SSL best practices for nginx
This commit is contained in:
		
							parent
							
								
									ccb6a658fd
								
							
						
					
					
						commit
						fa7b74cf51
					
				
					 1 changed files with 12 additions and 0 deletions
				
			
		|  | @ -11,10 +11,22 @@ map $http_upgrade $connection_upgrade { | ||||||
|   ''      close; |   ''      close; | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
|  | server { | ||||||
|  |   listen 80; | ||||||
|  |   listen [::]:80; | ||||||
|  |   server_name example.com; | ||||||
|  |   return 301 https://$host$request_uri; | ||||||
|  | } | ||||||
|  | 
 | ||||||
| server { | server { | ||||||
|   listen 443 ssl; |   listen 443 ssl; | ||||||
|   server_name example.com; |   server_name example.com; | ||||||
| 
 | 
 | ||||||
|  |   ssl_protocols TLSv1.2; | ||||||
|  |   ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; | ||||||
|  |   ssl_prefer_server_ciphers on; | ||||||
|  |   ssl_session_cache shared:SSL:10m; | ||||||
|  | 
 | ||||||
|   ssl_certificate     /etc/letsencrypt/live/example.com/fullchain.pem; |   ssl_certificate     /etc/letsencrypt/live/example.com/fullchain.pem; | ||||||
|   ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; |   ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; | ||||||
| 
 | 
 | ||||||
|  |  | ||||||
		Loading…
	
	Add table
		
		Reference in a new issue