исправлено Работа сайте через https

sхс

Легенда
Вот что нарыл

"Google планирует прекратить поддержку SPDY в начале 2016 года. Компания рекомендует всем ресурсам, которые используют SPDY, переходить на HTTP/2 или ALPN-протоколы." - нужно решить вопрос с поддержкой HTTP/2, чтобы быть в мейнстриме, т.к. через непродолжительное время можно ожидать, что поддержка сервером сайта HTTP/2 будет влиять на рейтинг в поисковой выдаче, а вот на это, в отличии от нагрузки на оборудование хостеров, клиентам уже не плевать.
 

Dr_Brown

Пользователь
не фига, всеравно класс с

2017-01-23 (2).png

но кей эксчанже уже лучше по сравнению с https://torrentpier.com/forum/threads/rabota-sajte-cherez-https.41548/page-6#post-89725

Полный конфиг nginx

user www-data;worker_processes 4;
pid /var/run/nginx.pid;

events {
worker_connections 768;
# multi_accept on;
}

http {

##
# Basic Settings
##

sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;

# server_names_hash_bucket_size 64;
# server_name_in_redirect off;

include /etc/nginx/mime.types;
default_type application/octet-stream;

ssl_prefer_server_ciphers on;
ssl_session_cache shared:TLS:2m;
ssl_session_timeout 2m;

deny 89.253.246.175;
deny 193.187.76.248;
deny 212.90.32.183;
deny 188.40.49.85;
deny 91.221.70.111;
deny 109.251.160.220;
deny 91.233.216.114;
deny 213.189.197.20;
deny 46.216.245.6;
deny 93.170.146.51;
deny 194.85.205.2;
deny 86.62.111.98;
deny 128.68.65.211;
deny 89.178.17.146;
deny 89.169.93.11;
deny 93.84.14.195;
deny 84.253.100.110;
deny 94.136.40.103;
deny 117.30.148.205;
deny 208.167.255.192;
deny 91.224.126.14;
deny 176.14.61.62;
deny 24.114.93.22;
deny 91.76.145.175;
deny 37.1.14.55;
deny 108.216.58.133;
deny 108.80.158.93;
deny 64.207.128.132;
deny 144.76.172.86;
deny 91.217.197.3;
deny 176.103.50.234;
deny 54.204.27.5;
deny 185.23.21.12;
deny 188.121.47.1;
deny 64.124.14.70;
deny 104.28.7.119;
deny 46.165.228.119;
deny 37.48.65.76;
deny 71.7.85.216;
deny 69.30.179.213;
deny 106.187.41.189;
deny 49.228.58.162;

##
# Logging Settings
##

access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;

##
# Gzip Settings
##

gzip on;
gzip_disable "msie6";

gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;

##
# nginx-naxsi config
##
# Uncomment it if you installed nginx-naxsi
##

#include /etc/nginx/naxsi_core.rules;

##
# nginx-passenger config
##
# Uncomment it if you installed nginx-passenger
##

#passenger_root /usr;
#passenger_ruby /usr/bin/ruby;

##
# Virtual Host Configs
##

include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
include /usr/local/ispmgr/etc/nginx.domain;
client_max_body_size 16M;
log_format isp '$bytes_sent $request_length';
server {
server_name sovtor.org

Please Login or Register to view hidden text.


listen 91.234.34.162;
charset UTF-8;
disable_symlinks if_not_owner from=$root_path;
set $root_path /var/www/dr_brown/data/www/sovtor.org;
location ~* ^.+\.(jpg|jpeg|gif|png|svg|js|css|mp3|ogg|mpe?g|avi|zip|gz|bz2?|rar|swf)$ {
root $root_path;
access_log /var/www/nginx-logs/dr_brown isp;
access_log /var/www/httpd-logs/sovtor.org.access.log ;
error_page 404 = @fallback;
expires 30d;
}
location / {
proxy_pass

Please Login or Register to view hidden text.


proxy_redirect

Please Login or Register to view hidden text.

/;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_send_timeout 900;
proxy_read_timeout 900;
if ($http_referer ~* "storm.assa\.pro") {
return 403;
}
if ($http_referer ~* "legalcontent.com\.ua") {
return 403;
}
if ($http_referer ~* "policeweb\.net") {
return 403;
}
if ($http_referer ~* "content-watch\.ru") {
return 403;
}
if ($http_referer ~* "text\.ru") {
return 403;
}
if ($http_referer ~* "webkontrol\.ru") {
return 403;
}
if ($http_referer ~* "ruprotect\.com") {
return 403;
}
if ($http_referer ~* "karaoke-karafun.narod\.ru") {
return 403;
}
if ($http_referer ~* "infopolice\.net") {
return 403;
}
if ($http_referer ~* "dm.audiolock\.net") {
return 403;
}
if ($http_referer ~* "megaindex\.ru") {
return 403;
}
if ($http_referer ~* "rdn-team\.com") {
return 403;
}
if ($http_referer ~* "similarweb\.com") {
return 403;
}
if ($http_referer ~* "semalt\.com") {
return 403;
}
if ($http_user_agent ~* "musobot" ) {
return 403;
}
if ($http_user_agent ~* "dtecnet" ) {
return 403;
}
if ($http_referer ~* "entura.co\.uk") {
return 403;
}
if ($http_referer ~* "link-busters\.com") {
return 403;
}
if ($http_referer ~* "audiolock\.net") {
return 403;
}
if ($http_referer ~* "ripblock\.co.uk") {
return 403;
}
if ($http_referer ~* "removeyourcontent\.com") {
return 403;
}
if ($http_referer ~* "digimarc\.com") {
return 403;
}
if ($http_referer ~* "counterfeit\.technology") {
return 403;
}
if ($http_referer ~* "muso\.com") {
return 403;
}
if ($http_referer ~* "scan-web\.ru") {
return 403;
}
if ($http_referer ~* "bycontext\.com") {
return 403;
}
if ($http_referer ~* "policedunet\.com") {
return 403;
}
if ($http_referer ~* "ricomanagement\.com") {
return 403;
}
if ($http_referer ~* "byxta\.net") {
return 403;
}
if ($http_referer ~* "ip-echelon\.com") {
return 403;
}
if ($http_referer ~* "tracksaur\.com") {
return 403;
}
if ($http_referer ~* "audiolock\.net") {
return 403;
}
if ($http_referer ~* "markmonitor\.com") {
return 403;
}
if ($http_referer ~* "comeso\.de") {
return 403;
}
if ($http_referer ~* "

Please Login or Register to view hidden text.

") {
return 403;
}
if ($http_referer ~* "kreoton\.com") {
return 403;
}
if ($http_referer ~* "dmca\.pro") {
return 403;
}
}
location ~* ^/(webstat|awstats|webmail|myadmin|pgadmin)/ {
proxy_pass

Please Login or Register to view hidden text.


proxy_redirect

Please Login or Register to view hidden text.

/;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
}
location @fallback {
proxy_pass

Please Login or Register to view hidden text.


proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
}
location ^~ /webstat/ {
auth_basic "Restricted area";
auth_basic_user_file /var/www/dr_brown/data/etc/261665.passwd;
try_files $uri @fallback;
}
include /usr/local/ispmgr/etc/nginx.inc;
}
server {
server_name sovtor.com

Please Login or Register to view hidden text.


listen 91.234.34.162;
listen 91.234.34.162:443 ssl;
disable_symlinks if_not_owner from=$root_path;
set $root_path /var/www/dr_brown/data/www/sovtor.com;
location ~* ^.+\.(jpg|jpeg|gif|png|svg|js|css|mp3|ogg|mpe?g|avi|zip|gz|bz2?|rar|swf)$ {
root $root_path;
access_log /var/www/nginx-logs/dr_brown isp;
access_log /var/www/httpd-logs/sovtor.com.access.log ;
error_page 404 = @fallback;
expires 30d;
}
location / {
proxy_pass

Please Login or Register to view hidden text.


proxy_redirect

Please Login or Register to view hidden text.

/;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_send_timeout 900;
proxy_read_timeout 900;
if ($http_referer ~* "storm.assa\.pro") {
return 403;
}
if ($http_referer ~* "legalcontent.com\.ua") {
return 403;
}
if ($http_referer ~* "policeweb\.net") {
return 403;
}
if ($http_referer ~* "content-watch\.ru") {
return 403;
}
if ($http_referer ~* "text\.ru") {
return 403;
}
if ($http_referer ~* "webkontrol\.ru") {
return 403;
}
if ($http_referer ~* "ruprotect\.com") {
return 403;
}
if ($http_referer ~* "karaoke-karafun.narod\.ru") {
return 403;
}
if ($http_referer ~* "infopolice\.net") {
return 403;
}
if ($http_referer ~* "dm.audiolock\.net") {
return 403;
}
if ($http_referer ~* "megaindex\.ru") {
return 403;
}
if ($http_referer ~* "rdn-team\.com") {
return 403;
}
if ($http_referer ~* "similarweb\.com") {
return 403;
}
if ($http_referer ~* "semalt\.com") {
return 403;
}
if ($http_user_agent ~* "musobot" ) {
return 403;
}
if ($http_user_agent ~* "dtecnet" ) {
return 403;
}
if ($http_referer ~* "entura.co\.uk") {
return 403;
}
if ($http_referer ~* "link-busters\.com") {
return 403;
}
if ($http_referer ~* "audiolock\.net") {
return 403;
}
if ($http_referer ~* "ripblock\.co.uk") {
return 403;
}
if ($http_referer ~* "removeyourcontent\.com") {
return 403;
}
if ($http_referer ~* "digimarc\.com") {
return 403;
}
if ($http_referer ~* "counterfeit\.technology") {
return 403;
}
if ($http_referer ~* "muso\.com") {
return 403;
}
if ($http_referer ~* "scan-web\.ru") {
return 403;
}
if ($http_referer ~* "bycontext\.com") {
return 403;
}
if ($http_referer ~* "policedunet\.com") {
return 403;
}
if ($http_referer ~* "ricomanagement\.com") {
return 403;
}
if ($http_referer ~* "byxta\.net") {
return 403;
}
if ($http_referer ~* "ip-echelon\.com") {
return 403;
}
if ($http_referer ~* "tracksaur\.com") {
return 403;
}
if ($http_referer ~* "audiolock\.net") {
return 403;
}
if ($http_referer ~* "markmonitor\.com") {
return 403;
}
if ($http_referer ~* "comeso\.de") {
return 403;
}
if ($http_referer ~* "

Please Login or Register to view hidden text.

") {
return 403;
}
if ($http_referer ~* "kreoton\.com") {
return 403;
}
if ($http_referer ~* "dmca\.pro") {
return 403;
}
}
location ~* ^/(webstat|awstats|webmail|myadmin|pgadmin)/ {
proxy_pass

Please Login or Register to view hidden text.


proxy_redirect

Please Login or Register to view hidden text.

/;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
}
location @fallback {
proxy_pass

Please Login or Register to view hidden text.


proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
}
location ^~ /webstat/ {
auth_basic "Restricted area";
auth_basic_user_file /var/www/dr_brown/data/etc/784856.passwd;
try_files $uri @fallback;
}
include /usr/local/ispmgr/etc/nginx.inc;
ssl_certificate /var/www/httpd-cert/dr_brown/sovtorcom1.chained.crt;
ssl_certificate_key /var/www/httpd-cert/dr_brown/sovtorcom1.key;
ssl_dhparam /var/www/httpd-cert/dr_brown/dh2048.pem;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA;
add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains';
}
server {
server_name redfilm.org

Please Login or Register to view hidden text.


listen 91.234.34.145;
charset UTF-8;
disable_symlinks if_not_owner from=$root_path;
set $root_path /var/www/dr_brown/data/www/redfilm.org;
location ~* ^.+\.(jpg|jpeg|gif|png|svg|js|css|mp3|ogg|mpe?g|avi|zip|gz|bz2?|rar|swf)$ {
root $root_path;
access_log /var/www/nginx-logs/dr_brown isp;
access_log /var/www/httpd-logs/redfilm.org.access.log ;
error_page 404 = @fallback;
expires 30d;
}
location / {
proxy_pass

Please Login or Register to view hidden text.


proxy_redirect

Please Login or Register to view hidden text.

/;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
if ($http_referer ~* "storm.assa\.pro") {
return 403;
}
if ($http_referer ~* "legalcontent.com\.ua") {
return 403;
}
if ($http_referer ~* "policeweb\.net") {
return 403;
}
if ($http_referer ~* "content-watch\.ru") {
return 403;
}
if ($http_referer ~* "text\.ru") {
return 403;
}
if ($http_referer ~* "webkontrol\.ru") {
return 403;
}
if ($http_referer ~* "ruprotect\.com") {
return 403;
}
if ($http_referer ~* "karaoke-karafun.narod\.ru") {
return 403;
}
if ($http_referer ~* "infopolice\.net") {
return 403;
}
if ($http_referer ~* "dm.audiolock\.net") {
return 403;
}
if ($http_referer ~* "megaindex\.ru") {
return 403;
}
if ($http_referer ~* "rdn-team\.com") {
return 403;
}
if ($http_referer ~* "similarweb\.com") {
return 403;
}
if ($http_referer ~* "semalt\.com") {
return 403;
}
if ($http_user_agent ~* "musobot" ) {
return 403;
}
if ($http_user_agent ~* "dtecnet" ) {
return 403;
}
if ($http_referer ~* "entura.co\.uk") {
return 403;
}
if ($http_referer ~* "link-busters\.com") {
return 403;
}
if ($http_referer ~* "audiolock\.net") {
return 403;
}
if ($http_referer ~* "ripblock\.co.uk") {
return 403;
}
if ($http_referer ~* "removeyourcontent\.com") {
return 403;
}
if ($http_referer ~* "digimarc\.com") {
return 403;
}
if ($http_referer ~* "counterfeit\.technology") {
return 403;
}
if ($http_referer ~* "muso\.com") {
return 403;
}
if ($http_referer ~* "scan-web\.ru") {
return 403;
}
if ($http_referer ~* "bycontext\.com") {
return 403;
}
if ($http_referer ~* "policedunet\.com") {
return 403;
}
if ($http_referer ~* "ricomanagement\.com") {
return 403;
}
if ($http_referer ~* "byxta\.net") {
return 403;
}
if ($http_referer ~* "ip-echelon\.com") {
return 403;
}
if ($http_referer ~* "tracksaur\.com") {
return 403;
}
if ($http_referer ~* "audiolock\.net") {
return 403;
}
if ($http_referer ~* "markmonitor\.com") {
return 403;
}
if ($http_referer ~* "comeso\.de") {
return 403;
}
if ($http_referer ~* "kreoton\.com") {
return 403;
}
if ($http_referer ~* "dmca\.pro") {
return 403;
}
}
location ~* ^/(webstat|awstats|webmail|myadmin|pgadmin)/ {
proxy_pass

Please Login or Register to view hidden text.


proxy_redirect

Please Login or Register to view hidden text.

/;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
}
location @fallback {
proxy_pass

Please Login or Register to view hidden text.


proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
}
location ^~ /webstat/ {
auth_basic "Restricted area";
auth_basic_user_file /var/www/dr_brown/data/etc/651522.passwd;
try_files $uri @fallback;
}
include /usr/local/ispmgr/etc/nginx.inc;
}
server {
server_name 91.234.34.145

Please Login or Register to view hidden text.


listen 91.234.34.145;
disable_symlinks if_not_owner from=$root_path;
set $root_path /var/www/dr_brown/data/www/91.234.34.145;
location ~* ^.+\.(jpg|jpeg|gif|png|svg|js|css|mp3|ogg|mpe?g|avi|zip|gz|bz2?|rar|swf)$ {
root $root_path;
access_log /var/www/nginx-logs/dr_brown isp;
error_page 404 = @fallback;
error_page 403 = @fallback;
deny all;
}
location / {
proxy_pass

Please Login or Register to view hidden text.


proxy_redirect

Please Login or Register to view hidden text.

/;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
deny all;
error_page 403 = @fallback;
}
location ~* ^/(webstat|awstats|webmail|myadmin|pgadmin)/ {
proxy_pass

Please Login or Register to view hidden text.


proxy_redirect

Please Login or Register to view hidden text.

/;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
deny all;
error_page 403 = @fallback;
}
location @fallback {
proxy_pass

Please Login or Register to view hidden text.


proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
}
location ^~ /webstat/ {
auth_basic "Restricted area";
auth_basic_user_file /var/www/dr_brown/data/etc/653186.passwd;
try_files $uri @fallback;
deny all;
error_page 403 = @fallback;
}
include /usr/local/ispmgr/etc/nginx.inc;
}
server {
server_name 91.234.34.162

Please Login or Register to view hidden text.


listen 91.234.34.162;
charset UTF-8;
disable_symlinks if_not_owner from=$root_path;
set $root_path /var/www/dr_brown/data/www/91.234.34.162;
location ~* ^.+\.(jpg|jpeg|gif|png|svg|js|css|mp3|ogg|mpe?g|avi|zip|gz|bz2?|rar|swf)$ {
root $root_path;
access_log /var/www/nginx-logs/dr_brown isp;
error_page 404 = @fallback;
error_page 403 = @fallback;
deny all;
}
location / {
proxy_pass

Please Login or Register to view hidden text.


proxy_redirect

Please Login or Register to view hidden text.

/;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
deny all;
error_page 403 = @fallback;
}
location ~* ^/(webstat|awstats|webmail|myadmin|pgadmin)/ {
proxy_pass

Please Login or Register to view hidden text.


proxy_redirect

Please Login or Register to view hidden text.

/;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
deny all;
error_page 403 = @fallback;
}
location @fallback {
proxy_pass

Please Login or Register to view hidden text.


proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
}
location ^~ /webstat/ {
auth_basic "Restricted area";
auth_basic_user_file /var/www/dr_brown/data/etc/653175.passwd;
try_files $uri @fallback;
deny all;
error_page 403 = @fallback;
}
include /usr/local/ispmgr/etc/nginx.inc;
}
}


#mail {
# # See sample authentication script at:
# #

Please Login or Register to view hidden text.


#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}

 
Последнее редактирование:

Kryl

Заблокирован
Обратите внимание, если вы хотите заключить сделку с этим пользователем, что он заблокирован.
Dr_Brown
так ты ни чего и не добавил . ...
замени
PHP:
server {
server_name sovtor.com www.sovtor.com;
listen 91.234.34.162;
listen 91.234.34.162:443 ssl;
disable_symlinks if_not_owner from=$root_path;
set $root_path /var/www/dr_brown/data/www/sovtor.com;
location ~* ^.+\.(jpg|jpeg|gif|png|svg|js|css|mp3|ogg|mpe?g|avi|zip|gz|bz2?|rar|swf)$ {
root $root_path;
access_log /var/www/nginx-logs/dr_brown isp;
access_log /var/www/httpd-logs/sovtor.com.access.log ;
error_page 404 = @fallback;
expires 30d;
}

на

PHP:
server {
server_name sovtor.com www.sovtor.com;
listen 91.234.34.162;
listen 443 ssl spdy;
server_name sovtor.com;
 resolver 127.0.0.1;
 ssl_stapling on;
 ssl on;
 ssl_certificate /etc/pki/nginx/sovtor.com.pem;  /*(указать свой путь)*/
 ssl_certificate_key /etc/pki/nginx/sovtor.com.clean.key; /*(указать свой путь)*/
 ssl_dhparam /etc/pki/nginx/dhparam.pem; /*(указать свой путь)*/
 ssl_session_timeout 24h;
 ssl_session_cache shared:SSL:2m;
 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 ssl_ciphers kEECDH+AES128:kEECDH:kEDH:-3DES:kRSA+AES128:kEDH+3DES:DES-CBC3-SHA:!RC4:!aNULL:!eNULL:!MD5:!EXPORT:!LOW:!SEED:!CAMELLIA:!IDEA:!PSK:!SRP:!SSLv2;
    ssl_prefer_server_ciphers on;
    add_header Strict-Transport-Security "max-age=31536000;";
    add_header Content-Security-Policy-Report-Only "default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report";
disable_symlinks if_not_owner from=$root_path;
set $root_path /var/www/dr_brown/data/www/sovtor.com;
location ~* ^.+\.(jpg|jpeg|gif|png|svg|js|css|mp3|ogg|mpe?g|avi|zip|gz|bz2?|rar|swf)$ {
root $root_path;
access_log /var/www/nginx-logs/dr_brown isp;
access_log /var/www/httpd-logs/sovtor.com.access.log ;
error_page 404 = @fallback;
expires 30d;
}
 
Последнее редактирование модератором:

Dr_Brown

Пользователь
у меня это файла нет

ssl_dhparam ................. dhparam.pem;

я его генерировал по инструкции

openssl dhparam -out /etc/ssl/dh2048.pem 2048
 

Dr_Brown

Пользователь
у меня всеравно класс С. Нужно отключать на сервере SSL3. Буду разбираться.
2017-01-23 (3).png

красным выделено, вот статья


Please Login or Register to view hidden text.

 

Dr_Brown

Пользователь
БЛЯ почему nginx не понимает

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

не отклбючается у меня sslV3

все зае-ло, пусть будет С
 

vitalix

Пользователь
БЛЯ почему nginx не понимает

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

не отклбючается у меня sslV3

все зае-ло, пусть будет С
:ROFLMAO:
ты бы рекламу или что там у тебя, убрал бы, на которую яндекс орёт. - чем ssl мучаешь.

5a1367c50c97db8b74074dd540f8f73c.png
 
Сверху