install/ngxpagespeed-com.conf - incubator-pagespeed-ngx - Git at Google

 # This should be put in ngxpagespeed.com:/usr/local/nginx/conf/
 #
 # To hook this up, replace ngxpagespeed.com:/usr/local/nginx/conf/nginx.conf
 # with just:
 #  include ngxpagespeed-com.conf;
 #
 # You also need to set up a systemd config file.  Copy nginx.service to
 # ngxpagespeed.com:/lib/systemd/system/nginx.service

 worker_processes  auto;

 error_log  logs/error.log;

 events {
     worker_connections  1024;
 }


 http {
     include       mime.types;
     default_type  application/octet-stream;

     sendfile        on;

     keepalive_timeout  65;

     gzip on;
     gzip_vary on;

     # Turn on gzip for all content types that should benefit from it.
     gzip_types application/ecmascript;
     gzip_types application/javascript;
     gzip_types application/json;
     gzip_types application/pdf;
     gzip_types application/postscript;
     gzip_types application/x-javascript;
     gzip_types image/svg+xml;
     gzip_types text/css;
     gzip_types text/csv;
     # "gzip_types text/html" is assumed.
     gzip_types text/javascript;
     gzip_types text/plain;
     gzip_types text/xml;

     gzip_http_version 1.0;

     # Turn on the admin pages.  We need to do this here because GlobalAdmin can
     # only be set at global (process) scope.
     #
     # These are intentionally left globally readable, for demonstration
     # purposes.
     pagespeed AdminPath /pagespeed_admin;
     pagespeed GlobalAdminPath /pagespeed_global_admin;

     pagespeed FileCachePath /var/ngx_pagespeed_cache;

     server {
         listen 80;
         location / {
           deny all;
         }
     }

     server {
         listen 80;
         server_name ngxpagespeed.com www.ngxpagespeed.com;
         return 301 https://ngxpagespeed.com$request_uri;
     }

     server {
         listen 80;
         server_name ping.ngxpagespeed.com;
         root ping;
         index index.html;

         add_header "Cache-Control" "public, max-age=600";
     }

     server {
         listen 443;
         server_name ngxpagespeed.com www.ngxpagespeed.com;

         location / {
             root   html;
             index  index.html index.htm;
         }

         location /install {
             rewrite ^/.* https://raw.githubusercontent.com/pagespeed/ngx_pagespeed/master/scripts/build_ngx_pagespeed.sh;
         }

         pagespeed on;

         # Ensure requests for pagespeed optimized resources go to the pagespeed
         # handler and no extraneous headers get set.
         location ~ "\.pagespeed\.([a-z]\.)?[a-z]{2}\.[^.]{10}\.[^.]+" {
           add_header "" "";
         }
         location ~ "^/pagespeed_static/" { }
         location ~ "^/ngx_pagespeed_beacon$" { }

         pagespeed Library 43 1o978_K0_LNE5_ystNklf https://www.modpagespeed.com/rewrite_javascript.js;

         # To demo insert_ga we need to specify a Google Analytics ID.
         pagespeed AnalyticsID UA-32429239-2;
         pagespeed EnableFilters insert_ga;

         pagespeed RetainComment " google_ad_section*";

         pagespeed MapProxyDomain https://ngxpagespeed.com/pss_images
                                  https://ref.pssdemos.com/filter/images;

         # redirect server error pages to the static page /50x.html
         error_page   500 502 503 504  /50x.html;
         location = /50x.html {
             root   html;
         }

         # Generated from
         # https://mozilla.github.io/server-side-tls/ssl-config-generator/ with
         # "intermediate" settings.  Oldest compatible clients:
         #     Firefox 1, Chrome 1, IE 7, Opera 5, Safari 1, Windows XP IE8,
         #     Android 2.3, Java 7
         # Can't choose "modern" settings if we want to keep IE before 11.
         #
         ssl on;
         ssl_certificate modpagespeed.com.crt;
         ssl_certificate_key modpagespeed.com.key;

         ssl_session_timeout 1d;
         ssl_session_cache shared:SSL:50m;
         ssl_session_tickets off;

         # Diffie-Hellman parameter for DHE ciphersuites.  To generate:
         #   openssl dhparam -out dhparam.pem 4096
         #   sudo mv dhparam.pem /usr/local/nginx/conf/
         ssl_dhparam dhparam.pem;

         ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
         ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
         ssl_prefer_server_ciphers on;

         # HSTS (6 months)
         add_header Strict-Transport-Security max-age=15768000;

         # Skipped OSCP Stapling.
     }
 }
	# This should be put in ngxpagespeed.com:/usr/local/nginx/conf/
	#
	# To hook this up, replace ngxpagespeed.com:/usr/local/nginx/conf/nginx.conf
	# with just:
	# include ngxpagespeed-com.conf;
	#
	# You also need to set up a systemd config file. Copy nginx.service to
	# ngxpagespeed.com:/lib/systemd/system/nginx.service

	worker_processes auto;

	error_log logs/error.log;

	events {
	worker_connections 1024;
	}


	http {
	include mime.types;
	default_type application/octet-stream;

	sendfile on;

	keepalive_timeout 65;

	gzip on;
	gzip_vary on;

	# Turn on gzip for all content types that should benefit from it.
	gzip_types application/ecmascript;
	gzip_types application/javascript;
	gzip_types application/json;
	gzip_types application/pdf;
	gzip_types application/postscript;
	gzip_types application/x-javascript;
	gzip_types image/svg+xml;
	gzip_types text/css;
	gzip_types text/csv;
	# "gzip_types text/html" is assumed.
	gzip_types text/javascript;
	gzip_types text/plain;
	gzip_types text/xml;

	gzip_http_version 1.0;

	# Turn on the admin pages. We need to do this here because GlobalAdmin can
	# only be set at global (process) scope.
	#
	# These are intentionally left globally readable, for demonstration
	# purposes.
	pagespeed AdminPath /pagespeed_admin;
	pagespeed GlobalAdminPath /pagespeed_global_admin;

	pagespeed FileCachePath /var/ngx_pagespeed_cache;

	server {
	listen 80;
	location / {
	deny all;
	}
	}

	server {
	listen 80;
	server_name ngxpagespeed.com www.ngxpagespeed.com;
	return 301 https://ngxpagespeed.com$request_uri;
	}

	server {
	listen 80;
	server_name ping.ngxpagespeed.com;
	root ping;
	index index.html;

	add_header "Cache-Control" "public, max-age=600";
	}

	server {
	listen 443;
	server_name ngxpagespeed.com www.ngxpagespeed.com;

	location / {
	root html;
	index index.html index.htm;
	}

	location /install {
	rewrite ^/.* https://raw.githubusercontent.com/pagespeed/ngx_pagespeed/master/scripts/build_ngx_pagespeed.sh;
	}

	pagespeed on;

	# Ensure requests for pagespeed optimized resources go to the pagespeed
	# handler and no extraneous headers get set.
	location ~ "\.pagespeed\.([a-z]\.)?[a-z]{2}\.[^.]{10}\.[^.]+" {
	add_header "" "";
	}
	location ~ "^/pagespeed_static/" { }
	location ~ "^/ngx_pagespeed_beacon$" { }

	pagespeed Library 43 1o978_K0_LNE5_ystNklf https://www.modpagespeed.com/rewrite_javascript.js;

	# To demo insert_ga we need to specify a Google Analytics ID.
	pagespeed AnalyticsID UA-32429239-2;
	pagespeed EnableFilters insert_ga;

	pagespeed RetainComment " google_ad_section*";

	pagespeed MapProxyDomain https://ngxpagespeed.com/pss_images
	https://ref.pssdemos.com/filter/images;

	# redirect server error pages to the static page /50x.html
	error_page 500 502 503 504 /50x.html;
	location = /50x.html {
	root html;
	}

	# Generated from
	# https://mozilla.github.io/server-side-tls/ssl-config-generator/ with
	# "intermediate" settings. Oldest compatible clients:
	# Firefox 1, Chrome 1, IE 7, Opera 5, Safari 1, Windows XP IE8,
	# Android 2.3, Java 7
	# Can't choose "modern" settings if we want to keep IE before 11.
	#
	ssl on;
	ssl_certificate modpagespeed.com.crt;
	ssl_certificate_key modpagespeed.com.key;

	ssl_session_timeout 1d;
	ssl_session_cache shared:SSL:50m;
	ssl_session_tickets off;

	# Diffie-Hellman parameter for DHE ciphersuites. To generate:
	# openssl dhparam -out dhparam.pem 4096
	# sudo mv dhparam.pem /usr/local/nginx/conf/
	ssl_dhparam dhparam.pem;

	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
	ssl_prefer_server_ciphers on;

	# HSTS (6 months)
	add_header Strict-Transport-Security max-age=15768000;

	# Skipped OSCP Stapling.
	}
	}