| # This should be put in ngxpagespeed.com:/usr/local/nginx/conf/ |
| # |
| # To hook this up, replace ngxpagespeed.com:/usr/local/nginx/conf/nginx.conf |
| # with just: |
| # include ngxpagespeed-com.conf; |
| # |
| # You also need to set up a systemd config file. Copy nginx.service to |
| # ngxpagespeed.com:/lib/systemd/system/nginx.service |
| |
| worker_processes auto; |
| |
| error_log logs/error.log; |
| |
| events { |
| worker_connections 1024; |
| } |
| |
| |
| http { |
| include mime.types; |
| default_type application/octet-stream; |
| |
| sendfile on; |
| |
| keepalive_timeout 65; |
| |
| gzip on; |
| gzip_vary on; |
| |
| # Turn on gzip for all content types that should benefit from it. |
| gzip_types application/ecmascript; |
| gzip_types application/javascript; |
| gzip_types application/json; |
| gzip_types application/pdf; |
| gzip_types application/postscript; |
| gzip_types application/x-javascript; |
| gzip_types image/svg+xml; |
| gzip_types text/css; |
| gzip_types text/csv; |
| # "gzip_types text/html" is assumed. |
| gzip_types text/javascript; |
| gzip_types text/plain; |
| gzip_types text/xml; |
| |
| gzip_http_version 1.0; |
| |
| # Turn on the admin pages. We need to do this here because GlobalAdmin can |
| # only be set at global (process) scope. |
| # |
| # These are intentionally left globally readable, for demonstration |
| # purposes. |
| pagespeed AdminPath /pagespeed_admin; |
| pagespeed GlobalAdminPath /pagespeed_global_admin; |
| |
| pagespeed FileCachePath /var/ngx_pagespeed_cache; |
| |
| server { |
| listen 80; |
| location / { |
| deny all; |
| } |
| } |
| |
| server { |
| listen 80; |
| server_name ngxpagespeed.com www.ngxpagespeed.com; |
| return 301 https://ngxpagespeed.com$request_uri; |
| } |
| |
| server { |
| listen 80; |
| server_name ping.ngxpagespeed.com; |
| root ping; |
| index index.html; |
| |
| add_header "Cache-Control" "public, max-age=600"; |
| } |
| |
| server { |
| listen 443; |
| server_name ngxpagespeed.com www.ngxpagespeed.com; |
| |
| location / { |
| root html; |
| index index.html index.htm; |
| } |
| |
| location /install { |
| rewrite ^/.* https://raw.githubusercontent.com/pagespeed/ngx_pagespeed/master/scripts/build_ngx_pagespeed.sh; |
| } |
| |
| pagespeed on; |
| |
| # Ensure requests for pagespeed optimized resources go to the pagespeed |
| # handler and no extraneous headers get set. |
| location ~ "\.pagespeed\.([a-z]\.)?[a-z]{2}\.[^.]{10}\.[^.]+" { |
| add_header "" ""; |
| } |
| location ~ "^/pagespeed_static/" { } |
| location ~ "^/ngx_pagespeed_beacon$" { } |
| |
| pagespeed Library 43 1o978_K0_LNE5_ystNklf https://www.modpagespeed.com/rewrite_javascript.js; |
| |
| # To demo insert_ga we need to specify a Google Analytics ID. |
| pagespeed AnalyticsID UA-32429239-2; |
| pagespeed EnableFilters insert_ga; |
| |
| pagespeed RetainComment " google_ad_section*"; |
| |
| pagespeed MapProxyDomain https://ngxpagespeed.com/pss_images |
| https://ref.pssdemos.com/filter/images; |
| |
| # redirect server error pages to the static page /50x.html |
| error_page 500 502 503 504 /50x.html; |
| location = /50x.html { |
| root html; |
| } |
| |
| # Generated from |
| # https://mozilla.github.io/server-side-tls/ssl-config-generator/ with |
| # "intermediate" settings. Oldest compatible clients: |
| # Firefox 1, Chrome 1, IE 7, Opera 5, Safari 1, Windows XP IE8, |
| # Android 2.3, Java 7 |
| # Can't choose "modern" settings if we want to keep IE before 11. |
| # |
| ssl on; |
| ssl_certificate modpagespeed.com.crt; |
| ssl_certificate_key modpagespeed.com.key; |
| |
| ssl_session_timeout 1d; |
| ssl_session_cache shared:SSL:50m; |
| ssl_session_tickets off; |
| |
| # Diffie-Hellman parameter for DHE ciphersuites. To generate: |
| # openssl dhparam -out dhparam.pem 4096 |
| # sudo mv dhparam.pem /usr/local/nginx/conf/ |
| ssl_dhparam dhparam.pem; |
| |
| ssl_protocols TLSv1 TLSv1.1 TLSv1.2; |
| ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS'; |
| ssl_prefer_server_ciphers on; |
| |
| # HSTS (6 months) |
| add_header Strict-Transport-Security max-age=15768000; |
| |
| # Skipped OSCP Stapling. |
| } |
| } |