worker_processes 1; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65; gzip on; server { listen 80; server_name backup.k2patel.in; return 302 https://backup.k2patel.in$request_uri; } server { listen 443 ssl http2; server_name backup.k2patel.in; ssl on; ssl_certificate /etc/pki/tls/certs/k2patel.in.crt; ssl_certificate_key /etc/pki/tls/private/k2patel.in.key; ssl_trusted_certificate /etc/pki/tls/certs/k2patel.in.int.ca; # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months) add_header Strict-Transport-Security max-age=63072000; # OCSP Stapling --- # fetch OCSP records from URL in ssl_certificate and cache them ssl_stapling on; ssl_stapling_verify off; # modern configuration. tweak to your needs. ssl_protocols TLSv1.2; ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256'; ssl_prefer_server_ciphers on; ssl_session_timeout 1d; ssl_session_cache shared:SSL:50m; ssl_session_tickets off; add_header Strict-Transport-Security max-age=63072000; add_header X-Frame-Options DENY; add_header X-Content-Type-Options nosniff; error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html; } access_log /var/log/nginx/backuppc.access.log; error_log /var/log/nginx/backuppc.error.log; location / { auth_basic "Backup"; auth_basic_user_file /usr/local/etc/nginx/backuppc.users; root /usr/share/BackupPC/html; return 302 http://backup.k2patel.in/cgi-bin/BackupPC_Admin; index BackupPC.html; } location /BackupPC { alias /usr/share/BackupPC/html; index BackupPC.html; } #location ~\.cgi$ { location ~ ^/cgi-bin/BackupPC_Admin(/|$) { auth_basic "Backup"; auth_basic_user_file /etc/nginx/backuppc.users; gzip off; include /etc/nginx/fastcgi_params; fastcgi_pass localhost:8999; fastcgi_param REMOTE_ADDR $remote_addr; fastcgi_param REMOTE_USER $remote_user; fastcgi_param SCRIPT_FILENAME /usr/share/BackupPC/sbin/BackupPC_Admin; } location ~ /\.ht { deny all; } } }