с поддержкой HTTP/2, чтобы быть в мейнстриме, т.к. через непродолжительное время можно ожидать, что поддержка сервером сайта HTTP/2 будет влиять на рейтинг в поисковой выдаче, а вот на это, в отличии от нагрузки на оборудование хостеров, клиентам уже не плевать.

Dr_Brown · 23 Янв 2017

не фига, всеравно класс с

но кей эксчанже уже лучше по сравнению с https://torrentpier.com/forum/threads/rabota-sajte-cherez-https.41548/page-6#post-89725

Полный конфиг nginx



user www-data;worker_processes 4;

pid /var/run/nginx.pid;



events {

worker_connections 768;

# multi_accept on;

}



http {



##

# Basic Settings

##



sendfile on;

tcp_nopush on;

tcp_nodelay on;

keepalive_timeout 65;

types_hash_max_size 2048;

# server_tokens off;



# server_names_hash_bucket_size 64;

# server_name_in_redirect off;



include /etc/nginx/mime.types;

default_type application/octet-stream;



ssl_prefer_server_ciphers on;

ssl_session_cache shared:TLS:2m;

ssl_session_timeout 2m;



deny 89.253.246.175;

deny 193.187.76.248;

deny 212.90.32.183;

deny 188.40.49.85;

deny 91.221.70.111;

deny 109.251.160.220;

deny 91.233.216.114;

deny 213.189.197.20;

deny 46.216.245.6;

deny 93.170.146.51;

deny 194.85.205.2;

deny 86.62.111.98;

deny 128.68.65.211;

deny 89.178.17.146;

deny 89.169.93.11;

deny 93.84.14.195;

deny 84.253.100.110;

deny 94.136.40.103;

deny 117.30.148.205;

deny 208.167.255.192;

deny 91.224.126.14;

deny 176.14.61.62;

deny 24.114.93.22;

deny 91.76.145.175;

deny 37.1.14.55;

deny 108.216.58.133;

deny 108.80.158.93;

deny 64.207.128.132;

deny 144.76.172.86;

deny 91.217.197.3;

deny 176.103.50.234;

deny 54.204.27.5;

deny 185.23.21.12;

deny 188.121.47.1;

deny 64.124.14.70;

deny 104.28.7.119;

deny 46.165.228.119;

deny 37.48.65.76;

deny 71.7.85.216;

deny 69.30.179.213;

deny 106.187.41.189;

deny 49.228.58.162;



##

# Logging Settings

##



access_log /var/log/nginx/access.log;

error_log /var/log/nginx/error.log;



##

# Gzip Settings

##



gzip on;

gzip_disable "msie6";



gzip_vary on;

gzip_proxied any;

gzip_comp_level 6;

gzip_buffers 16 8k;

gzip_http_version 1.1;

gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;



##

# nginx-naxsi config

##

# Uncomment it if you installed nginx-naxsi

##



#include /etc/nginx/naxsi_core.rules;



##

# nginx-passenger config

##

# Uncomment it if you installed nginx-passenger

##



#passenger_root /usr;

#passenger_ruby /usr/bin/ruby;



##

# Virtual Host Configs

##



include /etc/nginx/conf.d/*.conf;

include /etc/nginx/sites-enabled/*;

include /usr/local/ispmgr/etc/nginx.domain;

client_max_body_size 16M;

log_format isp '$bytes_sent $request_length';

server {

server_name sovtor.org 


Please Login or Register to view hidden text.




listen 91.234.34.162;

charset UTF-8;

disable_symlinks if_not_owner from=$root_path;

set $root_path /var/www/dr_brown/data/www/sovtor.org;

location ~* ^.+\.(jpg|jpeg|gif|png|svg|js|css|mp3|ogg|mpe?g|avi|zip|gz|bz2?|rar|swf)$ {

root $root_path;

access_log /var/www/nginx-logs/dr_brown isp;

access_log /var/www/httpd-logs/sovtor.org.access.log ;

error_page 404 = @fallback;

expires 30d;

}

location / {

proxy_pass 


Please Login or Register to view hidden text.




proxy_redirect 


Please Login or Register to view hidden text.


 /;

proxy_set_header Host $host;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_set_header X-Forwarded-Proto $scheme;

proxy_set_header X-Real-IP $remote_addr;

proxy_send_timeout 900;

proxy_read_timeout 900;

if ($http_referer ~* "storm.assa\.pro") {

return 403;

}

if ($http_referer ~* "legalcontent.com\.ua") {

return 403;

}

if ($http_referer ~* "policeweb\.net") {

return 403;

}

if ($http_referer ~* "content-watch\.ru") {

return 403;

}

if ($http_referer ~* "text\.ru") {

return 403;

}

if ($http_referer ~* "webkontrol\.ru") {

return 403;

}

if ($http_referer ~* "ruprotect\.com") {

return 403;

}

if ($http_referer ~* "karaoke-karafun.narod\.ru") {

return 403;

}

if ($http_referer ~* "infopolice\.net") {

return 403;

}

if ($http_referer ~* "dm.audiolock\.net") {

return 403;

}

if ($http_referer ~* "megaindex\.ru") {

return 403;

}

if ($http_referer ~* "rdn-team\.com") {

return 403;

}

if ($http_referer ~* "similarweb\.com") {

return 403;

}

if ($http_referer ~* "semalt\.com") {

return 403;

}

if ($http_user_agent ~* "musobot" ) {

return 403;

}

if ($http_user_agent ~* "dtecnet" ) {

return 403;

}

if ($http_referer ~* "entura.co\.uk") {

return 403;

}

if ($http_referer ~* "link-busters\.com") {

return 403;

}

if ($http_referer ~* "audiolock\.net") {

return 403;

}

if ($http_referer ~* "ripblock\.co.uk") {

return 403;

}

if ($http_referer ~* "removeyourcontent\.com") {

return 403;

}

if ($http_referer ~* "digimarc\.com") {

return 403;

}

if ($http_referer ~* "counterfeit\.technology") {

return 403;

}

if ($http_referer ~* "muso\.com") {

return 403;

}

if ($http_referer ~* "scan-web\.ru") {

return 403;

}

if ($http_referer ~* "bycontext\.com") {

return 403;

}

if ($http_referer ~* "policedunet\.com") {

return 403;

}

if ($http_referer ~* "ricomanagement\.com") {

return 403;

}

if ($http_referer ~* "byxta\.net") {

return 403;

}

if ($http_referer ~* "ip-echelon\.com") {

return 403;

}

if ($http_referer ~* "tracksaur\.com") {

return 403;

}

if ($http_referer ~* "audiolock\.net") {

return 403;

}

if ($http_referer ~* "markmonitor\.com") {

return 403;

}

if ($http_referer ~* "comeso\.de") {

return 403;

}

if ($http_referer ~* "


Please Login or Register to view hidden text.


") {

return 403;

}

if ($http_referer ~* "kreoton\.com") {

return 403;

}

if ($http_referer ~* "dmca\.pro") {

return 403;

}

}

location ~* ^/(webstat|awstats|webmail|myadmin|pgadmin)/ {

proxy_pass 


Please Login or Register to view hidden text.




proxy_redirect 


Please Login or Register to view hidden text.


 /;

proxy_set_header Host $host;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_set_header X-Forwarded-Proto $scheme;

proxy_set_header X-Real-IP $remote_addr;

}

location @fallback {

proxy_pass 


Please Login or Register to view hidden text.




proxy_set_header Host $host;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_set_header X-Forwarded-Proto $scheme;

proxy_set_header X-Real-IP $remote_addr;

}

location ^~ /webstat/ {

auth_basic "Restricted area";

auth_basic_user_file /var/www/dr_brown/data/etc/261665.passwd;

try_files $uri @fallback;

}

include /usr/local/ispmgr/etc/nginx.inc;

}

server {

server_name sovtor.com 


Please Login or Register to view hidden text.




listen 91.234.34.162;

listen 91.234.34.162:443 ssl;

disable_symlinks if_not_owner from=$root_path;

set $root_path /var/www/dr_brown/data/www/sovtor.com;

location ~* ^.+\.(jpg|jpeg|gif|png|svg|js|css|mp3|ogg|mpe?g|avi|zip|gz|bz2?|rar|swf)$ {

root $root_path;

access_log /var/www/nginx-logs/dr_brown isp;

access_log /var/www/httpd-logs/sovtor.com.access.log ;

error_page 404 = @fallback;

expires 30d;

}

location / {

proxy_pass 


Please Login or Register to view hidden text.




proxy_redirect 


Please Login or Register to view hidden text.


 /;

proxy_set_header Host $host;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_set_header X-Forwarded-Proto $scheme;

proxy_set_header X-Real-IP $remote_addr;

proxy_send_timeout 900;

proxy_read_timeout 900;

if ($http_referer ~* "storm.assa\.pro") {

return 403;

}

if ($http_referer ~* "legalcontent.com\.ua") {

return 403;

}

if ($http_referer ~* "policeweb\.net") {

return 403;

}

if ($http_referer ~* "content-watch\.ru") {

return 403;

}

if ($http_referer ~* "text\.ru") {

return 403;

}

if ($http_referer ~* "webkontrol\.ru") {

return 403;

}

if ($http_referer ~* "ruprotect\.com") {

return 403;

}

if ($http_referer ~* "karaoke-karafun.narod\.ru") {

return 403;

}

if ($http_referer ~* "infopolice\.net") {

return 403;

}

if ($http_referer ~* "dm.audiolock\.net") {

return 403;

}

if ($http_referer ~* "megaindex\.ru") {

return 403;

}

if ($http_referer ~* "rdn-team\.com") {

return 403;

}

if ($http_referer ~* "similarweb\.com") {

return 403;

}

if ($http_referer ~* "semalt\.com") {

return 403;

}

if ($http_user_agent ~* "musobot" ) {

return 403;

}

if ($http_user_agent ~* "dtecnet" ) {

return 403;

}

if ($http_referer ~* "entura.co\.uk") {

return 403;

}

if ($http_referer ~* "link-busters\.com") {

return 403;

}

if ($http_referer ~* "audiolock\.net") {

return 403;

}

if ($http_referer ~* "ripblock\.co.uk") {

return 403;

}

if ($http_referer ~* "removeyourcontent\.com") {

return 403;

}

if ($http_referer ~* "digimarc\.com") {

return 403;

}

if ($http_referer ~* "counterfeit\.technology") {

return 403;

}

if ($http_referer ~* "muso\.com") {

return 403;

}

if ($http_referer ~* "scan-web\.ru") {

return 403;

}

if ($http_referer ~* "bycontext\.com") {

return 403;

}

if ($http_referer ~* "policedunet\.com") {

return 403;

}

if ($http_referer ~* "ricomanagement\.com") {

return 403;

}

if ($http_referer ~* "byxta\.net") {

return 403;

}

if ($http_referer ~* "ip-echelon\.com") {

return 403;

}

if ($http_referer ~* "tracksaur\.com") {

return 403;

}

if ($http_referer ~* "audiolock\.net") {

return 403;

}

if ($http_referer ~* "markmonitor\.com") {

return 403;

}

if ($http_referer ~* "comeso\.de") {

return 403;

}

if ($http_referer ~* "


Please Login or Register to view hidden text.


") {

return 403;

}

if ($http_referer ~* "kreoton\.com") {

return 403;

}

if ($http_referer ~* "dmca\.pro") {

return 403;

}

}

location ~* ^/(webstat|awstats|webmail|myadmin|pgadmin)/ {

proxy_pass 


Please Login or Register to view hidden text.




proxy_redirect 


Please Login or Register to view hidden text.


 /;

proxy_set_header Host $host;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_set_header X-Forwarded-Proto $scheme;

proxy_set_header X-Real-IP $remote_addr;

}

location @fallback {

proxy_pass 


Please Login or Register to view hidden text.




proxy_set_header Host $host;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_set_header X-Forwarded-Proto $scheme;

proxy_set_header X-Real-IP $remote_addr;

}

location ^~ /webstat/ {

auth_basic "Restricted area";

auth_basic_user_file /var/www/dr_brown/data/etc/784856.passwd;

try_files $uri @fallback;

}

include /usr/local/ispmgr/etc/nginx.inc;

ssl_certificate /var/www/httpd-cert/dr_brown/sovtorcom1.chained.crt;

ssl_certificate_key /var/www/httpd-cert/dr_brown/sovtorcom1.key;

ssl_dhparam /var/www/httpd-cert/dr_brown/dh2048.pem;

ssl_protocols TLSv1.2 TLSv1.1 TLSv1;

ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384HE-RSA-AES128-GCM-SHA256HE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHAHE-RSA-AES128-SHA256HE-RSA-AES128-SHAHE-DSS-AES128-SHA256HE-RSA-AES256-SHA256HE-DSS-AES256-SHAHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIAES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA;

add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains';

}

server {

server_name redfilm.org 


Please Login or Register to view hidden text.




listen 91.234.34.145;

charset UTF-8;

disable_symlinks if_not_owner from=$root_path;

set $root_path /var/www/dr_brown/data/www/redfilm.org;

location ~* ^.+\.(jpg|jpeg|gif|png|svg|js|css|mp3|ogg|mpe?g|avi|zip|gz|bz2?|rar|swf)$ {

root $root_path;

access_log /var/www/nginx-logs/dr_brown isp;

access_log /var/www/httpd-logs/redfilm.org.access.log ;

error_page 404 = @fallback;

expires 30d;

}

location / {

proxy_pass 


Please Login or Register to view hidden text.




proxy_redirect 


Please Login or Register to view hidden text.


 /;

proxy_set_header Host $host;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_set_header X-Forwarded-Proto $scheme;

proxy_set_header X-Real-IP $remote_addr;

if ($http_referer ~* "storm.assa\.pro") {

return 403;

}

if ($http_referer ~* "legalcontent.com\.ua") {

return 403;

}

if ($http_referer ~* "policeweb\.net") {

return 403;

}

if ($http_referer ~* "content-watch\.ru") {

return 403;

}

if ($http_referer ~* "text\.ru") {

return 403;

}

if ($http_referer ~* "webkontrol\.ru") {

return 403;

}

if ($http_referer ~* "ruprotect\.com") {

return 403;

}

if ($http_referer ~* "karaoke-karafun.narod\.ru") {

return 403;

}

if ($http_referer ~* "infopolice\.net") {

return 403;

}

if ($http_referer ~* "dm.audiolock\.net") {

return 403;

}

if ($http_referer ~* "megaindex\.ru") {

return 403;

}

if ($http_referer ~* "rdn-team\.com") {

return 403;

}

if ($http_referer ~* "similarweb\.com") {

return 403;

}

if ($http_referer ~* "semalt\.com") {

return 403;

}

if ($http_user_agent ~* "musobot" ) {

return 403;

}

if ($http_user_agent ~* "dtecnet" ) {

return 403;

}

if ($http_referer ~* "entura.co\.uk") {

return 403;

}

if ($http_referer ~* "link-busters\.com") {

return 403;

}

if ($http_referer ~* "audiolock\.net") {

return 403;

}

if ($http_referer ~* "ripblock\.co.uk") {

return 403;

}

if ($http_referer ~* "removeyourcontent\.com") {

return 403;

}

if ($http_referer ~* "digimarc\.com") {

return 403;

}

if ($http_referer ~* "counterfeit\.technology") {

return 403;

}

if ($http_referer ~* "muso\.com") {

return 403;

}

if ($http_referer ~* "scan-web\.ru") {

return 403;

}

if ($http_referer ~* "bycontext\.com") {

return 403;

}

if ($http_referer ~* "policedunet\.com") {

return 403;

}

if ($http_referer ~* "ricomanagement\.com") {

return 403;

}

if ($http_referer ~* "byxta\.net") {

return 403;

}

if ($http_referer ~* "ip-echelon\.com") {

return 403;

}

if ($http_referer ~* "tracksaur\.com") {

return 403;

}

if ($http_referer ~* "audiolock\.net") {

return 403;

}

if ($http_referer ~* "markmonitor\.com") {

return 403;

}

if ($http_referer ~* "comeso\.de") {

return 403;

}

if ($http_referer ~* "kreoton\.com") {

return 403;

}

if ($http_referer ~* "dmca\.pro") {

return 403;

}

}

location ~* ^/(webstat|awstats|webmail|myadmin|pgadmin)/ {

proxy_pass 


Please Login or Register to view hidden text.




proxy_redirect 


Please Login or Register to view hidden text.


 /;

proxy_set_header Host $host;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_set_header X-Forwarded-Proto $scheme;

proxy_set_header X-Real-IP $remote_addr;

}

location @fallback {

proxy_pass 


Please Login or Register to view hidden text.




proxy_set_header Host $host;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_set_header X-Forwarded-Proto $scheme;

proxy_set_header X-Real-IP $remote_addr;

}

location ^~ /webstat/ {

auth_basic "Restricted area";

auth_basic_user_file /var/www/dr_brown/data/etc/651522.passwd;

try_files $uri @fallback;

}

include /usr/local/ispmgr/etc/nginx.inc;

}

server {

server_name 91.234.34.145 


Please Login or Register to view hidden text.




listen 91.234.34.145;

disable_symlinks if_not_owner from=$root_path;

set $root_path /var/www/dr_brown/data/www/91.234.34.145;

location ~* ^.+\.(jpg|jpeg|gif|png|svg|js|css|mp3|ogg|mpe?g|avi|zip|gz|bz2?|rar|swf)$ {

root $root_path;

access_log /var/www/nginx-logs/dr_brown isp;

error_page 404 = @fallback;

error_page 403 = @fallback;

deny all;

}

location / {

proxy_pass 


Please Login or Register to view hidden text.




proxy_redirect 


Please Login or Register to view hidden text.


 /;

proxy_set_header Host $host;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_set_header X-Forwarded-Proto $scheme;

proxy_set_header X-Real-IP $remote_addr;

deny all;

error_page 403 = @fallback;

}

location ~* ^/(webstat|awstats|webmail|myadmin|pgadmin)/ {

proxy_pass 


Please Login or Register to view hidden text.




proxy_redirect 


Please Login or Register to view hidden text.


 /;

proxy_set_header Host $host;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_set_header X-Forwarded-Proto $scheme;

proxy_set_header X-Real-IP $remote_addr;

deny all;

error_page 403 = @fallback;

}

location @fallback {

proxy_pass 


Please Login or Register to view hidden text.




proxy_set_header Host $host;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_set_header X-Forwarded-Proto $scheme;

proxy_set_header X-Real-IP $remote_addr;

}

location ^~ /webstat/ {

auth_basic "Restricted area";

auth_basic_user_file /var/www/dr_brown/data/etc/653186.passwd;

try_files $uri @fallback;

deny all;

error_page 403 = @fallback;

}

include /usr/local/ispmgr/etc/nginx.inc;

}

server {

server_name 91.234.34.162 


Please Login or Register to view hidden text.




listen 91.234.34.162;

charset UTF-8;

disable_symlinks if_not_owner from=$root_path;

set $root_path /var/www/dr_brown/data/www/91.234.34.162;

location ~* ^.+\.(jpg|jpeg|gif|png|svg|js|css|mp3|ogg|mpe?g|avi|zip|gz|bz2?|rar|swf)$ {

root $root_path;

access_log /var/www/nginx-logs/dr_brown isp;

error_page 404 = @fallback;

error_page 403 = @fallback;

deny all;

}

location / {

proxy_pass 


Please Login or Register to view hidden text.




proxy_redirect 


Please Login or Register to view hidden text.


 /;

proxy_set_header Host $host;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_set_header X-Forwarded-Proto $scheme;

proxy_set_header X-Real-IP $remote_addr;

deny all;

error_page 403 = @fallback;

}

location ~* ^/(webstat|awstats|webmail|myadmin|pgadmin)/ {

proxy_pass 


Please Login or Register to view hidden text.




proxy_redirect 


Please Login or Register to view hidden text.


 /;

proxy_set_header Host $host;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_set_header X-Forwarded-Proto $scheme;

proxy_set_header X-Real-IP $remote_addr;

deny all;

error_page 403 = @fallback;

}

location @fallback {

proxy_pass 


Please Login or Register to view hidden text.




proxy_set_header Host $host;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_set_header X-Forwarded-Proto $scheme;

proxy_set_header X-Real-IP $remote_addr;

}

location ^~ /webstat/ {

auth_basic "Restricted area";

auth_basic_user_file /var/www/dr_brown/data/etc/653175.passwd;

try_files $uri @fallback;

deny all;

error_page 403 = @fallback;

}

include /usr/local/ispmgr/etc/nginx.inc;

}

}





#mail {

# # See sample authentication script at:

# # 


Please Login or Register to view hidden text.




#

# # auth_http localhost/auth.php;

# # pop3_capabilities "TOP" "USER";

# # imap_capabilities "IMAP4rev1" "UIDPLUS";

#

# server {

# listen localhost:110;

# protocol pop3;

# proxy on;

# }

#

# server {

# listen localhost:143;

# protocol imap;

# proxy on;

# }

#}

Dr_Brown · 23 Янв 2017

вот такое пишет

This server is vulnerable to the POODLE attack. If possible, disable SSL 3 to mitigate. Grade capped to C.

Dr_Brown · 23 Янв 2017

вопрос в том что не могу отключить SSL 3, эта директива не срабатывает

ssl_protocols TLSv1.2 TLSv1.1 TLSv1;

Kryl · 23 Янв 2017

Dr_Brown
так ты ни чего и не добавил . ...
замени

PHP:

server {
server_name sovtor.com www.sovtor.com;
listen 91.234.34.162;
listen 91.234.34.162:443 ssl;
disable_symlinks if_not_owner from=$root_path;
set $root_path /var/www/dr_brown/data/www/sovtor.com;
location ~* ^.+\.(jpg|jpeg|gif|png|svg|js|css|mp3|ogg|mpe?g|avi|zip|gz|bz2?|rar|swf)$ {
root $root_path;
access_log /var/www/nginx-logs/dr_brown isp;
access_log /var/www/httpd-logs/sovtor.com.access.log ;
error_page 404 = @fallback;
expires 30d;
}

на

PHP:

server {
server_name sovtor.com www.sovtor.com;
listen 91.234.34.162;
listen 443 ssl spdy;
server_name sovtor.com;
 resolver 127.0.0.1;
 ssl_stapling on;
 ssl on;
 ssl_certificate /etc/pki/nginx/sovtor.com.pem;  /*(указать свой путь)*/
 ssl_certificate_key /etc/pki/nginx/sovtor.com.clean.key; /*(указать свой путь)*/
 ssl_dhparam /etc/pki/nginx/dhparam.pem; /*(указать свой путь)*/
 ssl_session_timeout 24h;
 ssl_session_cache shared:SSL:2m;
 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 ssl_ciphers kEECDH+AES128:kEECDH:kEDH:-3DES:kRSA+AES128:kEDH+3DES:DES-CBC3-SHA:!RC4:!aNULL:!eNULL:!MD5:!EXPORT:!LOW:!SEED:!CAMELLIA:!IDEA:!PSK:!SRP:!SSLv2;
    ssl_prefer_server_ciphers on;
    add_header Strict-Transport-Security "max-age=31536000;";
    add_header Content-Security-Policy-Report-Only "default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report";
disable_symlinks if_not_owner from=$root_path;
set $root_path /var/www/dr_brown/data/www/sovtor.com;
location ~* ^.+\.(jpg|jpeg|gif|png|svg|js|css|mp3|ogg|mpe?g|avi|zip|gz|bz2?|rar|swf)$ {
root $root_path;
access_log /var/www/nginx-logs/dr_brown isp;
access_log /var/www/httpd-logs/sovtor.com.access.log ;
error_page 404 = @fallback;
expires 30d;
}

Dr_Brown · 23 Янв 2017

у меня это файла нет

ssl_dhparam ................. dhparam.pem;

я его генерировал по инструкции

openssl dhparam -out /etc/ssl/dh2048.pem 2048

Dr_Brown · 23 Янв 2017

у меня всеравно класс С. Нужно отключать на сервере SSL3. Буду разбираться.

красным выделено, вот статья

Please Login or Register to view hidden text.

Dr_Brown · 23 Янв 2017

БЛЯ почему nginx не понимает

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

не отклбючается у меня sslV3

все зае-ло, пусть будет С

vitalix · 23 Янв 2017

Dr_Brown написал(а):
БЛЯ почему nginx не понимает

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

не отклбючается у меня sslV3

все зае-ло, пусть будет С

ты бы рекламу или что там у тебя, убрал бы, на которую яндекс орёт. - чем ssl мучаешь.