| your setup is pretty bad (performance and security), here comes why: 1. combine all listen 80 - serverblocks into one, and then return 301 https://$host$request_uri;
instead of rewrite, it is faster
and you can skip the if (scheme) - part, because if is evil
http://wiki.nginx.org/IfIsEvil 2. where are your ciphers? they are bad anyway and doesnt seem to be the defaults, and RC4 as preferred ciphers, phew! 3. you are vulnerable to the latest CCS-vuln
https://8ack.de/scan/result/sslvulns/71ba019e9d4bf25fd422ab0... 4. you use an quite old nginx-version; debian? you should use a newer one that supports SPDY (faster loading for all those images) 5. OH NOES .... https://wbsrch.com/admin/ rule nr. 1: never expose admin/backend-logins to the interwebs 6. no HSTS 7. you support TLS 1.2., but no PFS, is there a reason for this? otherwise, this is a bad decision
https://www.ssllabs.com/ssltest/analyze.html?d=wbsrch.com 8. define STATIC - resouces with django; advantage: you dont have to try_files and can skip the regex-location for static content
https://docs.djangoproject.com/en/dev/howto/static-files/ 9. why did you turned off ssl_session_cache???
https://www.mare-system.de/guide-to-nginx-ssl-spdy-hsts/#opt... 10. use proxy_cache for / 11. turn off server_tokens
e3c4676d14a8ddd07d140f6d3e771ae8994ff5f4a159ba70fa5f5a9eaf026ada9a9f61021ef5ec27466718573c8a73621d119c385eb284fe322eaefaff2d1b42 more on nginx + ssl: https://www.mare-system.de/guide-to-nginx-ssl-spdy-hsts/ |
btw, where are your cipher_suites from?