Some nginx cleanup

configs/nginx/nginx.conf

@@ -2,7 +2,7 @@
 # This is an example of a high security, somewhat compatible TLSv1
 # enabled HTTPS proxy server. The server only allows modes that provide perfect
 # forward secrecy; no other modes are offered. Anonymous cipher modes are
-# disabled.  This configuation does not include the HSTS header to ensure that
+# disabled.  This configuation includes the HSTS header to ensure that
 # users do not accidentally connect to an insecure HTTP service after their
 # first visit. This configuration will automatically redirect all traffic on
 # TCP port 80 to TCP port 443. All traffic requested will be redirected through
@@ -46,45 +46,45 @@ http {
     proxy_cache_path                /var/cache/nginx/cached levels=2:2
     keys_zone=global:64m inactive=60m max_size=1G;
 
-server {
-    listen 1.2.3.4:80;
-    return 301 https://$host$request_uri;
-}
-server {
-    listen 1.2.3.4:443 default ssl;
-    ssl_certificate      /etc/nginx/example.com.crt;
-    ssl_certificate_key  /etc/nginx/example.com.key;
-    ssl_prefer_server_ciphers on;
-    ssl_session_cache shared:SSL:10m;
-    ssl_session_timeout 10m;
+    server {
+        listen 1.2.3.4:80;
+        return 301 https://$host$request_uri;
+    }
 
-    # Only strong ciphers in PFS mode
-    ssl_ciphers ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA;
-    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+    server {
+        listen 1.2.3.4:443 default ssl;
+        ssl_certificate      /etc/nginx/example.com.crt;
+        ssl_certificate_key  /etc/nginx/example.com.key;
+        ssl_prefer_server_ciphers on;
+        ssl_session_cache shared:SSL:10m;
+        ssl_session_timeout 10m;
 
-    # For ssl client certificates, edit ssl_client_certificate
-    # (specifies a file containing permissable CAs) and uncomment the
-    # following:
-    #ssl_verify_client optional;
-    #ssl_client_certificate /etc/ssl/ca.crt
+        # Only strong ciphers in PFS mode
+        ssl_ciphers ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA;
+        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 
-    server_name  example.com;
-    location / {
-        # Uncomment to route requests through Tor.
-        # proxy_pass  http://127.0.0.1:8118;
-        # proxy_set_header Host $server_id.onion;
-        # proxy_read_timeout 2000;
-
-        if ($host ~* (.*).example.com) {
-            set $server_id $1;
-        }
-        # 31536000 == 1 year
-        add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
-        add_header X-Frame-Options DENY;
-    proxy_cache global;
-    proxy_cache_valid  any 1h;
-    proxy_cache_use_stale updating;
+        # For ssl client certificates, edit ssl_client_certificate
+        # (specifies a file containing permissable CAs) and uncomment the
+        # following:
+        #ssl_verify_client optional;
+        #ssl_client_certificate /etc/ssl/ca.crt
 
+        server_name  example.com;
+        location / {
+            # Uncomment to route requests through Tor.
+            # proxy_pass  http://127.0.0.1:8118;
+            # proxy_set_header Host $server_id.onion;
+            # proxy_read_timeout 2000;
+
+            if ($host ~* (.*).example.com) {
+                set $server_id $1;
+            }
+            # 31536000 == 1 year
+            add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
+            add_header X-Frame-Options DENY;
+            proxy_cache global;
+            proxy_cache_valid  any 1h;
+            proxy_cache_use_stale updating;
+        }
     }
 }
-}